How Secure Is My Practice Management Software?


Editor’s note — this article is an extract from the upcoming second edition of David Harris’ book Dental Embezzlement; The Art of Theft and the Science of Control, expected to be available early in 2021.


A couple of the most frequently asked questions by doctors regarding practice management software are:

  • Is there a brand of practice management software that is better at protecting a doctor against embezzlement?
  • What is the most secure software?

This is like asking if one hammer is safer to use than another. All hammers have the potential to be safe if used properly, and the potential to cause grievous harm if they are not.

How is Practice Management Software Built?

Let’s start by looking at your software in a way that is slightly different than what you are accustomed to.  Your practice management software really consists of two parts.  There is a relational database that contains “data tables” that contain all the information on your practice.  Data tables include patient master information such as name, address and phone number, as well as treatment records, receivables balances and so on.  The database programming languages used are commercial programs made by big companies like Microsoft and Oracle and licensed to the company that makes your practice management software.  The most common database language used in practice management software is called SQL, which stands for Structured Query Language.

The second part of practice management software is an interface, or “front end” that allows you and your staff to interact with the database in an organized and hopefully user-friendly fashion.

Data Integrity

I think that what is sometimes behind this question is fear on the part of the dentist posing the question that a clever staff member could somehow bypass the front end of the software and directly make edits to the database, or can edit the audit trail to erase evidence of wrongdoing. 

I’ll put your mind at ease on this one.  Reading information from the database without using the practice management software’s interface isn’t terribly hard for someone with a computer science background and some database skills.  This is something that we do on a fairly regular basis in the course of our investigations.

However, editing the data in the data tables is a much more difficult undertaking. Without dragging you into a lot of detail about database architecture and checksums, I can tell you that doing this is very difficult in any modern practice management software.  The end result of someone trying is likely that, the next time someone tries to start your software, it will report a database error and will require some resuscitation to run. 

I’m not saying that editing your data in some other way than using the interface can’t be done, but this would take someone with PhD-level computer knowledge.

If the Integrity of the Database is Secure, Where Does the Danger Come From?

You’ve heard the saying from gun advocates that “guns don’t kill people; people do.”  I’ll say the same thing here.  Most embezzlement takes place not because of inherent weaknesses in practice management software, but because human practice owners fail to apply sufficient supervision and common sense to their practice management software.

Unfortunately, there is no such thing as embezzlement-proof software. All practice management software is designed with built-in safeguards, but then most practice owners neutralize many of the security features.  There is always an inherent tradeoff between controls and efficiency.

For example, it is possible to set up practice management software so that the practice owner is the only person permitted to authorize credit adjustments to be made to patient accounts. While, in theory, this is safer than allowing staff members to make adjustments without the doctor’s approval, it is operationally cumbersome to have staff continuously interrupting the doctor when transactions need to be authorized. Most offices find the safest options unwieldy and end up deliberately bypassing some of the built-in safety features of their software for the sake of convenience.

Maddeningly, when new practice management software is installed, typically, the default setup disables many of the security features available, and to enable these features requires specific action on the part of the practice. The reason that the companies that make the software take this approach is understandable; with unfamiliar practice management software, higher security settings inevitably prompt more calls to the software’s support line. When someone new to a particular software discovers that something that they are trying to do is blocked, the next step usually is to call the software’s technical support to ask for help. To reduce user frustration and manage support costs, software companies normally turn off many security features in the default setup.

So let’s start treating our practice management software as the vital repository of data that it is. Having that mindset will offer far more protection than any built-in security feature in software.

How Big Is The Embezzlement Problem?

We are featuring some excerpts from the upcoming second edition of David Harris’ book Dental Embezzlement; the Art of Theft and the Science of Control.


Embezzlement has been around since the beginning of recorded history. The Code of Hammurabi, the law code of the Mesopotameans, is most famous for its “an eye for an eye” provision, but also specifically addressed embezzlement, as did the legal code for Ancient Egypt.

The earliest record that I can find of embezzlement in a dental practice was in 1857 (which, by the way, also involved a murder). When you consider that the world’s first dental college, the Baltimore College of Dental Surgery, admitted its first class in 1840, it didn’t take long for this problem to emerge.

Former Federal Reserve Chairman Alan Greenspan said this about embezzlement:
“Corruption, embezzlement, fraud, these are all characteristics that exist everywhere. It is regrettably the way human nature functions, whether we like it or not… No one has ever eliminated any of that stuff.”
While measurement issues make the answer to the question of prevalence in dentistry somewhat elusive, a comparison of surveys taken of dentists over time shows that the problem is growing.

The most recent broadly-based survey of embezzlement was performed by the American Dental Association’s Center for Dental Practice, which was published in 2019. In this survey, 19,991 dentists were polled, and the astonishing result was that 48.64% of those who responded confirmed that they had been victims of embezzlement.

It didn’t stop there. As can be seen from the graph below, almost half of the dentists who reported being embezzled disclosed that they had been victims more than once, with 9% of respondents confirming that they had been victimized four or more times.

If we simply multiply the number of dentists in each frequency category by the minimum frequency (i.e., 27% x 1, plus 11% x2 and so on), we can determine that, for every 100 dentists, there have already been at least 91 embezzlements that have taken place.

In comparison, a 2007 American Dental Association survey determined that 35% of the respondents had been victims , so in the 11 years between the two surveys, the percentage of dentists reporting embezzlement increased by more than a third (i.e., 13% of those surveyed). This growth is a significant and alarming trend.

Profiles Of The Embezzler

The following is an excerpt from the upcoming second edition of David Harris’ book Dental Embezzlement; the Art of Theft and the Science of Control


The Narcissistic Sociopath

Like every private investigator, I consider myself an armchair psychologist. From my observation, many Greedy thieves display sociopathic characteristics, and also markers of a narcissist. Psychological literature recognizes this combination as a narcissistic sociopath. The accepted traits of an antisocial personality disorder (sociopathy) include:

  1. Superficial charm and intelligence.
  2. Unreliability.
  3. Untruthfulness.
  4. Lack of remorse.
  5. Inadequately motivated antisocial behavior.
  6. Delusions of invincibility.
  7. Failure to learn by experience.
  8. Failure to follow any life plan.

Some behavioral characteristics of narcissism are:

  1. Self-importance. Think they should be your “partner.”
  2. Focus on appearance.
  3. Exaggerate achievements and abilities.
  4. Believe they are of special or high status.
  5. Think they can only be understood by similar people.
  6. Need for admiration.
  7. Sense of entitlement and expects favorable treatment.
  8. Lacks empathy.
  9. Envious of others or thinks others envy them.

Clearly, there will be some embezzlers who do not fit any profile that we could develop. Still, many of the embezzlers whom I have encountered, particularly the “serial embezzlers” who have stolen from more than a single practice, fit the narcissistic sociopath category fairly closely.

The Hero, Control Freak and Sugar Momma

Some common profiles that embezzlers fit are what we describe as the Hero, the Control Freak, and the Sugar Momma.

The Hero looks for a practice that is really struggling. This practice is the disorganized office that has a large number of unpaid insurance claims and receivables that are out of control. The Hero claims that they have cleaned up bigger messes before and that they love a challenge. They know too well that you will be feeling so relieved at having found the perfect person to take on the herculean task of getting your office back on track that the last thing that will dawn on you is to call that last office that the Hero supposedly whipped into shape to obtain a job reference. While sometimes the Hero can achieve some short-term success with these problems, they have considerably oversold their experience and abilities, and their true focus is cleaning you out, not up.

I’m sure that you can conjure up a mental picture of the Control Freak. He or she is the person of whom the other staff are terrified. He or she holds guards their duties jealously and reacts aggressively to what they perceive as an encroachment. This territoriality will often extend to their workspace and “their” computer, and someone else who sits at their desk or touches their computer will likely receive a dose of this person’s wrath. The control freak may combine their tyranny over staff with subservience to you (which one of my team labels the “teacher’s pet”).

At the opposite end of the behavioral spectrum is the Sugar Momma (who, of course, can be of either gender). The Sugar Momma is the person who bestows largesse on other team members. Sometimes it is baking cookies and bringing them into the office; at other times, it is tampering with the pay of one or more employees to pay them for hours beyond what they actually worked or giving them a pay raise that wasn’t approved by you.
Why do they do this? You may have heard the saying that “you don’t look a gift horse in the bicuspids.” I’m not suggesting that Sugar Momma’s chosen ones are complicit in his or her illicit activities. However, if these staff members have a concern about what Sugar Momma is doing, they are far more likely to go to him or her than to you with that concern.


Do you have questions about embezzlement in your practice? Please give us a call at 888-398-2327

Protect Yourself As An Associate

While most of this website is oriented towards owners of dental practices, we would be remiss if we didn’t address the topic of associate dentists.

Associates can become embezzlement victims in several ways.  First, they can end up being underpaid relative to what they are entitled.  As much as we would prefer to believe that this doesn’t happen, sometimes this is the result of an avaricious practice owner fiddling with the books to the financial detriment of the associate. 

