SPIN Compliance Solutions is the premier hands-on HIPAA, MACRA/MIPS, OSHA, Stark Law, and Anti-Kickback Statute Compliance Training Company serving medical practices in the continental US. We have been passionately saving physicians from compliance penalties since 2018. Our mission is simple... Take the time and frustration out of keeping your practice compliant so you can focus on your patients and practice.

If you want to take the frustration out of keeping your practice compliant then you won’t find an easier solution. Our hands-on compliance training and security audits provided by our exceptionally trained staff make it possible for you to focus on your practice. Contact us now so we can take the headache out of keeping you compliant today.


Frequently asked questions about healthcare compliance.

Is the Security Risk Assessment optional?

No. Not having a thorough Security Risk Assessment (SRA) performed is a major HIPAA violation. All Covered Entities are required to have a Security Risk Assessment performed if they have access to PHI/ePHI. Also, all providers who are participating in MACRA/MIPS are considered to be at a higher risk for a government audit.

Do I only need to have a Security Risk Assessment performed once?

No. To comply with government regulations, you must continue to review, correct or modify risks, and update your security protections on an ongoing basis. Due to changes within a practice and continually growing cyber threats and attacks, we recommend a Security Risk Assessment be conducted or updated annually.

When it comes to a HIPAA Security Risk Assessment, before I attest for MACRA/MIPS, do I need to fully mitigate all risks?

No.  MACRA/MIPS requires that you conduct a Security Risk Assessment each year. You must be able to prove that your practice has been continually addressing gaps in your compliance that the risk assessment indicates.  If the Center for Medicare and Medicaid Services audits you, a current SRA, as well as previous year’s SRAs, showing what high-risk areas have been mitigated must be illustrated for compliance.

My Electronic Medical Record company handles my MIPS reporting, why do I need SPIN to help with this?

Most Electronic Medical Record (EHR) companies do not report your data in a way that is best for your MIPS score. They report the minimum amount of information necessary, or they will report way too many measures, all of which can have a huge impact on your overall MIPS score. With SPIN, we will work with your EHR company in an effort to get you the best possible score, so that you do not leave any Medicare Part B increase money on the table.

What happens if my practice gets audited, has a patient compliant or experiences a breach?

With SPIN, you would contact a member of your SPIN team and they would work with you to rectify the issue on your behalf.  You will have an attorney dedicated to your case.