Category: Articles about embezzlement

Delegation is essential to the financial well-being of a practice.  The existence of well-trained clinical and administrative staff allows a practice’s doctors to focus on their unique (and high value) competencies.

The concept of clinical delegation is well-understood by dentists, and is something that they first encountered in dental school.

However, delegation of the administrative functions in a practice is something that is normally encountered much later when a dentist becomes the owner of a practice, and it happens without the dentist having the benefit of any training. 

Compounding the lack of training on how to effectively delegate administrative responsibilities is the fact that most dentists judge themselves by how their practice performs clinically and take no comparable pleasure from having a practice that is smoothly administered.

The combination of lack of training and low level of interest often create a “perfect storm” where dentists unconsciously fall into the trap of turning delegation, which is desirable and beneficial, into abdication, which can be dangerous.

So what is the difference between these two concepts? It can be summarized as follows:

Delegation is the devolution of tasks or responsibilities, but with accountability to the practice owner. Abdication is the offloading of responsibility, but with no corresponding answerability.

In a clinical setting, accountability is clearly understood by dentists. You have ownership of, for example, a poor impression taken by a dental assistant, and you have a clear responsibility to ensure that clinical staff have suitable training in CPR to be prepared to handle medical emergencies.

Clinical accountability is aided by the regulated nature of dental assisting and dental hygiene, where members of these professions are trained, tested, certified, and normally required to maintain their competency through continuing education. Also, the dentist’s knowledge of the work carried on by clinical team members is normally fairly high.

In contrast, there is no required certification to be a receptionist, financial coordinator or office manager. Most people in these positions have received their training on the job with you or while working at another dental practice. While there is considerable information and training available to people in administrative positions, it isn’t mandatory or comprehensive. And to make matters worse, unlike the clinical situation, the doctor is usually less knowledgeable about what goes on in the administration of his or her practice than the people who hold jobs in that area.

It’s a recipe for disaster. You are asked to oversee people who often have little formal training in their jobs, without your having the benefit of either detailed knowledge or any idea of how to exercise oversight. Furthermore, if you are like most dentists, keeping an eye on your front desk isn’t a responsibility that you enjoy in any case. So it doesn’t take much to convince you to just step away from what goes on there (i.e. abdication).

So what should a dentist do to increase accountability? Here are some ideas:

1. Remember that accountability is more than an abstract concept. There is a tendency to believe that, because you sign someone’s paycheck, they are accountable to you. In an abstract sense this is true, but you derive no benefit from this relationship unless it translates into actual oversight.
2. Effective oversight requires knowledge. Administration is not a cruel joke that the world has played on the dental profession; it is a vital link in the chain between the treatment of patients and your financial well-being. So learn to do the basics in your software — enter treatment, print reports and process a payment. Learn to do the key functions of your office manager in his or her absence. Learn what the most important reports from your practice management software are and what they mean.
3. Be the boss. This does not mean that you need to be “bossy” but it does require you to make some rules and stick to them. Here are three rules that every practice should have:
   • Documentation of activity. Every administrative person needs to document what they do and how they do it. If they become ill, retire or move away, their “institutional knowledge” shouldn’t disappear with them. This requires a detailed job description (not the kind used when hiring) plus some backup information (references to the manual for your practice management software, etc.) These “position guidebooks” should be consolidated with each of you and your office manager keeping a copy.
   • Cross training — this is closely aligned with the previous point and is intended to ensure that your practice doesn’t grind to a halt because of the unplanned absence of one person. You should be one of the people cross-trained in your office manager’s duties.
   • Mandatory vacations for all staff. The best way to test your cross training is to put it to use. So make every employee take at least two consecutive weeks off each year when the office is functioning (times when the office is completely shut down do not count — the real point is to have someone else filling in for the employee). In addition to ensuring a distribution of your institutional knowledge, having other people temporarily fill administrative jobs provides one of the best chances of catching embezzlement.
4. Trust, but verify. There are a few things that every practice owner needs to do in order to ensure that their practice records have integrity:
   • First, you need to review day-end information from your practice every day to ensure that your work was accurately recorded and to be alert for suspicious transactions.
   • Verify that the correct amount of money was deposited in your bank account. This verification should include both the “physical” deposit (cash and checks) and amounts deposited electronically. Normally, this necessitates waiting a few days for delayed amounts such as credit card payments to reach your bank. Verification should be done via electronic banking; a deposit slip is not sufficient.
   • It is important to ensure that your daily reports “articulate” with month-end reports. This is to ensure that there is no after-hours activity in your software that is hidden from you. We have developed a spreadsheet that does the heavy lifting for you.

