Some Common Medical Practice Accounting Embezzlement Schemes

Join Our Mailing List

Understanding How to Avoid Office Embezzlement – Old School

[By Dr. Gary L. Bode CPA, MSA]

Without proper internal accounting controls, a medical practice, clinic or any health entity would never reach peak efficiency or profitability. Internal controls designed and implemented by the practice physician-owner, help prevent bad things from happening.

Embezzlement protection is the classic example. However, internal controls also help ensure good things happen, at least most of the time. A procedural manual or text like: that teaches physicians how to deal effectively with, and avoid, common schemes is suggested.

Common Schemes

Here is a list of some embezzlement schemes to avoid; however it is imaginative and endless.

  • The physician-owner pocketing cash “off the books”. To the IRS, this is like embezzlement to intentionally defraud it out of tax money.
  • Employee’s pocketing cash from cash transactions.  This is why you see cashiers following protocol that seems to take forever when you’re in the grocery check out line. This is also why you see signs offering a reward if he/she is not offered a receipt. This is partly why security cameras are installed.
  • Bookkeepers writing checks to themselves.  This is easiest to do in flexible software programs like QuickBooks, Peachtree Accounting and financial software []. It is one of the hardest schemes to detect. The bookkeeper self-writes and cashes the check to their own name; and then the name on the check is changed in the software program to a vendor’s name.  So a real check exists which looks legitimate on checking statements unless a picture of it is available.
  • Employees ordering personal items on practice credit cards.
  • Bookkeepers receiving patient checks and illegally depositing them in an unauthorized, pseudo practice checking account, set up by themselves, in a bank different from yours. They then withdraw funds at will. If this scheme uses only a few patients, who are billed outside of the practice’s accounting software, this is hard to detect.  Executive-management must have a good knowledge of existing patients to catch the ones “missing” from practice records. Monitoring the bookkeeper’s lifestyle might raise suspicion, but this scheme is generally low profile, but protracted. Checking the accounting software “audit trail”, this shows the required original invoice deletions or credit memos in a less sophisticated version of this scheme.
  • Bookkeepers writing payroll checks to non-existent employees. This scheme works well in larger practices and medical clinics with high seasonal turnover of employees, and practices with multiple locations the physician-owner doesn’t visit often.
  • Bookkeepers writing inflated checks to existing employees, vendors or subcontractors. Physician-owners should beware if romantic relationships between the bookkeeper and other practice related parties.
  • Bookkeepers writing checks to false vendors. This is another low profile, protracted scheme that exploits the physician-owner’s indifference to accounts payable.


Operating efficiency, safeguarding assets, quality patient care, compliance with existing laws, and accuracy of financial transactions are common goals of internal controls.


Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too.

Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact:


   Product Details 

7 Responses

  1. Thinking About Selling or Transitioning Your Medical Practice?
    [We Can Help with a FMV Practice Appraisal]

    The practice valuation and transition team can help you appraise your medical practice, develop a new associate or partner transition plan, and even help transition your patients.

    A Profitable Transition

    You can also choose how to “wind-down” or transition out of practice gracefully and economically, as you work with only select patients, on-board a new associate/partner or sell your practice outright.

    Your Practice Business Equity

    Either way, we can help you unlock the hard-earned equity in your medical practice and ensure that your patients, and life’s work – are taken of. Purchasing and reviewing our books and white-papers is a great way to start. Otherwise – call us today?

    Let’s Talk

    Health Dictionary Series:
    Practice Management:
    Physician Financial Planning:
    Medical Risk Management:
    Healthcare Organizations:
    Physician Advisors:


  2. Continuing a Linear Theme

    This post is excellent and Dr. Bode is to be thanked for it.

    For doctors who encounter medical office embezzlement; be sure to also look at the perpetrator for alcoholism, drug abuse and especially controlled substance diversion and theft.

    Dr. David Edward Marcinko MBA CMP™


  3. More on embezzlement schemes

    One medical practice embezzlement scheme not often mentioned is non-cash stealing, or the misusing of the practice’s non-cash assets such as supplies, equipment. There is perhaps a good “Ebay Market” for many of the expensive items laying around in a medical practice that would not be missed if gone. Examples include boxes of medical supplies such as bandages, sterile gloves, disposable exam tools, office supplies (those laser ink cartridges are expensive!), etc.

    Another medical practice embezzlement scheme is the stealing from the practice’s patients by fraudulently using the patient’s financial data that the practice has access to. This exposes the practice ultimately to lawsuits and financial remuneration of the patients when the source of the financial information theft is discovered.

    The best way to avoid non-cash stealing of items would be to limit access to supply rooms to certain employees and have an active inventory check control. Of course it is impossible to have a 100% loss prevention. Hiring honest employees with credit checks and background checks (including drug testing) doesn’t hurt. This would limit those employees that would be prone to steal patient financial information as well.

