"When I became CEO, I assumed everyone at the ASC would do their job the right way," says Acker, a project specialist with Compliance One Group in Kalamazoo, Michigan. "Like most people, I put a lot of trust in others. As this experience taught me, I was naïve to think that everyone would act the way they should and the way I expected them to."
Acker says she was fortunate to detect the embezzlement not long after it occurred. Other ASCs, says Denise McClure, president of Averti Solutions in Boise, Idaho, are not so lucky. As examples, she cites cases from the Department of Justice’s website of a Pennsylvania ASC business manager embezzling more than $4 million over 14 years and a practice manager for an ophthalmologist with a laser center embezzling more than $500,000 over four years.
"As these and many other cases illustrate, surgery centers are at risk for theft and embezzlement," McClure says.
The manner in which many ASCs operate can increase the likelihood for embezzlement, says John Fanburg, chair of the health law practice at Brach Eichler in Roseland, New Jersey. "We have found that ASC physician owners typically delegate a lot of independence to their administrators because they are busy practicing medicine and do not want to be involved in the oversight required of a multi-million-dollar business. But without proper oversight, embezzlement can go undetected."
Further complicating matters, Acker says, is that staff members in ASCs often wear multiple hats. "Your business manager might handle bank deposits, oversee billing and place orders on a company credit card. In a lot of ASCs, the person ordering supplies is also the person receiving those supplies. Both scenarios can increase an ASC's vulnerability."
McClure says that operating on a "trust model" for internal control is risky. Even if internal controls exist, the business manager can usually override or ignore them. “In a small organization, the best and sometimes only internal control is oversight, but physicians often do not have time to review bank records and drill down into the details to catch possible embezzlement."
While bigger surgery centers might have more individuals in management and oversight positions, McClure says, this does not necessarily serve as an embezzlement deterrent. "Fairly large surgery centers may only have a few people involved in accounting processes. This makes it difficult to segregate duties."
Another factor that Fanburg says increases embezzlement risk: cash payments. "ASCs often accept co-pays and even deductibles in cash. Cash is difficult to track and easy to conceal."
Strengthening Your Defenses
Segregating duties is the preferred method of internal control, McClure says. "Not only is it proactive, but it can be enforced with software access security. If an ASC's accounting department is too small to effectively segregate duties, use oversight retroactively for early detection of errors and irregularities."
Another worthwhile step for reducing vulnerabilities is calling on the expertise of an accountant, Acker says. "Have this individual set up your accounting system and help your ASC implement generally acceptable accounting principles.” This would include requiring receipts for all purchases, balancing petty cash, matching purchase orders to packing slips and performing stronger inventory management. “With solid accounting practices, you are more likely to spot a problem."
Conduct routine receipt, bank statement and merchant card reconciliations, McClure says. "Reconciliations should be performed by someone who does not and cannot process transactions like payroll and paying vendors. If this is not possible, an external accountant should review the reconciliations and trace or otherwise validate some of the reconciling items."