Imagine Blog

Ed Laughman

Ed Laughman

Ed is our resident guru in IT currently serving as our Internal IT Infrastructure Manager. He is tasked with helping keep our ship running smoothly. Website URL:

Are You Safe? 5 Steps To Prevent Medical Practice Fraud

If you think that your organization is immune to threats like fraud and embezzlement, you need to catch up with the 21st century. 

Your practice isn’t as safe as you think, and there are numbers to prove it. According to the Medical Group Management Association, three out of four physicians will suffer some financial loss from employee dishonesty over the lifetime of their practice. Not enough evidence for you? The Association of Certified Fraud Examiners (ACFE) stated that the typical business loses 5% of its revenues each year to fraud, waste and abuse. Medical practices are certainly not exempt from this kind of loss. In fact, many physicians may be susceptible to even higher rates of loss.

What allows for this susceptibility? The unfortunate truth is that physicians’ first priority is patient care, as it should be. Often times, such a focus on practicing medicine and providing quality patient care leads to inefficiency and oversight in front-office business operations. Especially for smaller, niche practices – when you entrust day-to-day business and financial operations to one or only a few individuals, it leaves your practice incredibly vulnerable. Bottom line – there should be just as much focus on financials as there is dedicated to patients. Although no practice is 100% safe, there are a few simple protocols that can be made to ensure heightened awareness and prevent financial loss.


1. Segregate duties within the finance function – Make sure that the individual responsible for collecting payments is separate from the individual that deposits them. This is obviously easier said than done for smaller practices. In this case, it’s essential that the head of the practice be involved in daily operations as often as possible. 

2. Keep all patient financial information digitally stored and encrypted - Never keep patient information (like credit card numbers) written down. IT security and cash controls are crucial. 

3. Tie all deposits to your practice software management’s daily report – When there's a central database for all deposit information, it provides for easier tracking and simpler day and month-end reconciliations. Include encounters, charges, collections, write-offs, etc.

4. Implement regular or surprise audits and reviews - This not only monitors employee conduct and behavior, it also helps to ensure that receipts are only being generated from the billing system. 

5. Make timely bank reconciliations –It’s crucial for practices to internally track cash reconciliation and AR on a weekly (or even daily) basis to keep track of what comes in from patients and third-party payers and what they haven’t paid. Cash balances from the bank must match what's on the organization's financial records in order for physicians to get the most out of their practice. Reconciliation will not only improve accuracy in financial reporting, but has the potential to uncover fraud as well. It's imperative that each day's bank deposit slip and credit card activity be entered into your accounting software (i.e. QuickBooks or Quicken), using the same date as the deposit slip. Following this process ensures that all collections for both systems agree.

With so many practices lacking sufficient internal controls over cash, a heightened concern for healthcare fraud continues to grow. Prevention is the best offense. Finding the balance between patient and financial care with the proper protocols set in place will not only enable your billing process to run smoothly, but prevent costly fraud as well. 


Healthcare Data Security Standards for your Medical Practice

My Password is Password! The Importance of Data Security in Healthcare

In today’s age of “Cybersecurity”, “Cyber-Attacks”, and “Cyber INSERT ANY WORD HERE”, many companies find themselves struggling to keep up with the cutting edge techniques used to safegaurd breaches.  Malware, spyware, adware, rootkits, and the list goes on and on.  Your IT staff has been tasked with the impossible task of staying ahead of the “bad guys” by preventing attacks from every angle.  Countless hours researching techniques and discovering new ways that the hackers might get in.  However, the most dangerous person to your company’s valuable information might just be sitting in front of your computer screen right now! Simply put, the importance of healthcare data security standards is to ensure the safety and security of patient information including electronic health records.

Privacy and Security Standards in Healthcare

It is estimated that 75-80% of the 40+ million cyber-attacks in 2014 involved weak passwords, with the average “cyber” incident costing $720,000, most companies just can’t afford a loss of that magnitude.  In the medical industry the costs can grow exponentially with patient privacy at risk.  As we saw with the Target in 2013, just one data breach can throw a $145 million wrench in the cogs.  By ensuring that employees have a strong password, a company can all but eliminate the 75-80% of cyber-attacks that prey on weak passwords and I’ll prove it!

In 2014, the top two passwords were 123456 and password, which would be determined within the first second of a brute force attack.  Below, I’ll give you some sample passwords, and the maximum amount of time that it would take to figure it out with today’s technology.

dog – .000004394 seconds
sparky – Instantly (Top 100 most used passwords)
barks -  Instantly (Top 10,000 most used passwords)

There are three passwords above that are highly logical for a person that has a dog named Sparky who barks.  If you were to put them together while adding a number and special character, the time required to crack the password changes drastically:

Myd0gSp@rkyBarKs – 12 trillion years

Healthcare Data Security Standards

At ImagineSoftware, we have a password policy that requires 14 characters with an uppercase, lowercase, special character, and number to be changed every 30 days. 

With just a little bit of consideration about your password, YOU can be your company’s most valuable asset in the fight against cyber-attacks.  With the medical industry constantly having to be diligent with HIPPA standards, this is a no-brainer.  So next time you change your password, make sure to remember that you could be the deciding factor on whether your data is breached or remains safe, as well as that of your patients.  

As a tip:  Choose a password that is reasonably long and is not made up of simple words.   Do not use things that are obvious such as your name, children or pets names and stay away from easily found dates like birthdays and anniversaries.  Make sure to mix it up and use symbols, punctuation and numbers to help.  Above all else, don't write it down where it can be found, and don't give it out.  YOU are the first and biggest line of defense!
Subscribe to this RSS feed

If you enjoyed this post, you'll love our email updates!

Receive content on industry topics, upcoming webinars, current healthcare trends, and more!