    In my [financial advisory] practice, we have some exposure if we were to have a dishonest employee. We have every piece of financial information on most all of our clients including logins to 401k accounts, bank accounts and other brokerage accounts. If an employee wished to be deceitful it would be hard to prevent initially.

    The section on internal medical office controls in The Business of Medical Practice caused me to think about better controls I should implement.

    David K. Luke, MIM
    [Financial Advisor-Fee Only]


  4. Noteworthy

    The chapter on medical office internal controls mentioned above, and in this post and f/u comment, was written by Dr. Gary L. Bode who is a former medical practitioner, and CPA with a Master’s Degree in Financial Accounting. He is also a CMP™ candidate.

    Hope R. Hetico RN MHA


  5. 5 quick tips for averting embezzlement

    Just extending this discussion.

    Ann Miller RN MHA


  6. More on Internal Medical Practice Controls

    At times you may need a trained outside professional to evaluate your practice’s operations to determine if the appropriate controls are in place to ensure proper handling of resources and to protect yourself from employee theft.

    So, what needs to be done:

    • Implement segregation of duties so that duties are divided, or segregated, among different people to reduce risk of error or inappropriate actions. No one person has control over all aspects of any financial transaction.

    • Make sure transactions are authorized by a person delegated approval authority when the transactions are consistent with policy and funds are available.

    • Ensure records are routinely reviewed and reconciled, by someone other than the preparer or transactor, to determine that transactions have been properly processed.

    • Make certain that equipment, inventories, cash and other property are secured physically, counted periodically, and compared with item descriptions shown on control records.

    • Provide employees with appropriate training and guidance to ensure they have the knowledge necessary to carry out their job duties, are provided with an appropriate level of direction and supervision, and are aware of the proper channels for reporting suspected improprieties.

    • Document policies and procedures and making them accessible to employees. The documented policies and procedures provide day-to-day guidance to your staff and continuation of duties in the event of prolonged employee absences or turnover.

    • Review operations to ascertain whether results are consistent with established objectives and goals and whether the operations are being carried out as planned.

    Dr. Gary L. Bode MSA CPA PC


  7. How much do you trust your staff, Doc?
    [Identity theft rings allegedly offer $3 and up for stolen health records… De-identification, anyone?]

    “DA VANCE: HOSPITAL EMPLOYEE INDICTED FOR STEALING PERSONAL INFORMATION OF MORE THAN 12,000 PATIENTS AND PROVIDING INFO TO ID THEFT RING” – ID Theft Ring Allegedly Used Stolen Patient Information to Open Accounts and Purchase Luxury Goods at Major Retailers and Department Stores.” From the New York County District Attorney’s Office, Cyrus Vance, DA.

    “Manhattan District Attorney Cyrus R. Vance, Jr., today announced the indictment of eight individuals, including a Montefiore Medical Center employee, for stealing and using patients’ personal identifying information to make thousands of dollars in purchases at department stores and retailers in Manhattan. The defendants are charged in New York State Supreme Court with varying counts of Grand Larceny in the Second and Third Degrees, Identity Theft in the First Degree, and Criminal Possession of a Forged Instrument in the Second Degree, among other charges.”

    District Attorney Vance: “In case after case, we’ve seen how theft by a single company insider, who is often working with identity thieves on the outside, can rapidly victimize a business and thousands of its customers. Motivated by greed, profit, and a complete disregard for their victims, identity thieves often feed stolen information to larger criminal operations, which then go on to defraud additional businesses and victims. In this case, a hospital employee privy to confidential patient records allegedly sold financial information for as little $3 per record.”


    An identity theft ring reportedly paid $3 each for stolen health records to be reportedly sold on the black market for $50 each. As suggested in the District Attorney report, the profit margin causes thieves to tempt otherwise honest employees with tens of thousands of dollars. Since dental patients’ EHRs can be quietly downloaded thousands at a time within minutes, how much do you really trust your staff, Doc?

    With electronic dental records becoming increasingly less secure, how long before the rising number of identity thefts cause dental patients to seek care from dentists who never store identities on computers?

    Security is only getting worse. Count on it.

    Dishonesty among staff members is only one of the growing threats to computerized practice management in dentistry. It has recently been reported that Dentrix electronic dental records – the most popular dental EHR system and used by over 35,000 dentists – are vulnerable to hackers parked in dental office parking lots. (See: “Hard-coded credentials placing dental offices at risk,” posted on CSO, May 19, 2015).

    Dental is unlike other medical information. Patients’ dental histories used at chairside are of no value to thieves. In my opinion, this creates an opportunity for someone in the HIT industry to develop software which enables dentists to de-identify primary dental records by replacing identifiers with tokens.

    What’s more, even though raw, de-identified dental data is less than worthless to thieves, the records would nevertheless be wonderful for safe, inexpensive dental research, which benefits everyone.

    D. Kellus Pruitt DDS


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: