by Bryant Truitt, MBA, CCS, CFE and Ron Siemering, IT Director, Brytan & Associates
This third installment of our six-part series on Spotting a Weasel – the Personality of a Dental Embezzler outlines the RED FLAGS that arise from the computers and software systems in a dental practice. By recognizing the direct line into the financial systems of the practice that these software programs provide, dental practice owners can better protect themselves from dental weasels who make it their business to become experts in these systems.
Knows computers & software
In the dental practice, accounting software combined with practice management software controls all of the financial systems in the office. The dental weasel knows this and makes it his/her business to know the dental systems inside and out. This expertise allows the weasel to hide his/her schemes behind overcomplicated explanations and so-called ‘system glitches’ that explain away any anomalies.
Knowing that their dentist(s) are not proficient in these software programs, the weasel sets himself/herself up as the go-to person to explain day-to-day transactions and incongruities found in the programs and/or work product. He/she is the office expert for all of the team members’ questions and issues allowing him/her to maintain oversight and control how his/her scams are being handled in the software. And, although QuickBooks, the predominant accounting software used by dental practices, has an audit trail, many dentists/owners don’t know how to find and protect it. This is why people should learn the ins and outs of their business accounting software to be safe.
Furthermore, the dental weasel makes a point of getting to know software and supplies vendors calling on the practice so he/she can learn new features and more intricate ins and outs of the programs. If his/her scheme begins to unravel, he/she quickly networks with vendors to find other practices using the same programs so he/she can move on to a new target.
A note on protecting yourself:
No one in the practice should have administrator rights over the computer systems or server except the owner doctor(s). Giving the office manager or another team member administrator rights is giving them the ability to control passwords for all team members and delete and/or alter the audit trail to cover her tracks – this is tantamount to a fox in the hen house with no doors – big time!
Wants remote access – Big Time!
As part of the scheme of overall control over financial systems, the weasel is determined to get 24/7 remote access to the computer server to run her scams. There is NO good business reason why any salary or hourly team member should have remote access – no debate. The only person who should have remote access and administrator rights is the owning doctor. Your IT person should also have remote access but with different passwords than the doctor so an audit trail can be maintained.
A note on handling remote employees:
The population of work-from-home employees is growing in the US. We are aware of insurance billing companies who employ retired workers to process insurance claims or handle collections from their residences. There is a safe way to structure their access to practice systems that restrict security levels to only the information necessary to do the job.
Beware of the team member who wants to work from home on a maternity, vacation, sick leave, claims they can’t get everything done, etc. We have real dental weasels in our files who gained remote access for this purpose only to steal from the practice.
Dislikes change – wants 100% control
The biggest threat to the dental weasel is a change in the dental software via upgrade and/or vendor. Learning a new system puts him/her on an even playing field with the rest of the dental team and takes away his/her perceived authority breaking his/her cycle of control. The dental weasel will fight all efforts to change practice management software or accounting practices. This is a definite RED FLAG that a scheme may be present in the practice.
Effective 1/1/2016 Federal HIPAA law requires that ALL healthcare entities must have two structured levels of security in place and change passwords on a regular basis. Many of our clients have a process to ensure that these changes are made twice annually. The dental weasel will combat this process by attempting to maintain the log of passwords and be the person to control the dissemination of new passwords and security levels. No one, not even the doctor(s)/owner(s) should have a list of passwords for team members. This is one of the schemes in the example below.
A real Weasel from our files:
In a Texas dental practice, the office manager was running scams using the accounting systems and dental practice management software. As the office expert on the systems, all problems, and issues were brought to her attention. Her response would be either ‘it’s a glitch in the software’ or a ‘fat finger error’. She immediately took control of fixing the ‘system problem’. But, rest assured, it wasn’t a glitch. Instead these issues were giving her guidance on adjustments that she needed to make to hide her crime.
She was finally discovered when several front desk team members met with the owning doctor to present how cash was being consistently misappropriated and adjustments applied to cover-up the scheme. We found 13 schemes used over four years to embezzle over $402,000.
If you’re concerned you may have a weasel in your practice, we encourage you to call us for a free, no obligation 30 minute consultation at 210.241.6329.
Educating dentists on identifying embezzlers or fraudsters hiding out in their practices is our expertise. Contact us to speak at your next dental meeting or study club by sending an email to firstname.lastname@example.org or calling us at 210.241.6329.