As healthcare providers begin to ratchet up spending on big-ticket items such as health information technology systems, several recent cases suggest it's never too soon to double-check the integrity of internal controls for preventing insider fraud and embezzlement.
Keeping an eye out for trouble
Internal controls are key, fraud investigators say
And though it may feel tempting to want to trust a company’s high-level executives, investigators in white-collar fraud say the controls that apply to the most powerful officials in the company are among the most critical, from the perspective of potential financial damages.
“The higher the loss, usually the farther up the corporate chain the perpetrator is,” said Dennis Sackreiter, a former FBI white-collar fraud investigator and a principal with Minneapolis investigation firm WayPoint. “CFOs steal millions. The clerk steals hundreds or thousands of dollars.”
William Roe, the former chief financial officer of Danbury (Conn.) Hospital, was sentenced to 33 months in prison July 11 for embezzling at least $170,000 from two hospitals by forming a phony shell corporation called Cycle Software Solutions and then having invoices paid by the hospital for health information technology services.
In Philadelphia, former general counsel Roosevelt Hairston Jr. pleaded guilty July 14 to embezzling $1.7 million from 459-bed Children’s Hospital of Philadelphia by creating fake companies and sham invoices for fictitious services, including expert witnesses in court cases.
In Winston-Salem, N.C., Carol Crawley Maultsby, the former vice president of risk management at Novant Health, was charged by city police July 22 with embezzling as much as $620,000 from the 12-hospital system by exploiting her authority to authorize payments from the system’s liability self-insurance fund.
Despite the string of healthcare-embezzlement stories in a two-week period, experts say it’s difficult to gauge how common such activity is.
“The fact is, in many cases when you have a hospital or other institution engaged in activity like that, they have a tendency to work out a side deal and sweep it under the table,” said Richard Kusserow, the former inspector general for HHS who now is CEO of compliance-consulting firm Strategic Management, Alexandria, Va. “I would say only a minority of cases like this make it to law enforcement in the public domain.”
Kris Jones-Bartley, the founder and president of medical group practice consultancy Healthcare Management Systems in Napa, Calif., said she has yet to have any client press charges after discovering an embezzler in the act. Yet a large majority of her clients have had such problems with internal fraud.
A spokesman for Novant Health said keeping the allegations under wraps was never an option after an internal auditor discovered “a detail that didn’t look quite right” and uncovered Maultsby’s purported scheme.
“I actually think being transparent about it, as much as we can, is important for our organization,” said Jim Tobalski, a senior vice president in marketing for Novant. “We’re not reckless with our transparency, but it’s important to point out, when something like this happens it will make us an even better organization.”
He said the system instituted changes in its internal controls in the wake of Maultsby’s arrest, though he declined to describe them because the disclosure might decrease their effectiveness.
Experts said many of the key precautions are straightforward, such as separating the ability to cut checks from the authority to sign contracts or approve payments.
Officials should also keep in mind that the first signs of trouble can show up in earnings, which means cash-flow and profit statements can be monitored for suspicious dips in profitability.
Auditors, internally and from outside, should be used to scrutinize individual invoices and lists of contractors. Richard Ostrom, another former FBI investigator who is a principal at WayPoint, said the addresses of the vendors can be telling. For example, a suspicious vendor may have regular payments going to a P.O. box or a business address that matches up with an employee’s address.
Though not definitive, experts said warning signs for fraudulent activity may appear through changes in behavior or personal circumstances, such as the use of illegal drugs or alcohol, or having a messy divorce or financial pressures.
“Clearly, somebody who arrives to work in a Maserati and is known to have a lot of girlfriends on the side, you’d be uncomfortable having them with control over the bank account,” Kusserow said. “You should not ignore signs of heavy personal stress. If someone is snorting a lot of cocaine and they are your banker, then I would get worried.”
Court records say Roe exhibited several classic warning signs, such as a deteriorating family life, sinking personal finances and having a large bonus denied. In his plea for mercy from his sentencing judge, Roe wrote that he first learned about invoice-fraud schemes during a meeting of CFOs of Catholic Health Partners hospitals.
CHP had employed Roe as CFO at St. Rita’s Medical Center in Lima, Ohio. A spokesman for the system confirmed the meeting, but said the matter came up only as “a routine fraud-prevention discussion item.”
“This was not a how-to, but a hey, watch-out,” CHP spokesman Mike Boehmer said in an e-mail. “There have been no other instances of this kind of activity at CHP hospitals.”
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.