It’s something that we read over and over. A dentist in a Facebook forum states that embezzlement cannot be happening in his or her practice because they “check their daysheet every single day.”
Broadly, there are two types of embezzlement. The first takes place when the balancing process (in other words the daily and monthly comparison between software and financial accounts) is unsupervised or incomplete. In this situation, stealing is easy because a thief can enter all payments into the practice management software and then simply “short” the deposit. This leaves patient accounts balances accurate. This is important to prevent patients from complaining about their balances, repeated occurrences of which might get an embezzler caught.
But what if the balancing process is done with integrity, which means that it is complete and supervised? Does this mean that it is impossible to steal? Not by a long shot. It takes a bit more planning than pilfering from the deposit, but it is something that most would-be embezzlers can master.
Success at this kind of theft requires an embezzler to perform what shouldn’t be possible; he or she needs to teach practice management software to lie. This lying normally involves lowering a patient’s receivable balance in a way that does not simultaneously increase the amount that the software believes should be deposited.
There are many options for doing this. They range from the abuse of functions deliberately built into the software for other (legitimate) purposes, to more creative avenues such as exploiting security weaknesses in the software.
It’s tempting to assume that practice management software, which is normally built, at considerable expense, by some pretty smart people, should be hard to outsmart, but we see it happen over and over.
For security reasons, we are not going to outline specific techniques used. If you are a dentist and interested in learning more, feel free to attend one of our doctors-only live presentations or to contact us directly at firstname.lastname@example.org
How to Protect Yourself
Here are some steps that practice owners can take to help ensure the integrity of the information in their practice management software:
- Print the reports you rely on yourself. Allowing a staff member to generate reports for you creates the potential for selective reporting, where you are seeing less than the full picture
- Protect your password. One of the best ways to defeat the security measures built into practice management software is to obtain the practice’s owner’s login information. Your password should never be shared with any staff member, and you need to be obsessive about changing your password regularly (changing it quarterly is the maximum interval that should be permitted). Frequent changes will minimize the damage done from compromise.
- While it is important to look at day-end reports, looking at monthly ones is vital. If your review is limited to the days when the office is open, and no monthly verification is done, you open the door to extra activity performed on days when the practice is closed.
- On a monthly basis, the following need to be reconciled by you or an outside party such as an external bookkeeper to your practice management software:
- The bank account
- The merchant account (this is the facility used when patients pay by credit card)
- Any third-party financing or payment management company you use (e.g., Care Credit, Lending Club, or Orthobanc).
- You need to be aware of “timing differences” where the date when something is recorded by your practice management software is earlier or later than when money reaches your bank account. Credit card payments are an example of timing differences because of the 1-3 day “processing lag” before money reaches your bank account. You need to keep track of these amounts and ensure that they recolcile properly.
The bottom line –nothing will prevent embezzlement. But you can detect it quickly if you approach it the right way.