At other times, it happens because of mistakes being made at the front desk.  For example, if treatment is coded to the wrong provider, this may end up lowering the associate’s pay.  Particularly when a dental office first adds a new associate, a kind of thinking is required from front desk staff that may not have been there before.  In a solo practice where hygienists are salaried, it makes no financial difference whether a recall exam is coded to the dentist or the hygienist.  For this reason, it is understandable that many small offices aren’t used to being careful about certain details.  However, when an associate comes on board, the need for more careful recordkeeping suddenly arises, and sometimes front desk team members and even practice owners fail to realize this.

There is also the possibility that embezzlement is happening at a practice and that one or more associate dentists join with the practice owner in becoming victims.

And finally, buying all or part of a practice where a staff member is stealing can provide a buyer with a difficult and unforeseen introduction to practice ownership, when you suddenly realize that you need to pay for, and invest time in, cleaning up a mess left by your predecessor.

Information that should be provided to an associate

  1.  On making an agreement to become an associate, ensure that the agreement provides for sufficient access to practice information to ensure that your compensation is being properly determined.  Information sharing is always a touchy subject for a practice owner, who can understandably be expected to give you information that may have commercial value if you establish your own practice nearby or take an associate position with a competitor.  However, you need to be firm in insisting that you need sufficient access to the practice management software to confirm that your compensation is being determined properly.

Normally, the compensation formula for an associate is based on one of two measurements; production or collections

If your pay is calculated on production, you require day-end reports from the practice management software that show both your gross production and any adjustments. 

If your pay is calculated based on collections, you need this production report plus the collections report showing who paid and how much.  You also need a monthly receivables listing that shows all amounts owing for work performed by you.  This report should be “aged” – in other words it should show how old the amounts owing are, as well as the report showing open insurance claims for your work.  Your agreement should also provide you with access to the “ledger” for each patient for which you have a balance.  The ledger is a summary of individual transactions on a patient’s account.

We stress that your right to access this information should be enshrined in your associate agreement. If that isn’t done, you will be in a difficult position later if you think that you are being undercompensated, because you will not have access to the information to determine if this is true.

2. Review the production, adjustments and collections, if paid on collections, daily.  Look at the receivables monthly, and compare to the receivables listing you received the previous month.  Some questions to ask yourself when reviewing this information:

In all situations:

  • Did all patients seen today show up on the production report? 
  • Were the procedures performed today accurately recorded in the production report?
  • Do you understand and agree with all adjustments against production given to the patients you saw today?

If paid based on collections:

  • Did the front desk collect co-pays in accordance with office policy from patients who were in today?
  • What efforts are being taken to collect on balances for your work that is overdue?  Are there any patients you should call yourself?  Should any patients be sent to a collection agency?  If you think collection efforts on your patients are inadequate, you may wish to have a talk with the practice owner.
  • If insurance claims have been rejected, have they been resubmitted with whatever extra information is needed?
  • Are patients with significant balances being reappointed with you?  If yes, why?
  • Do balances age properly?  In other words, if an amount was 30 days past due a month ago, and it hasn’t been paid, it should now show up in the 60 days past due column.
  • Is the change in receivables for your work reflected in your pay?  If receivables decreased by $15,000 this month, I should receive ($15,000 plus collections for this month’s work) x payment percentage.
  • Are payments from patients on whom multiple providers worked being applied to the correct provider?  A symptom that this is not being done is when patients have “double balances”.  This means that a patient has a debit (i.e., positive) balance with one provider, and a credit (negative) balance with another provider.

When buying a practice

Many new practice owners have had an unfortunate awakening when they realize that the practice that they just purchased has an embezzlement issue.  A second shock ensues when the new practice owner realizes that the people he or she thought were protecting him or her from this eventuality actually have no responsibility, and the new owner is left to their own devices to deal with the mess.

Obviously, a dangerous scenario for buying a practice with active embezzlement is when the buyer is unfamiliar with the practice, but it also happens when the new owner has been with the practice for some time as an associate.  In many cases, when embezzlement comes to light after a purchase, we expect that the former owner was totally unaware that stealing was happening.  Unfortunately, there are also situations where the former owner knew or suspected that embezzlement was taking place but didn’t share that knowledge because he or she wanted the sale to you to go through and thought that you might have been scared away if he or she told you what they knew or suspected.

The other scenario that afflicts buyers is that inaccurate information is provided about the purchase – revenue, number of active patients, number of new patients per month, etc.  Sometimes this is accidental, and at other times it is a deliberate action of the selling dentist looking to extract every possible dollar from the sale.  Sadly, in a typical year we look at dozens of situations where the buyer of a practice retains us to work with their attorneys to determine if the seller has overstated attributes of the practice.

How to protect yourself when buying

Here are some considerations and steps to take when buying:

  1.  The people who assist you should have specialized dental expertise.  Most of us have friends who are lawyers and accountants, and it is often tempting to use them to represent you in a purchase.  No matter how well intended these people are, and how reasonable their fees may be, there is no substitute for dental-specific expertise when protecting you.  A purchase agreement specifically designed for dental transactions will give you better protection than a generic agreement also used to sell car dealerships.  While most embezzlement could not be spotted by a CPA doing a pre-purchase financial review, a dental CPA certainly has a better chance to see that something is amiss than a non-dental one.
  2. The broker doesn’t work for you.  Normally a broker is hired by and compensated by the seller.  The broker normally takes information provided by the seller and makes use of it to determine a price and provide you with an information package.  Brokers normally stamp a big disclaimer across all of their information indicating that they have not verified or audited it in any way.  So, if the broker is fed incorrect information by the seller, either deliberately or inadvertently, the broker will quickly point to this disclaimer when challenged.
  3. Do a chart audit.  It amazes me how often this step is not done.  As well as helping you plan what you are going to do with the resource you just purchased, chart audits can help you spot where information you have been provided does not make sense, such as when the practice where 4,000 active patients are claimed but there is only a single hygienist.
  4. Review information in the practice management software.  You may want to enlist the help of a consultant or software trainer for this. 
  5. Interview the staff.  This is often a somewhat sensitive area, because the selling dentist may not want it publicly known that he or she is selling, and certainly does not want to get their staff stirred up if a purchase falls through.  The way to make this palatable to a seller is to make it a “condition precedent”.  This means that buyer and seller have agreed that interviews will take place, but it only happens after there is a signed agreement in place.  We can’t promise you that this process will allow you to spot an embezzler, but it may help you spot future problem employees.
  6. Be alert for “non-replicable” revenue.  Sometimes this comes from a special skill that the selling dentist possesses (such as treating temporomandibular disorders or sleep apnea) that you will not be able to replicate, it may be from his or her ability to charge above-market fees for certain procedures, and at other times it may even be from some non-clinical business activity carried on by the dentist, such as speaking fees he or she earns, or even revenue from some kind of multi-level marketing.  If the broker has failed to segregate this revenue, you may end up paying for revenue you can’t possibly have.  A comparison between revenue according to practice management software and revenue from accountant-prepared financial statements may give some indication of this, as will looking at revenue by procedure code from the practice management software.
  7. Have a holdback for part of the purchase price.  Deferring the payment of some portion of the purchase price provides some incentive for the seller to behave properly.  Often the final accounting for a purchase cannot be concluded in real time and needs some time to be finalized.  Also, negative information sometimes emerges after the purchase is concluded, and if the seller has already received the full purchase price, the buyer’s position is much weaker than if part of the purchase price can be “frozen” until the dispute is resolved.  This is particularly important when the seller has agreed not to compete within a certain radius.  As long as escrow funds are still being held, the seller is unlikely to break this restrictive covenant.  When funds are held back for the purpose of ensuring seller integrity, the money should be funded and placed in escrow at closing, with a specific escrow agreement dealing with it.  This is not the same as the seller agreeing to “hold paper” to provide part of the financing for a purchase, which has a different timeline and terms.
  8. Have a proper, dental-specific, agreement.  This goes back to using an attorney who specializes in dental transactions.  The agreement should do a few important things:
    • Provide “representations” of any key financial metrics that you are relying on.  For example, if you have been told that there are 4,000 active patients and if this is important to you, this number should be stated in the agreement.  Don’t assume that because this information is on a broker’s “cut sheet” that you have any ability to hold the seller to it.  As mentioned, if information provided by the broker is inaccurate, the seller will blame the broker, and the broker will blame the seller.
    • Define key terms.  Metrics such as “active patient” need to be defined.  If it is not, you will never be successful in getting a partial refund for a deficiency.  To correctly determine the number of active patients, you first need a clear and operable definition.  The legal system relies heavily on precise wording to express the intent of parties to an agreement, and you should never be the farm on the concept that everyone can agree on whether a specific patient is active or not.
    • Deal specifically with copayments.  Many buyers have had bought practices without realizing that the seller was habitually not collecting copayments.  This puts the buyer in the terrible position of either having to continue the seller’s unethical behavior or the seller or to deal with a revolt from patients who are suddenly asked to pay for a portion of their dentistry.  The seller’s handling of copayments should be made clear in the agreement so that you do not get this kind of surprise.
    • The seller should specifically state that he or she is not aware of embezzlement in the practice and either has not consulted any professional with respect to embezzlement in the practice in the past two years, or if a professional has been consulted, outline who and when.  If it is clear that the seller has had embezzlement concerns, this might be a time to insist on the seller having a proper investigation done, which should be at her or his expense, and before the sale closes.

