Embezzlement isn’t a fun topic, but it’s something that every dental practice owner needs to be aware of. In this post, we will review the tools already available in Open Dental that can help mitigate your embezzlement risk.
Setting appropriate Security Permissions is an important step in making your office run smoothly and making sure your staff has the necessary access to do their jobs while ensuring appropriate controls are in place to minimize embezzlement risk. Below are several security permissions to review.
- Security Admin
This permission gives comprehensive access to all areas of the program. A user with this permission can also grant or deny permissions to other users. At least one user needs to have this permission, but this permission should generally be limited.
- Insurance Payment Edit
This permission allows users to edit insurance payments after they have been finalized, meaning they can edit historical data. Permissions that allow users to edit historical data should generally be limited.
- Payment Edit
Allows users to edit patient payments after they have been created.
- Payment Create
Users with this permission can create new payments as needed, but without the Payment Edit permission as well, they are prevented from editing historical payments.
- Adjustment Edit
Allows users to edit adjustments after they have been created.
- Adjustment Create
Users with this permission can create new adjustments as needed, but without the Adjustment Edit permission as well, users are prevented from editing historical adjustments.
- Edit Completed Procedure
Allows users to edit information on a completed procedure, including the procedure amount.
Each user in your practice should have their own individual user account and private password that is not shared – this is also important for HIPAA compliance. This prevents users from logging into another user’s account.
Global Lock Date
It may be necessary for some changes to be made after the fact, but setting a global lock date will ensure that staff cannot make historical changes in perpetuity.
In Setup > Security > Global Security Settings > Click Change to set a specific global lock date (e.g., 12/31/2021) or the number of days users can edit or backdate items (e.g. 2). See Permissions for more information on which permissions are affected by a global lock date.
Setting a global lock date will not restrict admin users unless the Lock includes administrators box is checked. With this box checked, users with the security admin permission will also be blocked from making changes that interfere with the global lock date, though it’s important to keep in mind that those users do have the ability to remove or change the lock date.
The Audit Trail is a tool that will allow you to see which users are making what changes. This is another reason why it is critical that each employee has their own unique login and is using it. Without this in place, it will be impossible to accurately track who is doing what. You can review which changes are tracked in the audit trail here: Audit Trail Permissions. You will be able to see things like payment entries and adjustments, and if they are being edited.
Saving Statements and EOBs
Having a “paper trail” isn’t really on paper anymore. If there’s ever a concern that information has been doctored or edited, being able to go back to a historic document can be a life- (and business-) saver. There are two important things you can do to make sure your historic documents are saved in Open Dental.
- Scan all paper EOBs when finalizing Insurance Payments.
When finalizing insurance payments – click the Scan EOB button to scan or upload your EOBs. This makes for quick reference if patients have questions, and also ensures you have copies of the historical document to reference to confirm data was entered accurately and without being altered. You can access the EOB easily from the claim or insurance payment rather than digging through paper files.
- Automatically save a PDF copy of patient statements when they are printed or emailed.
If line items on the account are changed, a historical statement won’t change, so saving copies of statements can also help you with investigating account changes.
Make sure an Image Category is set with the Statements usage.
- Restrict the Image Delete permission
With the aforementioned tips, users may still be able to delete saved EOBs or statements, so restricting the Image Delete permission will ensure that users cannot delete these documents from Open Dental once they’ve been uploaded or saved.
Regularly running reports is one of the best ways to be aware of what’s happening in your practice and check for any possible abnormalities or suspicious activity. Below is a list of some helpful reports to run regularly.
- The Daily Production and Income Report is a no-brainer to run every day to get an itemized list of all of your practice’s production and income, but if you’re looking for specific information, this report might be more than you need. That’s where these other itemized reports come in handy.
- Daily Payments – Run this report to verify the payments for a date range. Does anything appear to be missing?
- Daily Adjustments – Run this report to verify the adjustments for a date range. Are there more negative adjustments than you would expect? Are there high-dollar adjustments?
- Daily Procedures – Run this report to verify the procedures completed for a date range. Does anything appear to be missing?
- Daily Writeoffs – Run this report to verify write-offs for a date range. If you suspect that a staff member is manipulating patient balances, are there write-offs that seem too high?
Did you know that you can create and track Deposit Slips in Open Dental? Deposit slips create a digital copy of the list of cash and checks being deposited, so if there are any anomalies, you can easily compare the deposit slip created in Open Dental with what was actually deposited in the bank.
Using the Tools
Let’s look at a hypothetical scenario. Let’s say you’re concerned that a staff member is charging customers for procedures that they are not setting complete so they can pocket the cash.
If you know Mrs. Roberts pays cash for her appointments and she came in for a recall appointment that normally costs $180, you can run the Daily Payments to verify your cash payments and the Daily Procedures report to verify the procedures for Mrs. Roberts were set complete. You can also run the Daily Adjustments report to see if any adjustments were attached to Mrs. Roberts’ account to reduce her balance without inputting a payment.
If we don’t see the $180 for Mrs. Roberts on our Daily Payments report, we do see the procedures totaling $180 on the Daily Procedures Report, and on the Daily Adjustments report we see a negative adjustment for $180 for Mrs. Roberts, that shows us that the procedures were billed out and the balance was zeroed out without entering any payment. We can verify this by looking at Mrs. Roberts’ account.
If we look at the account, we can see a statement was generated. If we double-click the statement, we see a copy of what was printed out. In this case, we see that on the statement, it shows a payment (even though the account does not). This indicates a payment was entered and then deleted.
We can use the Audit Trail to verify this. Looking in the Audit Trail, we see the same user created a payment, then a statement, then deleted the payment and replaced it with an adjustment. This indicates that the user took a payment, gave the patient a statement to show their payment, then deleted it to replace it with an adjustment instead so that end of day reports would not show this cash payment.
If the user had not had the Payment Edit permission, they would not have been able to delete the payment after creating it.
Whether you’re trying to mitigate your embezzlement risk or need to research something that is a concern, our support team is here to help. Please feel free to reach out.