While the process of managing the activities of your practice’s front-office staff can seem daunting at first, the basic steps outlined here will give you a great start.

We offer a terrific product called Office Protection System helps practice owners establish accountability. Please reach out to us if you would like to learn more.

A client of ours recently asked us this question:

---

“I have an interviewee and I would like to talk to her past employers. She’s been at a local restaurant for the last 4 years, but it closed in April.

What would you recommend to do to check employment?

She listed 3 references from the restaurant with their contact info. Would you recommend to contact them?”

---

Our client is someone who makes every effort to run his practice properly, and his dilemma forces us to deal with a seminal issue in background checking – who should we be speaking with?

I often have dentists tell me that they ask for “references” or that they check “references.” Normally they are doing this to show me that they are careful about who they hire. Typically, what they are doing is asking the applicant for a list of people who the dentist can contact to gain some level of comfort about the character of the applicant.

One of my concerns with the hiring practices of many dentists is that they know far too little about people who they hire, so I am glad to see a desire on the part of these dentists to close this knowledge gap. However, I think that by checking references, their efforts are misdirected.

The first problem with applicant-supplied references is that they have been “cherry picked” by the applicant. This means that the information they give you lacks objectivity. Everyone has at least a few people in their life who are raving fans, and when you call applicant-supplied references, that is exactly who you are speaking with. So you are unlikely to hear anything remotely negative from these people. I’m pretty sure that if my dog could talk, he would say wonderful things about me. But because I feed him, and rub his belly on demand, he isn’t exactly objective.

To make the problem worse, often the references that are supplied (and checked) are really in the nature of “character references,” by which I mean that their knowledge of the applicant does not come from a work setting (e.g. the high school volleyball coach or parish priest). So in addition to an objectivity issue, there are often other problems; the information you receive may suffer from a lack of relevance.

The people who can give you information that is both relevant and objective are former employers, and that is exactly with whom you should speak.

To circle back to the question that my client asked, what is behind his question is that the thing that the (correctly) wants to do has been frustrated by the closure of the restaurant.

In this case, because the applicant has nominated co-workers, the relevance issue is less important (because these people have observed the applicant at work and have done so recently) and the true concern is objectivity.

I will also reiterate something that I frequently mention about calling people when doing a background check; verify all phone numbers independently and do not rely on any phone number provided by an applicant. You may end up speaking with someone other than who you think you are.

My suggestion to the client was to call the references to ask them if they supervised or managed the applicant. If the answer to this question was no, then who was her supervisor and manager? I would then call these people to ask about the applicant. We refer to this concept as obtaining “derivative references”.

Particularly if they were not on the supplied list of references, now I would have access to information that is more likely to be objective. So in cases where it is difficult to access former employers directly, keep the concept of derivative references in your toolbox.

(Editor’s note — the concepts for this article were first presented in a webinar presented by the authors in May 2020. To view a recording of the webinar, please click HERE)

When someone wants to embezzle from you, their approach is predictable.  They begin by asking themselves whether the reconciliation process used in your practice is thorough and complete. 
By “reconciliation” we are referring to the oversight by practice owners of the daily and monthly balancing done by staff.  In its simplest form, reconciliation is the process of ensuring that the money that your practice management software says you received actually got deposited to your bank.

If a thief realizes that your reconciliation process is flawed (which is probably the case in 75% of practices) this bestows a particular blessing on that thief. He or she can steal by simply “shorting” the deposit; in other words they can steal without needing to tamper with individual patient accounts to conceal it. Stealing in this way does not require high intellect or any -n-depth understanding of your practice management software.

On the other hand, if a would-be thief believes that a deficient deposit would be noticed (in other words that the reconciliation process has integrity), now in order to steal, he or she is faced with a much greater challenge. While it is possible to pocket payments from patients and insurance companies and conceal the theft by not recording the payments in practice management software, doing this will result in “phantom” patient receivable balances. For this reason, this approach tends to be a self-limiting method of stealing. If this “snatch and grab” approach is employed, sooner or later patients may realize that amounts that they owe to the practice are overstated, and the act of these patients complaining may get the thief caught.

