Safeguarding your practice: how to detect and prevent financial fraud

Sonya Black, LLB (Hons), B.Com, Legal Team Manager – Workplace Law Team, Avant Law, QLD

Gail Wang, Risk Adviser - Member Advisory Services

Sunday, 23 March 2025

Safeguarding your practice: how to detect and prevent financial fraud

Running a busy medical practice often means entrusting your staff with financial transactions — but what happens if that trust is misplaced?

Financial fraud can pose significant risks to your practice, potentially resulting in substantial financial losses and reputational damage.

A growing concern  

At Avant, we’ve seen an increasing number of financial fraud cases involving practice staff. Fraud can occur in both simple and highly sophisticated ways. Here are some examples:

  • Reversing payments and pocketing the surplus – A receptionist reverses a patient’s payment after they leave, then bulk bills the same patient. Because they also reconcile the EFTPOS at the end of the day, they can take any surplus cash.  
  • Manipulating MBS item numbers – A staff member alters MBS item numbers without the doctor’s knowledge or consent. The doctor receives the expected payment, while the staff member keeps the difference. 
  • Payroll fraud – The person responsible for payroll gives themselves a pay rise or adds unauthorised overtime. In some cases, they ‘forget’ to deduct leave from their balances.  
  • Skimming gap payments – A receptionist bulk bills the patient but still charges them a gap, which they keep. Small gap payments (e.g., $15 for a script or $25 for a dressing) often leave no clear digital trail, making detection difficult.   
  • Misuse of credit card – A practice manager uses the company credit card, with no expenditure limit set, for personal purchases, which go unnoticed until the quarterly accounts are reviewed. 

Without proper auditing and reconciliation, these types of fraud can remain undetected for months, causing significant harm to the practice. Beyond financial losses, fraudulent activity — especially Medicare-related fraud — can have serious legal and professional consequences.

Provider number owner responsibility 

It’s important to note that in cases of Medicare fraud, the owner of the provider number is ultimately responsible, even if the fraudulent activity was carried out by a staff member. 

How to protect your practice 

Implementing preventative measures is crucial to safeguarding your practice. Here are some key steps you can take: 

1. Two-person check for refunds and reversals 

Establishing a two-person check system for refunds and reversals is one of the most effective ways to prevent fraud. Require two staff members to approve any refund or reversal transaction. This ensures no single individual has complete control, significantly reducing the risk of unauthorised activity. It also promotes accountability and transparency within the practice. 

2. Restrict post-consultation item number changes 

To prevent billing code manipulation, restrict changes to item numbers after the day of consultation. Any necessary changes should require the approval of the doctor who conducted the consultation.  This ensures billing codes accurately reflect the services provided and prevents staff from committing fraud. Accurate and consistent billing records are essential for compliance and financial integrity. 

3. Reconciling practice bank accounts and internal reporting 

Reconciling bank and credit card statements with accounting software is a fundamental safeguard. Conduct, weekly, monthly, and quarterly reconciliations to ensure all financial transactions are accurately recorded. Compare the practice’s financial records with bank statements and internal reports to identify any discrepancies.

4. Monitor changes in Medicare billings 

Generate regular reports detailing any changes in Medicare billing patterns and have them reviewed by a designated staff member or external auditor. Monitoring billing trends helps detect unusual or suspicious activity, allowing practices to investigate potential fraud before it escalates. 

5. Implement strong internal controls 

In addition to the above measures, medical practices should establish robust internal controls, such as: 

  • Access controls: Limit access to financial systems to authorised personnel only, ideally practice owners and the practice manager. Medical software systems should restrict access to accounting functions, including the ability to change bank account details and authorise refunds.
  • Regular audits: Conduct monthly, quarterly, and annual audits to reconcile the amounts billed and received. Historical reconciliation audits can detect discrepancies in item numbers and financial transactions. Also, implement a daily checklist for each doctor to review, approve, and sign, confirming the item numbers billed for their sessions. 
  • Staff training: Educate staff about the importance of financial integrity and the consequences of fraud. Provide training on recognising and reporting suspicious activity. 
  • Payroll: Maintain oversight of the staff member responsible for payroll (such as requiring written approval for overtime hours worked and evidence that leave hours have been deducted). 
  • Cash: Any cash held in the practice should be banked regularly to minimise the risk of theft. 

By implementing these safeguards, medical practices can significantly reduce the risk of financial fraud and ensure the integrity of their financial operations. Maintaining a culture of transparency and accountability is key to protecting the practice’s financial health and reputation.

More information 

If you suspect fraudulent activity in your practice and you’re an Avant member or Avant practice policy holder, you can contact the medico-legal advice team here, or call 1800 128 268, 24/7 in emergencies. 

We also have a range of financial administration support services, including billings, bookkeeping and payroll to help prevent fraud happening to your practice.  

Not an Avant member or Avant practice policy holder? Visit our website to find how you can apply.  

Useful resources 

Video: Medicare: what you need to know 

Article: Tips to avoid Medicare compliance issues

Article: Reality check: avoiding medical identity fraud

Article: 8 clinical governance essentials medical practice software can help with

Article: Growing your practice: what you need to know


IMPORTANT:
This publication is not comprehensive and does not constitute legal or medical advice. You should seek legal or other professional advice before relying on any content, and practise proper clinical decision making with regard to the individual circumstances. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgement or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Avant is not responsible to you or anyone else for any loss suffered in connection with the use of this information. Information is only current at the date initially published.

Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law Pty Limited are members of the scheme.

The information in this article does not constitute legal advice or other professional advice and should not be relied upon as such. It is intended only to provide a summary and general overview on matters of interest and it is not intended to be comprehensive. You should seek legal or other professional advice before acting or relying on any of its content. Information is only current at the date initially published.

To Top