One of the most significant concerns any healthcare practice faces is the possibility of fraud.
Practitioners can become so focused on patient care that it is easy to neglect the proper management of financial and other risks. Furthermore, since practitioners and personnel work so closely together and function within a high-trust environment, no practitioner wants to even think about their personnel not honouring the trust relationship expected of an employee.
Unfortunately, an employee under financial pressure and the opportunity created by a healthcare practice with poor controls can lead to fraud and rationalising why the fraudulent acts are justified. Rather than suffering the consequences, the practice should eliminate those opportunities as far as possible and help keep honest personnel honest.
So what are the measures that owners can take to limit the possibility of fraud?
1. User access pertinent to roles in the practice
A careful role division in the practice enables it to divide work optimally between personnel and implement a separation of duties and corresponding user access. Typical roles in the practice would be the practitioner, practice manager, receptionist, billing expert, cashier, stock controller and bookkeeper.
Users can fulfil the responsibilities of one or more roles, depending on the practice size, and they should have limited access to functions and information in the software system. The practice can predefine these roles in the software, and new users can receive access pertinent to their roles. Typically, the owner will have full access, but other users will have limited access to functions like journals that are open to abuse.
2. Access control to software
Once users have access to software, it is necessary to safeguard that access. Access control is established when only a particular user can utilise their username and password. Users should never reveal their passwords to anybody, nor should more than one person share a workstation and use the same username and password. In addition, most software keeps an audit trail of all changes made in the software, so if a user account is used for unauthorised changes, the user will be held liable for those changes.
Passwords should be changed regularly to prevent them from becoming compromised. A Web Authentication (WebAuthn) key fob (Two Factor Authentication) is a great solution to remove the risk of forgotten or written-down passwords becoming available to unauthorised users. A key fob is a small security hardware device with built-in authentication to control and secure access to mobile devices, computer systems, network services and data. The WebAuthn standard has fobs that act like keys (simply having a fob unlocks the website) and others that even support fingerprint unlock, with pricing to match your taste. As a bonus, these keys can be used for Google, Facebook and many other websites.
3. Financial controls
There are numerous ways of dealing with cash and other payments in the practice to mitigate the risk of fraud. The first important aspect to consider is using practice management software fully integrated with an auditable double-entry financial accounting system. A double-entry system eliminates the risks of managing multiple systems and provides sufficient audit trails and reporting.
The following processes can be implemented to reduce financial loss:
1. A cash register system that is reconciled at the end of every workday
2. Payment links sent to patients reduce the risk associated with cash
3. Regular stock take
4. Regular reporting and the performance of other internal controls
5. Limiting and checking all journal entries and reasons provided for them.
From the above discussion, which is not comprehensive, there are numerous steps the practice can take to mitigate the risk of fraud. Prevention is better than cure, and limiting opportunity goes a long way in creating a safe environment for both owners and employees to work together for the benefit of all.