Therefore, a “tight” reconciliation process usually forces a would-be embezzler into a riskier, and far more complicated embezzlement scheme where it is necessary to tamper with individual patient accounts in order to keep the amounts owing pristine while still stealing. This is certainly possible, but success requires a much smarter embezzler with a good knowledge of your software.

So what does this elusive reconciliation process entail?

First, we will mention that it consists of some daily activities and some month-end ones. Performing only one of these and omitting the other is problematic. Looking at day-end information and ignoring month-end reporting leaves the practice owner vulnerable to “day-off” transactions performed on days when the practice is closed, and creates challenges with credit card payments and bulk receipts, when there is often a timing difference between when these funds are deposited and when receipt is recognized by practice management software.

On the other hand, ignoring daily reports and focusing on a month-end review degrades your ability to spot entries in your software that are inconsistent with what actually took place. There is no substitute for a timely day-end review for this.

There are a few basic rules for reconciliation:

1. Print your own reports. Delegating this function means that you abdicate control over the choice of information for the reports. This leaves you vulnerable to selective reporting.
2. Timeliness is important. Review the day-end report from your practice management software before you go home for the day. Postponing that review, even by a single day, diminishes your ability to spot inaccuracies
3. Articulation is mandatory. If you have 18 working days in a month, the month-end report should equal the sum of the 18 day-end reports that you have. Prosperident has developed a spreadsheet that does the math for you (if you want it, please ask for it at requests@prosperident.com and we will be happy to oblige).
4. Your receivables at the end of a period (whether a day, month, or year) should always equal the following calculation: Starting receivables + fees – payments – adjustments. If you can’t “prove” receivables using this formula, something improper happened.

What should a practice owner look at?

On a daily basis, the most important report is the practice summary from your practice management software. This report has various names depending on the software you are using, but will summarize the fees charged today, the adjustments applied and the payments received.

Your review should include the following:

• Review of the procedures billed for accuracy (and if you have other providers in your practice such as hygienists, partners or associate dentists, each of them should review their own summary and sign it to attest to accuracy).
• Review the payments received. In particular, you are looking at whether your policies on the collection of co-payments at the time of the patient’s visit are being followed.
• Review every adjustment made. Ensure that the amount, timing and categorization all make sense. Force staff members making adjustments to be specific — there should be a separate category in your practice management software for each different PPO in which you participate, and separate codes for each type of marketing discount that you offer (senior discount, coupon discount etc). Anything categorized as a “miscellaneous adjustment” needs a detailed explanation attached.
• Review the deposit amount, and compare against the report. Rather than checking the amount leaving the practice, it is far better to use online banking to verify the amount actually deposited, and to “lag” this part of your review by a few days to allow payments with a timing difference, like when patients pay by credit card, to catch up.

On a monthly basis, the good news is that the more tedious part of this review can be outsourced. Reconciling your bank account, merchant account (this is the account attached to the credit card terminal in your practice) and any third-party patient financing, payment-management or collection agency that you use is important but mundane. For this reason, it is completely understandable if you choose to outsource these tasks. A dental bookkeeper or your CPA firm are good candidates for this work.

However, there are some things that need your personal attention. Here are the things for you to look at:

• This is the time to ensure that the daily practice summaries that you have reviewed total to the same numbers as the month-end practice summary.
• Review your receivables report. Focus on the overdue amounts, and on the collection efforts being taken by your practice to collect them.
• Practice management software normally has an “outstanding insurance claims” report. Review this and check on the actions taken to finalize outstanding claims (is a resubmission needed, or has the insurance company asked for additional information that has not been provided?)
• Review the following reports:
  • Adjustments report
  • Deleted transactions report
  • Modified transactions report
• Review the “entry log” from your alarm company to see if a staff member is visiting the practice at unexpected times. This is almost always a symptom of embezzlement.
• Ensure that the month that you are reviewing has been “closed” in your practice management software. Do this by checking the software directly; don’t complete this task by asking a staff member. If you aren’t sure how to do this, your software has trainers and a help desk to teach you how to check.

Performing day-end and month-end reconciliation properly will not catch all embezzlement. However, it will eliminate the easiest ways to steal and the wanna-be thieves without the software knowledge and intellect needed to progress to more advanced stealing.

Do you have questions about this article or want to speak with us about your practice? You can contact us using THIS LINK.

