Why Risk It?

This article was written for Optometry Divas blog by guest contributor Kyle Haubrich, and is inspired by content regarding his new program, S.P.I.N Compliance Solutions.


How SPIN can help a practice turn potential healthcare regulation burdens into potential gains.


One of the biggest reasons practices find themselves in trouble with the federal government for violating healthcare regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or the Medicare Access and CHIP Reauthorization Act (MACRA), for example, is because of human error. Employees are our biggest resource and a vital part of making any practice successful. However, they can also be your biggest liability when it comes to complying with these laws.


As a healthcare regulation compliance attorney, I find that most errors or breaches happen because the staff makes a mistake. No staff member is trying to purposely put the practice at risk of breaches or other compliance issues, but it happens. Let me see if I can describe your office’s typical day. Your staff preps the office for patients by arriving early and getting computers turned on and the rooms stocked with supplies. As the physician, you arrive ready to see patients and get your day started. Both you and your staff get busy by fielding calls from patients and insurance carriers, taking co-pays and addressing a myriad of issues (Like schedule changes and adjustments for one!) as the day unfolds. HIPAA, MACRA, OSHA and other regulations you have to follow become kind of a back burner situation, if they are even considered at all. The office manager does all she or he can do to keep your practice up and running smoothly. If anything gets done on these laws, it is done when anyone has time, which is few and far between sometimes.


What my business partner and I did was develop a process, or a program if you will, called SPIN. SPIN stands for Secure, Protection, Instructions, and Never. What SPIN does is it combines information technology services, with legal services, to make a full turnkey solution for medical practices. SPIN takes most of complying with these laws off the plate of the practice, the staff, the doctor, so that they can see patients and not worry about compliance.


Now, you are probably telling yourself, I have this already through my electronic medical record (EMR) system, or I use XYZ online/software based company’s HIPAA compliance service. This may very well be the case, but how much of the requirement of complying with these laws do YOU still have to do? Do they come onsite and help you conduct your security risk analysis (SRA) required for HIPAA and MACRA compliance, or do they require that you do your own SRA? If the law changes and you have to draft new documents, or new policies and procedures, do they say, “The law has changed and you need to draft new documents,” or do they say, “The law has changed, HERE is your new document.”? There are many pitfalls for physicians and medical practices that rely on their staff or an online/software based compliance company to do their compliance work. If your staff is swamped with seeing patients as it is, are they really able to focus on compliance with these laws for you?


In a survey conducted in 2017, it stated that on average it will cost a practice $402 for every “affected or could have been affected individual,” in this case patient, “to mitigate the fallout from a breach, audit, complaint, or even a ransomeware attack.”   From my experience with these matters I can tell you that the cost to mitigate after a breach has occurred or an employee made a compliance mistake is only the beginning. If the violation is big or bad enough, the Department of Health and Human Services and the Office of Civil Rights could still investigate and audit the incidence and could potentially issue a fine. This fine is above and beyond the mitigation costs you’ve had to now take to mitigate the situation. The costs therefore can be enormous. Is it worth the risk of letting your staff do the compliance work for your practice? Is it worth the risk of letting a software or online vendor tell you the best way to comply? Or would it be better to have experts on the IT side and the legal protection to help you make sure you are following the law to the letter in an effort to avoid these risks? The decision is yours.



Kyle is an Attorney & Co-Founder of S.P.I.N.  a Complete Compliance Solution for MACRA/MIPS, HIPAA, and OSHA.

Kyle Haubrich focuses his practice on the rapidly evolving areas of health care law, specifically on HIPAA and MACRA regulations for both individuals and businesses. 

 Kyle advises clients in several states on how to comply with federal health care regulations.


You are invited to an upcoming seminar with Kyle and the rest of the SPIN team on September 24, 2019. In this webinar, you will learn how SPIN combines information technology services, with legal services, to make a full turnkey solution for your practice that will protect you from breaches from staff mistakes. SPIN will take most of complying with health care laws off the plate of the practice, the staff, and the doctor. This will give you the freedom you need to focus on doing what you love – care for patients and not have to worry about compliance.

Click HERE to register for this webinar.

SPIN Compliance Solutions Webinar