Dear Friend,

Employee theft within a medical group? Yes. And it could be into the millions. 

That was the subject of Monday's blog post, What’s Not in Your Wallet? Preventing Fraud Perpetrated Against Your Medical Practice. You can follow the link to read the post online, or just keep reading.

I’d guess that billions of words have been written about healthcare fraud committed by physicians, other healthcare providers, and even payors.

Far fewer have been written about fraud committed against healthcare providers. But it’s far more common than you likely know, that is, until one million or more dollars are missing from your practice’s bank account.

Paging Dr. Lucchesi

The allegations against Michael Lucchesi, M.D., a well-known New York City physician, serve to illustrate the point.

Dr. Lucchesi previously served as chairman of Emergency Medicine at SUNY Downstate Medical Center, as the acting head of the hospital and of its related medical school, SUNY Downstate College of Medicine, and as the hospital’s Chief Medical Officer.

Despite the sterling CV, Dr. Lucchesi was arraigned in July on a nine-count indictment in which he is charged under New York law with first- and second-degree grand larceny, first-degree falsifying business records, and third-degree criminal tax fraud.

According to the District Attorney prosecuting Dr. Lucchesi, he made personal purchases using a business credit card meant to be used solely for business purposes by members of SUNY Downstate’s clinical practice, University Physicians of Brooklyn.

The D.A. alleges that the illegal spending totaled approximately $1.448 million and included cash advances of approximately $115,000; pet care totaling $176,000 (including $120,000 paid to The Greenleaf Pet Resort & Hotel in New Jersey); $348,000 spent on personal travel; $109,000 in payments to the New York Sports Club for membership and personal training; $52,000 in catering expenses; $46,000 in tuition payments for his children; and assorted payments for online shopping, flowers, liquor, electronics and other items.

Whether or not Dr. Lucchesi committed a crime is yet to be determined and allegations are simply that  -- he’s presumed to be innocent until proven guilty in a court of law.

The Lessons of Lucchesi

Although the alleged theft of funds was discovered pursuant to an audit, the subject credit card charges were incurred over the course of more than seven years, from December 1, 2016, to January 31, 2023.

Perhaps the sloth in discovery is not too late for prosecution, but it’s about six years too late in terms of good business practice.

You, on the other hand, need to be far more diligent.

In terms of medical practices, that means having procedures for, and regular auditing of, both internal and outsourced business processes.

Internal fraud prevention procedures consist of policies such as the following:

1. A formal recognition that fraud can take place at all levels within an organization, from physician and executive leadership to that of rank-and-file employees. Preventive action, such as the adoption of the correct policies and procedures, as well as audit processes, can’t operate on the assumption that someone making $350,000 a year might not help herself to another $15,000 or $50,000 or $1.5 million.

2. Financial losses aren’t limited to those working in the practice’s financial operations. For example, the theft of supplies, the creation of phony invoices, the diversion of payments, aren’t limited to those engaged in a practice’s accounting function.

3. Billing functions and receipt of payment functions should be separated such that the same personnel are not involved. So, too, must those processing invoices submitted by vendors be removed from those paying outside vendors.

4. Expense reimbursement should require the submission of receipts. Someone other than the person claiming reimbursement should be checking the receipts, and verifying the business purpose for the charges.

5. The use of company credit cards should be monitored carefully, and, in some cases, cards should be controlled via instructions to the credit card company to permit charges within only certain categories. Credit card fraud is one of the most prevalent forms of inter-company theft.

For medical groups using outsourced business service providers, such as MSOs and billing and collection/RCM vendors, make certain to address their internal fraud prevention practices and internal audits.

And, as to both internal and outsourced business operations, conduct periodic audits and investigations through legal counsel and counsel-engaged auditors. It’s a no-brainer that you can be more effective at finding and correcting potential fraud than SUNY Upstate.

As opposed to the healthcare-specific types of fraud perpetrated by healthcare providers against payors, including against government programs, think False Claims Act type fraud, fake billings, and like, internal and external service provider fraud against healthcare providers is generally of the same sort affecting industry in general.

According to data provided by the trade organization for business fraud examiners, the longer a fraudster has been employed by a business, the more trusted he or she is, the greater the amount of the median loss. For example, the median loss for a fraudster employed for from 1 to 5 years is $100,000, while a fraudster employed for 10 or more years is likely to lead to a median loss of $250,000.

When you’re ready, let’s talk about both internal and external fraud protection and the coordination of investigations and audits to protect your medical practice, and to protect your own, personal financial best interest.

After all, what’s not in your wallet? Do you have any idea?