For many dentists, moving from being an associate to a practice owner represents an important milestone in their dental career.  We hate to see what should be such a joyous event smirched by the horrible realization that what you acquired was not what you thought you were getting.  Following the steps in this chapter is a great way to minimize this risk and protect yourself.  Feel free to reach out to us if you have any concerns.

Delegation Versus Abdication

Delegation is essential to the financial well-being of a practice.  The existence of well-trained clinical and administrative staff allows a practice’s doctors to focus on their unique (and high value) competencies.

The concept of clinical delegation is well-understood by dentists, and is something that they first encountered in dental school.

However, delegation of the administrative functions in a practice is something that is normally encountered much later when a dentist becomes the owner of a practice, and it happens without the dentist having the benefit of any training. 

Compounding the lack of training on how to effectively delegate administrative responsibilities is the fact that most dentists judge themselves by how their practice performs clinically and take no comparable pleasure from having a practice that is smoothly administered.

The combination of lack of training and low level of interest often create a “perfect storm” where dentists unconsciously fall into the trap of turning delegation, which is desirable and beneficial, into abdication, which can be dangerous.

So what is the difference between these two concepts? It can be summarized as follows:

Delegation is the devolution of tasks or responsibilities, but with accountability to the practice owner. Abdication is the offloading of responsibility, but with no corresponding answerability.

In a clinical setting, accountability is clearly understood by dentists. You have ownership of, for example, a poor impression taken by a dental assistant, and you have a clear responsibility to ensure that clinical staff have suitable training in CPR to be prepared to handle medical emergencies.

Clinical accountability is aided by the regulated nature of dental assisting and dental hygiene, where members of these professions are trained, tested, certified, and normally required to maintain their competency through continuing education. Also, the dentist’s knowledge of the work carried on by clinical team members is normally fairly high.

In contrast, there is no required certification to be a receptionist, financial coordinator or office manager. Most people in these positions have received their training on the job with you or while working at another dental practice. While there is considerable information and training available to people in administrative positions, it isn’t mandatory or comprehensive. And to make matters worse, unlike the clinical situation, the doctor is usually less knowledgeable about what goes on in the administration of his or her practice than the people who hold jobs in that area.

It’s a recipe for disaster. You are asked to oversee people who often have little formal training in their jobs, without your having the benefit of either detailed knowledge or any idea of how to exercise oversight. Furthermore, if you are like most dentists, keeping an eye on your front desk isn’t a responsibility that you enjoy in any case. So it doesn’t take much to convince you to just step away from what goes on there (i.e. abdication).

So what should a dentist do to increase accountability? Here are some ideas:

  1. Remember that accountability is more than an abstract concept. There is a tendency to believe that, because you sign someone’s paycheck, they are accountable to you. In an abstract sense this is true, but you derive no benefit from this relationship unless it translates into actual oversight.
  2. Effective oversight requires knowledge. Administration is not a cruel joke that the world has played on the dental profession; it is a vital link in the chain between the treatment of patients and your financial well-being. So learn to do the basics in your software — enter treatment, print reports and process a payment. Learn to do the key functions of your office manager in his or her absence. Learn what the most important reports from your practice management software are and what they mean.
  3. Be the boss. This does not mean that you need to be “bossy” but it does require you to make some rules and stick to them. Here are three rules that every practice should have:
    • Documentation of activity. Every administrative person needs to document what they do and how they do it. If they become ill, retire or move away, their “institutional knowledge” shouldn’t disappear with them. This requires a detailed job description (not the kind used when hiring) plus some backup information (references to the manual for your practice management software, etc.) These “position guidebooks” should be consolidated with each of you and your office manager keeping a copy.
    • Cross training — this is closely aligned with the previous point and is intended to ensure that your practice doesn’t grind to a halt because of the unplanned absence of one person. You should be one of the people cross-trained in your office manager’s duties.
    • Mandatory vacations for all staff. The best way to test your cross training is to put it to use. So make every employee take at least two consecutive weeks off each year when the office is functioning (times when the office is completely shut down do not count — the real point is to have someone else filling in for the employee). In addition to ensuring a distribution of your institutional knowledge, having other people temporarily fill administrative jobs provides one of the best chances of catching embezzlement.
  4. Trust, but verify. There are a few things that every practice owner needs to do in order to ensure that their practice records have integrity:
    • First, you need to review day-end information from your practice every day to ensure that your work was accurately recorded and to be alert for suspicious transactions.
    • Verify that the correct amount of money was deposited in your bank account. This verification should include both the “physical” deposit (cash and checks) and amounts deposited electronically. Normally, this necessitates waiting a few days for delayed amounts such as credit card payments to reach your bank. Verification should be done via electronic banking; a deposit slip is not sufficient.
    • It is important to ensure that your daily reports “articulate” with month-end reports. This is to ensure that there is no after-hours activity in your software that is hidden from you. We have developed a spreadsheet that does the heavy lifting for you.