By Wendy Askins, CFE, MBA

A thorough month-end reconciliation is critical to uncover revenue anomalies, errors, and embezzlement.   Relying solely on information that is offered to a business owner by a team member is dangerous.  Embezzlers can manipulate reports, handwritten deposit slips, and other data sources to execute their schemes.  However, they cannot manipulate third-party statements from outside entities.
All third-party revenue statements should be sent directly to a secured location accessible only by the business owner.  Revenue statements include bank statements, merchant account (credit card) statements, third party patient finance company (Care Credit and Lending Club) statements, Orthobanc or Vanco statements, and OrthoFi statements.  Once the business owner has reviewed the statements, forward the documents to the bookkeeper or the individual responsible for practice financial data reconciliation and retention.
 The reconciliation process can be an arduous process that is best completed by an outside source instead of the business owner.  Additionally, the reconciliation process should NOT be completed by a team member who has control over posting of payments nor control over the day-end processes.  Many practice owners rely on a bookkeeper or company that can complete the process virtually.
The reconciliation process begins by ensuring that all serial numbered computerized daysheets and deposit slips are represented and that there are no “hidden” records of adjustments or payments. 
Using the third-party statements, confirm that the amounts of each payment method listed on the practice management software computerized deposit slip match the amount and timing of the deposit on the third-party statements.  Physical payment methods (cash, checks, money orders) are located on the bank statement; funds that are electronically deposited to the bank are located on the individual company statement.  Once the revenue data from the practice management software is reconciled to all third-party statments, then move to a reconciliation of the business accounting software (Quickbooks, etc.).

Many business owners assume that their Certified Public Accountant (CPA) is responsible for reconciling their revenue.  In actuality, CPAs are responsible for ensuring that expenses are categorized correctly and generating business financial statements.  CPAs do not reconcile income from the practice management software with records of revenue on third-party statements.   A webinar with more reconciliation tips can be found on the Prosperident website and YouTube channel.    If you suspect embezzlement is occurring in your practice, please seek advice from individuals who specialize in financial crimes committed against orthodontic specialists.  Prosperident is here to help!

The American Dental Association’s Council on Dental Practice recently released the results of a survey completed last year on embezzlement.
One of the questions on the survey addressed the question of behaviors exhibited by embezzlers. The answers were enlightening.

The pie graph below highlights the most commonly observed behaviors (please note that, due to multiple responses, the total exceeds 100%).

As you can see, possessiveness about the embezzler’s duties, and a reluctance to crosstrain other team members was the single biggest factor, given by almost 50% of respondents. Closely related was territoriality about the embezzler’s work space, with over 25% of respondents reporting that behavior.

Defensive when questioned about financial matters, and complaints from other staff about the affected employee, or observed bullying on the part of the thief, we also observed by many victims.

Employee behavior is still one of the key elements in detecting embezzlement. Our Embezzlement Risk Assessment Questionnaire has been taken by thousands of dentists and provides a good barometer for employee behavior. You can access the Questionnaire HERE.

Dear Clients and Friends,

The developing story of coronavirus has shaken the dental community, and the rest of the world, to the very core.  I saw this virus described this morning as a once-in-a-century epidemic, which is certainly an apt description.

I wanted to reach out to you to let you know our response to current events, and ways that we can assist you if needed. 

Here is what you should know:

1.  The operations of Prosperident are secure and will continue as normal.  As you may know, we are widely disbursed geographically, and the majority of our team members work from home.  In fact, it is rare that even two of our team members are in the same place. While in happier times, working this way can make our team members feel a bit lonely and isolated, right now our structure provides the safest work environment imaginable.
2. We have minimized the risk to our people.  This includes postponing all corporate travel and enforcing isolation for those who have traveled recently.    If a team member does become ill and unable to work, we will reassign their caseload to another examiner to ensure that investigations continue to progress. We will also be providing income support to any of our team members who are unable to work as a result of COVID-19 related illness.
3. We will help and support our clients wherever possible.  We understand that the next few months will prove to be financially challenging to many dental practices, and we will arrange extended payment terms for any client in a hardship position.  If this is your situation, please let our Chief Operating Officer, Wendy Chediac, know at wendy.c@dentalembezzlement.com so that we can develop a revised payment schedule that works within your resources.  We will also display flexibility in any deadlines pertaining to time-limited offers we have made in recognition of the disruption to people’s lives.
4. We will help you make productive use of downtime.  With many practitioners suddenly having more time on their hands, we can help you make use of that time in a positive way.  Whether it involves obtaining the information we need to complete your investigation, or implementing our acclaimed Office Protection System platform to protect your practice in future, we can help you make good use of your sudden availability.  We offer preferential fees on additional services to our existing clients, as well as flexible repayment arrangements.  Please contact one of us if you are interested in discussing additional services.

Like you, we find ourselves in uncharted territory right now.  In the same way that we have served the dental community for the past thirty years, we will continue to help and support you in this difficult period.  We welcome hearing from you at any time.

Kind regards,

Prosperident Inc.     David Harris
Chief Executive Officer
p:  902-423-6624 direct
e:	david@dentalembezzlement.com

The American Dental Association’s Council on Dental Practice recently released the results of a survey completed last year on embezzlement.
There are some interesting results, and they generally do not constitute good news for the dental profession.
First, compared to a similar survey released just over ten years ago, the prevalence of embezzlement in practices is noticeably up. The 2008 survey had found that 35% of respondents had been victims of embezzlement. The survey released in February 2020 showed that 48% of those responding had been embezzled. This increase of 13 percentage points in a 10-year period is significant and should be a cause for alarm among practice owners. The logical conclusion is that embezzlement will sooner or later affect more than 90% of practice owners.
The 2020 survey did something that the previous survey did not – for those who had been embezzled, it asked them how many times they had been victimized. From those who had reported being embezzled, 26% (i.e., 54% of those who had been victims) indicated that it had happened once, 23% of victims reported being stolen from twice, 5% of those stolen from declared three embezzlements and an astonishing 18% (which is 8% of all dentists surveyed) confirmed having been victims at least four times.

Many dentists believe in the honesty of long-service employees, and the survey tested that hypothesis directly, asking embezzlement victims how long the thief had worked for them at the point of discovery. The following graph shows the results:

As you can see, almost half of the stealing employees had been employed for four or more years.
The survey asked how the embezzlement was discovered. Predictably, there was a wide variety of answers, ranging from reported by another employee (28%) to discovered when changing accountants (3%). While the ADA did not do this in its survey, one additional analysis that we performed was to taxonomize the means of discovery into two categories; embezzlement discovered by the planned operation of a practice’s system of controls (of which an example would be discovery by reviewing the audit trail in a practice’s software) and stealing discovered by some chance occurrence (for example, when discovery is caused by a patient complaining about their account). This analysis revealed that only 17% of embezzlement was discovered through the systems employed by practices, with a staggeringly high 83% revealed through unpredictable events. Clearly practice systems are not providing the protection that practice owners believe they are. David Harris, Prosperident’s CEO, is part of a group writing a series of articles designed to help practice owners receive a higher level of protection from their systems. The first article in the series is available here — https://www.dentistryiq.com/practice-management/financial/article/14073216/busting-embezzlement-part-1the-problem.
The survey also looked closely at the behaviors displayed by embezzlers, and the results are consistent with something that we have been saying for many years – there are certain telltale behaviors exhibited by embezzlers, and one of the best ways to detect an embezzlement problem is to look for these behaviors. Here are the most prevalent behaviors of embezzlers, as determined by the survey (the percentages add up to more than 100% due to multiple responses):

Our Embezzlement Risk Assessment Questionnaire provides an excellent way for a practice owner to evaluate the behavior of employees. It is available at a modest cost in our electronic store at www.prosperident.com/store.
The ADA survey validates what our own experience over the last decade has suggested – embezzlement is on the increase in dentistry. Practice owners need to be both vigilant and proactive in dealing with it. Prosperident’s Office Protection System provides an effective way of protecting a practice or a group of practices from embezzlement. More information is available here — https://www.prosperident.com/office-protection-system/ .

Deleted transactions are overlooked and ignored to our detriment. One must purposely seek to find these hidden gems to be worthy of uncovering the dark stories they tell. You will not find them visible on the patients’ ledger in most practice management software; they are only discovered by generating a separate audit log report, adjustment report, or deleted transactions report.

As a Certified Fraud Examiner, I attest to the immense value of scrutinizing deleted transactions and begin every investigation with a specialized in-depth process of review. The majority of confirmed embezzlement cases hide theft patterns in transactions that are intentionally deleted.

