Skip to main content

How to Prevent Check and EFT Fraud in Your Medical Practice?

Employees of medical practices and health care companies are perpetrating check and EFT fraud. Learn how they’re doing it and get fraud prevention tips.

Medical practices process a high volume of checks and electronic funds transfers (EFTs) from both patients and insurance companies, which puts them at increased risk of check and EFT fraud.


In one case reported by the American Academy of Family Physicians, an office assistant embezzled $350,000 from a six-physician suburban practice. The assistant was responsible for both processing insurance payments and handling write-offs. Here’s how she did it:


Each day, she got a list of checks and EFTs received so she could update patient accounts and then prepare deposit slips, often even taking deposits to the bank herself

The assistant stole checks and then created deposit slips on which she manipulated check and cash totals so that deposit totals remained unchanged 

She then adjusted contractual insurance write-offs on patient accounts so patients’ balances due were correct and patient totals reconciled with the firm’s accounts receivable


The check fraud was only uncovered when a suspicious coworker told the office manager of her hunch, which led to the fraud discovery and arrest of the woman.


Risky business: Failing to segregate accounting duties

Check tampering/check fraud is one of the most commonly reported fraud schemes among healthcare businesses. Failing to properly segregate accounting duties, as occurred in the fraud case noted above, is one of the most common contributing factors of check fraud in medical practices, according to Cadence Bank Senior Vice President and Treasury Management Sales Manager Lori Johnson. For example:


  • Scenario #1: The accounting employee who opens the mail is the same person who posts payments in the accounting system, makes write-off adjustments and then deposits checks at the bank. 
    “Allowing this scenario to exist is almost like giving the employee a blank check to steal from your practice,” says Johnson.
  • Scenario #2: Allowing one accounting employee to approve new vendors and invoices to be paid as well as sign checks. In this situation, the employee can authorize payments and write checks to a fictitious business and then cash the checks himself or herself.
    In one instance, a medical practice accounting employee paid fake invoices for uniform cleaning to a cleaning company that didn’t exist, depositing the checks into an account she created. If the practice had segregated the authorization, verification and payment duties among at least two different employees, this fraud never could have gotten off the ground.

ACH presents its own risks

Johnson says that the increased use of Automated Clearing House (ACH) payments among medical practices has also exposed practices to additional fraud risk – specifically, EFT fraud. 


“Without proper controls, dishonest employees may be able to initiate unauthorized electronic payments into accounts they’ve set up for themselves,” she explains. “Doing this is as easy as using a signature stamp to commit check fraud.”


Check and EFT fraud prevention steps

There are a number of steps your practice can take to minimize the risks of check and EFT fraud. 


1. Segregate accounting duties. As described above, this should be one of your main fraud prevention steps.
2. Restrict endorsements. Place restricted endorsements on checks that you receive, such as “For Deposit Only.” 
3. Require a signature. Require that an owner physically sign all checks (no signature stamps) and approve all EFTs.
4. Use fraud prevention services from your bank. Another critical step in preventing check and EFT fraud is using fraud prevention services from your bank. “Two of the most useful bank fraud prevention services are Positive Pay for checks and ACH Positive Pay for EFTs,” says Johnson.


Positive Pay

Positive Pay helps combat check fraud by comparing checks presented to the bank for payment to a list of checks your practice has actually issued. Only checks with an exact match to the check-issued file are paid — all others are flagged as suspect and reported to you (via email or mobile) for a pay or no-pay decision using a simple online decision process.


There are multiple options for submitting check-issued files, one-off issued checks and voids to the bank. Automatic updates are provided to item processing, the teller line and the bank account reconciliation team. The system automatically reconciles checks issued, checks paid and outstanding checks and provides you with reconciliation details.


ACH Positive Pay

Johnson says that ACH Positive Pay is similar to Positive Pay, but it’s designed for electronic payments. Your practice will set up a list of approved vendors who are paid via EFT, along with filters that cap the amount of money that can be paid to any one vendor. Any EFT that occurs outside of these boundaries generates an email notification, so you can approve or deny the transaction. If an unauthorized EFT does occur, you’ll have 24 hours to dispute it.


Download the fraud ebook from Cadence Bank

For more information on how to fight fraud in your medical practice, download our ebook, How to Minimize the Risks of Fraud. Or contact Cadence Bank at [email protected] with your questions about fraud prevention.



This article is provided as a free service to you and is for general informational purposes only. Cadence Bank makes no representations or warranties as to the accuracy, completeness or timeliness of the content in the article. The article is not intended to provide legal, accounting or tax advice and should not be relied upon for such purposes.


Questions? We are here for you...

To ensure your safety, please do not include sensitive information in your submission.