While the process of managing the activities of your practice’s front-office staff can seem daunting at first, the basic steps outlined here will give you a great start.

We offer a terrific product called Office Protection System helps practice owners establish accountability. Please reach out to us if you would like to learn more.

The Danger Of “References”

David Harris

A client of ours recently asked us this question:


“I have an interviewee and I would like to talk to her past employers. She’s been at a local restaurant for the last 4 years, but it closed in April.

What would you recommend to do to check employment?

She listed 3 references from the restaurant with their contact info. Would you recommend to contact them?”


Our client is someone who makes every effort to run his practice properly, and his dilemma forces us to deal with a seminal issue in background checking – who should we be speaking with?

I often have dentists tell me that they ask for “references” or that they check “references.” Normally they are doing this to show me that they are careful about who they hire. Typically, what they are doing is asking the applicant for a list of people who the dentist can contact to gain some level of comfort about the character of the applicant.

One of my concerns with the hiring practices of many dentists is that they know far too little about people who they hire, so I am glad to see a desire on the part of these dentists to close this knowledge gap. However, I think that by checking references, their efforts are misdirected.

The first problem with applicant-supplied references is that they have been “cherry picked” by the applicant. This means that the information they give you lacks objectivity. Everyone has at least a few people in their life who are raving fans, and when you call applicant-supplied references, that is exactly who you are speaking with. So you are unlikely to hear anything remotely negative from these people. I’m pretty sure that if my dog could talk, he would say wonderful things about me. But because I feed him, and rub his belly on demand, he isn’t exactly objective.

To make the problem worse, often the references that are supplied (and checked) are really in the nature of “character references,” by which I mean that their knowledge of the applicant does not come from a work setting (e.g. the high school volleyball coach or parish priest). So in addition to an objectivity issue, there are often other problems; the information you receive may suffer from a lack of relevance.

The people who can give you information that is both relevant and objective are former employers, and that is exactly with whom you should speak.

To circle back to the question that my client asked, what is behind his question is that the thing that the (correctly) wants to do has been frustrated by the closure of the restaurant.

In this case, because the applicant has nominated co-workers, the relevance issue is less important (because these people have observed the applicant at work and have done so recently) and the true concern is objectivity.

I will also reiterate something that I frequently mention about calling people when doing a background check; verify all phone numbers independently and do not rely on any phone number provided by an applicant. You may end up speaking with someone other than who you think you are.

My suggestion to the client was to call the references to ask them if they supervised or managed the applicant. If the answer to this question was no, then who was her supervisor and manager? I would then call these people to ask about the applicant. We refer to this concept as obtaining “derivative references”.

Particularly if they were not on the supplied list of references, now I would have access to information that is more likely to be objective. So in cases where it is difficult to access former employers directly, keep the concept of derivative references in your toolbox.

Reconcile Or Reckless? You Choose!

Amber Weber, David Harris, and Wendy Askins

(Editor’s note — the concepts for this article were first presented in a webinar presented by the authors in May 2020. To view a recording of the webinar, please click HERE)

When someone wants to embezzle from you, their approach is predictable.  They begin by asking themselves whether the reconciliation process used in your practice is thorough and complete. 
By “reconciliation” we are referring to the oversight by practice owners of the daily and monthly balancing done by staff.  In its simplest form, reconciliation is the process of ensuring that the money that your practice management software says you received actually got deposited to your bank.

If a thief realizes that your reconciliation process is flawed (which is probably the case in 75% of practices) this bestows a particular blessing on that thief. He or she can steal by simply “shorting” the deposit; in other words they can steal without needing to tamper with individual patient accounts to conceal it. Stealing in this way does not require high intellect or any -n-depth understanding of your practice management software.

On the other hand, if a would-be thief believes that a deficient deposit would be noticed (in other words that the reconciliation process has integrity), now in order to steal, he or she is faced with a much greater challenge. While it is possible to pocket payments from patients and insurance companies and conceal the theft by not recording the payments in practice management software, doing this will result in “phantom” patient receivable balances. For this reason, this approach tends to be a self-limiting method of stealing. If this “snatch and grab” approach is employed, sooner or later patients may realize that amounts that they owe to the practice are overstated, and the act of these patients complaining may get the thief caught.

Therefore, a “tight” reconciliation process usually forces a would-be embezzler into a riskier, and far more complicated embezzlement scheme where it is necessary to tamper with individual patient accounts in order to keep the amounts owing pristine while still stealing. This is certainly possible, but success requires a much smarter embezzler with a good knowledge of your software.

So what does this elusive reconciliation process entail?

First, we will mention that it consists of some daily activities and some month-end ones. Performing only one of these and omitting the other is problematic. Looking at day-end information and ignoring month-end reporting leaves the practice owner vulnerable to “day-off” transactions performed on days when the practice is closed, and creates challenges with credit card payments and bulk receipts, when there is often a timing difference between when these funds are deposited and when receipt is recognized by practice management software.

On the other hand, ignoring daily reports and focusing on a month-end review degrades your ability to spot entries in your software that are inconsistent with what actually took place. There is no substitute for a timely day-end review for this.

There are a few basic rules for reconciliation:

  1. Print your own reports. Delegating this function means that you abdicate control over the choice of information for the reports. This leaves you vulnerable to selective reporting.
  2. Timeliness is important. Review the day-end report from your practice management software before you go home for the day. Postponing that review, even by a single day, diminishes your ability to spot inaccuracies
  3. Articulation is mandatory. If you have 18 working days in a month, the month-end report should equal the sum of the 18 day-end reports that you have. Prosperident has developed a spreadsheet that does the math for you (if you want it, please ask for it at requests@prosperident.com and we will be happy to oblige).
  4. Your receivables at the end of a period (whether a day, month, or year) should always equal the following calculation: Starting receivables + fees – payments – adjustments. If you can’t “prove” receivables using this formula, something improper happened.

What should a practice owner look at?

On a daily basis, the most important report is the practice summary from your practice management software. This report has various names depending on the software you are using, but will summarize the fees charged today, the adjustments applied and the payments received.

Your review should include the following:

  • Review of the procedures billed for accuracy (and if you have other providers in your practice such as hygienists, partners or associate dentists, each of them should review their own summary and sign it to attest to accuracy).
  • Review the payments received. In particular, you are looking at whether your policies on the collection of co-payments at the time of the patient’s visit are being followed.
  • Review every adjustment made. Ensure that the amount, timing and categorization all make sense. Force staff members making adjustments to be specific — there should be a separate category in your practice management software for each different PPO in which you participate, and separate codes for each type of marketing discount that you offer (senior discount, coupon discount etc). Anything categorized as a “miscellaneous adjustment” needs a detailed explanation attached.
  • Review the deposit amount, and compare against the report. Rather than checking the amount leaving the practice, it is far better to use online banking to verify the amount actually deposited, and to “lag” this part of your review by a few days to allow payments with a timing difference, like when patients pay by credit card, to catch up.

On a monthly basis, the good news is that the more tedious part of this review can be outsourced. Reconciling your bank account, merchant account (this is the account attached to the credit card terminal in your practice) and any third-party patient financing, payment-management or collection agency that you use is important but mundane. For this reason, it is completely understandable if you choose to outsource these tasks. A dental bookkeeper or your CPA firm are good candidates for this work.

However, there are some things that need your personal attention. Here are the things for you to look at:

  • This is the time to ensure that the daily practice summaries that you have reviewed total to the same numbers as the month-end practice summary.
  • Review your receivables report. Focus on the overdue amounts, and on the collection efforts being taken by your practice to collect them.
  • Practice management software normally has an “outstanding insurance claims” report. Review this and check on the actions taken to finalize outstanding claims (is a resubmission needed, or has the insurance company asked for additional information that has not been provided?)
  • Review the following reports:
    • Adjustments report
    • Deleted transactions report
    • Modified transactions report
  • Review the “entry log” from your alarm company to see if a staff member is visiting the practice at unexpected times. This is almost always a symptom of embezzlement.
  • Ensure that the month that you are reviewing has been “closed” in your practice management software. Do this by checking the software directly; don’t complete this task by asking a staff member. If you aren’t sure how to do this, your software has trainers and a help desk to teach you how to check.

Performing day-end and month-end reconciliation properly will not catch all embezzlement. However, it will eliminate the easiest ways to steal and the wanna-be thieves without the software knowledge and intellect needed to progress to more advanced stealing.

Do you have questions about this article or want to speak with us about your practice? You can contact us using THIS LINK.