Confirmed embezzlement cases have suspicious deleted transactions, but, not every deleted transaction is suspicious. For example, if a retainer charge and cash payment are recorded, then both transactions are deleted without the application of a correcting transaction, the sequence likely occurred due to theft. On the other hand, if a retainer charge transaction is recorded, then deleted and reposted for the corrected amount with a cash payment amount matching the sequence likely occurred due to human error in the original retainer charge amount.

Deleted transactions conducted in an attempt to correct an error can also tell a story of an employee that needs additional training, financial policies that need revision, areas in need of improved communication, or software in need of greater customization. For example, if Olivia Office Manager continually posts insurance digital credit cards as EFT payments, then deletes the EFT payment and reposts as a credit card payment…it’s a sign that Olivia Office Manager needs more training in the differences between the two payment methods and how the error could impact the reconciliation process.

The Prosperident recommendation is to print the deleted transactions report personally (sometimes called voided, reversed, or error transactions) and review the transactions monthly. There will be a large volume of transactions contained in the report; I recommend focusing on the deleted cash payments. Identify a specific deleted cash payment then review the patient’s ledger to determine if the payment was reposted with corrections:

Fraud detection is a highly specialized skill, and there are some theft modalities which leave no trace evidence in the practice management system, such as skimming. Following the above guidelines could give the business owner advantage to uncovering embezzlement.

If you suspect embezzlement is occurring in your practice, please seek advice from individuals who specialize in financial crimes committed against orthodontic specialists. Prosperident is here to help!

David Harris

Everyone knows that daily balancing is a key safeguard for your practice’s finances, but there is very little information available to a dentist on how to do it properly. So here’s a recipe:

1. Which reports should be looked at? Most software can produce a lot of different reports. Most software has a report specifically designed for day-end review. It may be called a “daily summary”, “day-end report” or “daysheet”, or it may have a different name in your software. For purposes of this discussion, I will refer to it as the “daysheet”. The daysheet will normally show procedures performed, fees associated with the procedures, payments received and adjustments made, as well as any deletions or corrections that were made. Normally at the bottom of the report are totals for each of these activities, plus a breakdown of the payments received by type (cash, check, credit card payment, third party deposit, etc). Most daysheets also show your accounts receivable balance at the beginning of the day, and the balance at the end of the day. If the daysheet from your practice management software is missing some of this information, you will need to print additional reports to ensure that you have everything listed in this paragraph.
2. There are reports that will isolate any one of these items in a single report. For example, most software will generate an adjustments report that only lists adjustments, or a production report that isolates procedures performed and fees billed. These reports have their uses, and allow you to review a specific type of transaction. However, for the day-end review that you are performing, I recommend that you to look at the daysheet, which allows you to see all of the activities undertaken for each patient today in a single report. So for a patient who visited the practice for treatment, you can see what was billed, what was paid, and any adjustments or modifications that were made. This is preferable to, for example, looking at today’s adjustments on a separate report, which means that you will not have the context for the adjustments made. Put another way, a $200 adjustment on $1,600 of treatment means something quite different from the same $200 adjustment applied to a $250 treatment, and looking at an adjustments report simply will not give you that context, without cross referencing to other reports. The daysheet, if generated with the proper settings, will allow you to have all of the information needed for your daily review in a single report.
3. The daysheet and other reports from your practice management software used in this process need to be printed by you, your spouse, or an external person like a bookkeeper or accountant. You should never rely on a staff member to generate the reports used for reconciliation, because doing so opens the possibility of “selective reporting” where certain activities are excluded from the report. If this is done, you will think that report you are using summarizes the entire practice, when it does not.
4. I love the approach taken by a friend of mine, Sandy Baird, who is a practice management consultant based in Tennessee. Sandy says that the day-end routine needs to be a team concept, and that team members other than the practice owner also have roles. For example, Sandy suggests that each associated dentist, assistant and hygienist needs to print a production report for their own activities, compare it with their schedule and ensure that correct fees and procedures were applied, and that work performed was coded to the correct provider. This is not a substitute for the owner’s review of the practice, but increases the chances of finding inaccuracies.
5. You need to review day-end reports personally. This review should not be delegated to anyone, although as mentioned in the previous paragraph, your review should be supplemented by the reviews carried on by individual billers of their own activities. You are the only person who has a chance of spotting a discrepancy between what was done and what was billed for work that you performed, plus you, as practice owner must use this chance to look at the overall activities of the practice. Month-end reviews are also important, but there is no substitute for reviewing a day while what took place is still fresh in your mind.
6. A delayed review of a day is close to useless. Your ability to find an error or unusual transaction degrades considerably with even a 24 hour delay in performing the review, and looking at last Thursday’s report on Monday afternoon represents a lost opportunity to find inaccuracies.
7. When reviewing the day-end report, there are several things you should scrutinize:
   a. Review all fees that were billed for accuracy. Embezzlement is not the only threat to your practice’s revenue; simple clerical mistakes can also be costly. A one-digit error in a procedure code can cost you hundreds of dollars.
   b. Review payments received. One thing to check is to look payments made by patients during the day to ensure that your policies for collecting co-pays are being followed. In other words, if your policy is to collect co-payments (or at least estimates thereof) on walk-out, your daysheet will tell you if team members are following this policy.
   c. Ensure that there was a fee charged for every patient you saw today unless you know that a specific patient was booked for a “no-charge” appointment (an example of a no-charge appointment is a visit within a multi-visit procedure that had a single fee, such as an ortho check if your practice does orthodontic treatment).
   d. Review all adjustments (both debit and credit adjustments) and ensure that you understand the reason for them, and that the adjustments make sense in the context. Substituting an adjustment code for a payment code is one of the most basic methods of concealing theft.
   e. Check the “continuity” of accounts receivable. The “closing” balance of receivables from the last day that your practice was open should be exactly the same as the “opening” receivables balance for today. If these two receivables balances are not identical, it means that there was some activity in your practice management software between the end of your last workday and the beginning of the current one.
   f. An excellent idea is to print “roll-up” reports instead of current day ones from your software. Even though it is commonly called a “daysheet,” this report can cover any period you wish. So if today is Monday, and your office’s last working day was last Thursday, rather than review a Monday daysheet, you should be looking at one that spans the period from the last cutoff on Thursday until the end of today. This will show you any transactions that took place in the three days when the office was closed. Since you are printing the reports yourself, this is not hard to do.
8. Ensure that all patients are “checked out” in your practice management software. Checking out is the process of closing an appointment in practice management software. Checking out a patient forces the front desk staff to either apply a charge or to record a patient as having had a no-charge appointment. When any patient who had chargeable work done is not checked out, you have lost money.
9. Many practices do not use adjustment codes properly. Each “reason” for making an adjustment needs to have its own specific code. So each PPO, and every category of other discount (e.g., senior citizen discount, professional courtesy for referral sources, etc.), and every marketing initiative that you undertake, needs its own unique adjustment code. There should be very few “miscellaneous adjustments”, and whenever one is made, staff need to make a detailed explanation in the patient notes. Give some extra attention to any miscellaneous adjustments on your report, and check the notes made to ensure that you agree with the basis for the adjustment, and that it does not fit within one of the defined adjustment categories. And if there are a fair number of miscellaneous adjustments made for more or less the same reason, this is a good time to place a label on that type of situation and create a tailored adjustment code for it.
   Not having (and using!) specific adjustment codes deprives you of information needed to make key decisions about your practice, such as whether you should drop a specific PPO plan, or whether a specific marketing initiative is working. Having only a few adjustment categories (or one generic category that is used for all adjustments, and yes, I have seen this on occasion) also makes it easier to “bury” fraudulent adjustments. Forcing specificity makes inappropriate adjustments much more conspicuous.
   Whatever the cause of an adjustment, it represents money out of your pocket, and for that reason it requires scrutiny comparable to if you were writing a check for the same amount.
10. There is no particular benefit to having an external party review the daysheet or daily balancing. You should personally verify agreement between practice management software and today’s deposit. It is permissible to outsource the monthly reconciliation that compares a month at once. Reconciling the entire month at once drastically reduces the workload involved for the person performing the reconciliation, because most of the timing differences that have occurred within the month will have worked themselves out, and it is only the ones that straddle the beginning or end of the month that need to be addressed. This monthly reconciliation provides a “double-check” on the daily work that you are doing.
11. The “timing differences” discussed earlier in this chapter create challenges in balancing and reconciliation. Situations where collections are recorded earlier or later in your practice management software than when they are received by your bank mean that it is often impossible to know by closing time today whether today is properly balanced. When a patient pays today by credit card, it will be several days before that payment can be confirmed
    Conversely, payments deposited by insurance companies directly in your bank account normally appear in your account a couple of days before you receive the Explanation of Benefits from that insurance company.
    Timing differences complicated the balancing (done by staff) and reconciliation (done by you, your spouse, or an outside party) processes, because they require keeping track of “held over” items for a few days until the other part of the transaction can be verified.
    For timing differences, online banking is a must to allow you to confirm that the correct amounts were deposited. This adjustment is easy for amounts that appear in the bank before they are recorded in your practice management software. However, for amounts with the deferred receipt, confirmation that these amounts were correctly received needs to wait a few days.
    The result of this timing difference is that “real-time” end-of-day reconciliation is no longer possible, and you need to review balancing a few days after the fact to be able to verify time-lagged credit card deposits. Prosperident has developed a spreadsheet that makes monitoring of deferred and advanced amounts easier. If you are comfortable using spreadsheets, please email us at requests@dentalembezzlement.com, and we will be happy to send you a copy.
12. In addition to dealing with timing differences, online banking access for the dentist is virtually a necessity for other reasons. Online access allows you to compare your practice management software against what actually appeared in your bank account. Relying on pieces of paper like a bank deposit book (which can be adulterated), and waiting for the bank to send a month-end statement to provide ultimate confirmation of deposits, are not good ideas.

