Dear Dangerously in Love with Finance,
I have been running a physical therapy practice for seven years. We crossed a million in revenue two years ago and I cried when it happened because I genuinely did not think we would get there.
About three years ago I handed all of my billing and financial operations to one person on my team. She handles payroll, posts all patient payments, and manages everything inside our practice management software. She also pulls the monthly reports I review. I do have an outside bookkeeper, but she only reconciles my bank and credit card accounts. She does not touch billing and has no visibility into what is being posted on the patient payment side. I am starting to wonder if an outside bookkeeper reconciling bank accounts is actually enough to prevent fraud in a practice like mine, or if I have been assuming I have more oversight than I actually do. Someone told me recently that without proper segregation of duties, one person can essentially gaslight your entire practice management system and you would never know it from the reports.
I look at what my internal person puts in front of me every month and it looks fine.
Last week my colleague found out her office manager had been committing employee embezzlement inside her health and wellness practice for four years. Nobody caught it until an outside accountant came in for something completely unrelated. My colleague said her numbers always looked fine too. Now I find myself looking up the signs of embezzlement in a practice, wondering whether it has been happening inside my own practice in a way I am not equipped to recognize.
Is that a real problem or am I overthinking this?
— Nervous in the Numbers, Atlanta GA
Dear Nervous in the Numbers,
You are not letting someone else’s situation get inside your head. You are finally seeing your own setup clearly, and those are two very different things.
What you have right now is a partial internal control structure with a critical vulnerability in it, and that vulnerability is exactly where healthcare practice fraud lives. Before we get into the fix, you need to understand what is actually happening inside your practice management system, because this is bigger than a bookkeeping issue.
Your internal person controls billing, patient payment posting, and the monthly reports you review. Your outside bookkeeper reconciles the bank account but has no visibility into what was posted before she ever sees a number. Everything your bookkeeper is reconciling has already been shaped by one person upstream.
What your practice management system delivers to you every month is the version of your finances that one person decided to build for you, and your outside bookkeeper is putting her stamp of approval on numbers she cannot independently verify.
That is how someone gaslights a practice management system, and it is one of the most underreported forms of employee embezzlement in healthcare practices today. The data inside your software has been curated, adjusted, and cleaned up before it ever reaches you or anyone else with outside eyes. A lot of physical therapy practice owners ask me how to protect a practice from fraud, assuming a bookkeeper alone is enough. In this setup, the answer is no, because your bookkeeper is working at the end of a process that one person controls entirely from the front.
Here is what becomes possible when billing and payment posting live inside one person’s unchecked access. She can post a patient payment and then void it after it clears. The cash gets redirected while your bank reconciliation still balances because the void and the deposit cancel each other out on the books. She can create fictitious adjustments or refunds and your bookkeeper has no way to question them because she only sees the reconciled bank side, not the billing activity that generated those numbers. She can keep your aging reports looking healthy while the actual cash collected does not match what should have come in. Every report you review is only as accurate as what she chose to enter, adjust, and withhold before it reached you.
Your colleague’s office manager ran that exact playbook for four years, and what made it possible was the same thing you are describing right now: one person controlling the entire financial picture with no independent verification required at any point in the process.
This is a segregation of duties problem, and as a fractional CFO and Certified Fraud Examiner working specifically with health and wellness practices, this is one of the most common vulnerabilities I find. If you want to know how to protect a medical practice from embezzlement, fixing it starts with giving your bookkeeper direct visibility into payment posting activity, not just the bank accounts downstream from it. Someone independent needs to be pulling and reviewing payment posting reports before the monthly close. Surprise spot checks comparing posted patient payments against actual deposits need to become a regular part of your oversight process. Your practice management system already has user permission settings that limit who can void transactions and issue adjustments. Review them today and tighten them immediately.
When one person controls billing, payment posting, and financial reporting inside a practice doing over a million dollars annually, the daily transaction volume creates enough noise that smaller fraudulent amounts can run consistently without triggering an obvious alarm. High revenue and high volume give fraud somewhere to hide, and practices at your level need to account for that reality directly.
Your practice crossed a million dollars because you made good decisions. Making sure the next million stays where it belongs requires one more.
Lots of Love, Coffee and Chocolate,
Dangerously in Love with Finance and the HBoF Family
| CFE + Fractional CFO | Healthy Bodies of Finance Helping health and wellness practices generating over one million dollars annually build the financial infrastructure that keeps what they earned.
f you are a healthcare practice owner, practice manager, or healthcare consultant and this setup sounds familiar, book a CFO Consultation today to start building and securing your practice’s growth.
How to Fit in Time for Self-Care as a Wellness Professional
Dear Dangerously in Love with Your Finances, My husband and I recently purchased a medical building …
Master Fitness Budgeting: Beat Seasonal Trends
Dear Dangerously in Love with Finance, After three years of running my fitness studio, every J…
This article is designed to provide information only and should not be considered legal or tax advice. Because of the complexity of the law and the variables in your own personal tax and accounting situation, you can’t rely on our advice specifically related to your unique circumstances. In order to get the best tax savings and legal advice available to you, you should consult with your own accountant, attorney or advisor regarding your particular facts and circumstances. Healthy Bodies of Finance is an accounting firm that specializes in working with health and wellness providers. We provide monthly accounting & bookkeeping services and financial education. For more information on our specialized services for health and wellness providers please contact us at info@healthybodiesoffinance.com