The Importance Of Month-end Reconciliations

By Wendy Askins, CFE, MBA

A thorough month-end reconciliation is critical to uncover revenue anomalies, errors, and embezzlement.   Relying solely on information that is offered to a business owner by a team member is dangerous.  Embezzlers can manipulate reports, handwritten deposit slips, and other data sources to execute their schemes.  However, they cannot manipulate third-party statements from outside entities.
All third-party revenue statements should be sent directly to a secured location accessible only by the business owner.  Revenue statements include bank statements, merchant account (credit card) statements, third party patient finance company (Care Credit and Lending Club) statements, Orthobanc or Vanco statements, and OrthoFi statements.  Once the business owner has reviewed the statements, forward the documents to the bookkeeper or the individual responsible for practice financial data reconciliation and retention.
 The reconciliation process can be an arduous process that is best completed by an outside source instead of the business owner.  Additionally, the reconciliation process should NOT be completed by a team member who has control over posting of payments nor control over the day-end processes.  Many practice owners rely on a bookkeeper or company that can complete the process virtually.
The reconciliation process begins by ensuring that all serial numbered computerized daysheets and deposit slips are represented and that there are no “hidden” records of adjustments or payments. 
Using the third-party statements, confirm that the amounts of each payment method listed on the practice management software computerized deposit slip match the amount and timing of the deposit on the third-party statements.  Physical payment methods (cash, checks, money orders) are located on the bank statement; funds that are electronically deposited to the bank are located on the individual company statement.  Once the revenue data from the practice management software is reconciled to all third-party statments, then move to a reconciliation of the business accounting software (Quickbooks, etc.).

Many business owners assume that their Certified Public Accountant (CPA) is responsible for reconciling their revenue.  In actuality, CPAs are responsible for ensuring that expenses are categorized correctly and generating business financial statements.  CPAs do not reconcile income from the practice management software with records of revenue on third-party statements.   A webinar with more reconciliation tips can be found on the Prosperident website and YouTube channel.    If you suspect embezzlement is occurring in your practice, please seek advice from individuals who specialize in financial crimes committed against orthodontic specialists.  Prosperident is here to help!

ADA Survey Addresses How Embezzlement Is Discovered

The American Dental Association’s Council on Dental Practice recently released the results of a survey completed last year on embezzlement.
One of the questions on the survey addressed the question of behaviors exhibited by embezzlers. The answers were enlightening.

The pie graph below highlights the most commonly observed behaviors (please note that, due to multiple responses, the total exceeds 100%).

Observed behaviors of embezzlers, 2019

As you can see, possessiveness about the embezzler’s duties, and a reluctance to crosstrain other team members was the single biggest factor, given by almost 50% of respondents. Closely related was territoriality about the embezzler’s work space, with over 25% of respondents reporting that behavior.

Defensive when questioned about financial matters, and complaints from other staff about the affected employee, or observed bullying on the part of the thief, we also observed by many victims.

Employee behavior is still one of the key elements in detecting embezzlement. Our Embezzlement Risk Assessment Questionnaire has been taken by thousands of dentists and provides a good barometer for employee behavior. You can access the Questionnaire HERE.

Prosperident Response To Coronavirus March 17, 2020

Dear Clients and Friends,

The developing story of coronavirus has shaken the dental community, and the rest of the world, to the very core.  I saw this virus described this morning as a once-in-a-century epidemic, which is certainly an apt description.

I wanted to reach out to you to let you know our response to current events, and ways that we can assist you if needed. 

Here is what you should know:

  1.  The operations of Prosperident are secure and will continue as normal.  As you may know, we are widely disbursed geographically, and the majority of our team members work from home.  In fact, it is rare that even two of our team members are in the same place. While in happier times, working this way can make our team members feel a bit lonely and isolated, right now our structure provides the safest work environment imaginable.
  2. We have minimized the risk to our people.  This includes postponing all corporate travel and enforcing isolation for those who have traveled recently.    If a team member does become ill and unable to work, we will reassign their caseload to another examiner to ensure that investigations continue to progress. We will also be providing income support to any of our team members who are unable to work as a result of COVID-19 related illness.
  3. We will help and support our clients wherever possible.  We understand that the next few months will prove to be financially challenging to many dental practices, and we will arrange extended payment terms for any client in a hardship position.  If this is your situation, please let our Chief Operating Officer, Wendy Chediac, know at wendy.c@dentalembezzlement.com so that we can develop a revised payment schedule that works within your resources.  We will also display flexibility in any deadlines pertaining to time-limited offers we have made in recognition of the disruption to people’s lives.
  4. We will help you make productive use of downtime.  With many practitioners suddenly having more time on their hands, we can help you make use of that time in a positive way.  Whether it involves obtaining the information we need to complete your investigation, or implementing our acclaimed Office Protection System platform to protect your practice in future, we can help you make good use of your sudden availability.  We offer preferential fees on additional services to our existing clients, as well as flexible repayment arrangements.  Please contact one of us if you are interested in discussing additional services.

Like you, we find ourselves in uncharted territory right now.  In the same way that we have served the dental community for the past thirty years, we will continue to help and support you in this difficult period.  We welcome hearing from you at any time.

Kind regards,

Prosperident Inc.     David Harris
Chief Executive Officer
e: david@dentalembezzlement.com