It’s something that we read over and over.  A dentist in a Facebook forum states that embezzlement cannot be happening in his or her practice because they “check their daysheet every single day.”

Broadly, there are two types of embezzlement.  The first takes place when the balancing process (in other words the daily and monthly comparison between software and financial accounts) is unsupervised or incomplete. In this situation, stealing is easy because a thief can enter all payments into the practice management software and then simply “short” the deposit. This leaves patient accounts balances accurate. This is important to prevent patients from complaining about their balances, repeated occurrences of which might get an embezzler caught.

But what if the balancing process is done with integrity, which means that it is complete and supervised? Does this mean that it is impossible to steal? Not by a long shot. It takes a bit more planning than pilfering from the deposit, but it is something that most would-be embezzlers can master.

Success at this kind of theft requires an embezzler to perform what shouldn’t be possible; he or she needs to teach practice management software to lie. This lying normally involves lowering a patient’s receivable balance in a way that does not simultaneously increase the amount that the software believes should be deposited.

There are many options for doing this. They range from the abuse of functions deliberately built into the software for other (legitimate) purposes, to more creative avenues such as exploiting security weaknesses in the software.

It’s tempting to assume that practice management software, which is normally built, at considerable expense, by some pretty smart people, should be hard to outsmart, but we see it happen over and over.

For security reasons, we are not going to outline specific techniques used. If you are a dentist and interested in learning more, feel free to attend one of our doctors-only live presentations or to contact us directly at requests@dentalembezzlement.com

How to Protect Yourself

Here are some steps that practice owners can take to help ensure the integrity of the information in their practice management software:

1. Print the reports you rely on yourself. Allowing a staff member to generate reports for you creates the potential for selective reporting, where you are seeing less than the full picture
2. Protect your password. One of the best ways to defeat the security measures built into practice management software is to obtain the practice’s owner’s login information. Your password should never be shared with any staff member, and you need to be obsessive about changing your password regularly (changing it quarterly is the maximum interval that should be permitted). Frequent changes will minimize the damage done from compromise.
3. While it is important to look at day-end reports, looking at monthly ones is vital. If your review is limited to the days when the office is open, and no monthly verification is done, you open the door to extra activity performed on days when the practice is closed.
4. On a monthly basis, the following need to be reconciled by you or an outside party such as an external bookkeeper to your practice management software:
   1. The bank account
   2. The merchant account (this is the facility used when patients pay by credit card)
   3. Any third-party financing or payment management company you use (e.g., Care Credit, Lending Club, or Orthobanc).
5. You need to be aware of “timing differences” where the date when something is recorded by your practice management software is earlier or later than when money reaches your bank account. Credit card payments are an example of timing differences because of the 1-3 day “processing lag” before money reaches your bank account. You need to keep track of these amounts and ensure that they recolcile properly.

The bottom line –nothing will prevent embezzlement. But you can detect it quickly if you approach it the right way.