If it's On-site, It's Alright
During this period of health care reform, most employers are looking at ways to control health care costs while still maintaining a healthy workforce and providing excellent medical services to their employees. One of the ways to accomplish this goal is by having an on-site clinic or one that’s nearby. A survey conducted by the National Association of Worksite Health Centers (NAWHC) revealed that 95% of the companies surveyed said they met their goals -- at least partially -- of increasing employee satisfaction and productivity with an on-site clinic. When you consider such a high percentage was achieved, it makes having an on-site clinic a no-brainer; right? Especially when that same survey also found that more than 80% reported that access to care was improved by their clinic and increased participation in worksite health programs was increased by 75%. Even more amazing is that nearly 70% said the clinic improved their health and 64% said reduced medical costs were achieved.
Technology plays growing role in benefits
Originally posted January 27, 2015 by Mike Nesper on www.ebn.benefitnews.com.
Employers of all sizes are increasingly shifting toward using technology for enrolling in and managing their employee benefits. The market for technology-based platforms has been “growing leaps and bounds over past the five-plus years,” says Mark Rieder, an Austin-based senior vice president at NFP.
Ten to 15 years ago, he says, only large groups were focused on technology. Today, “they’re all very much interested in becoming more efficient,” Rieder says. “Technology has become affordable enough to [deploy] regardless of size.”
Offering a variety of support tools is important to help employees make the best selections, Rieder says. Employees want to be able to compare the cost of a procedure at various providers, he says. “Transparency tools are becoming more and more of a hot topic,” Rieder says. “Folks want to know what they’re buying.”
Employees also want to manage all of their needs — payroll, HR, benefits — in one location, Rieder says. The goal is to have a useful platform when it’s needed but not be in the employee’s face when they don’t, says Michael Askin, senior consultant with Mind Over Machines, a Maryland-based software development technology company.
The fact that many employers are still using paper isn’t necessarily a bad thing, Askin says. “There are lessons to be learned from other industries,” he says. Perhaps more importantly, paper protects employee information from hackers, Askin says. Ultimately, the goal of a technology-based platform is to increase employee engagement without increasing security exposure, he says.
A common misconception about security breaches is where the vulnerability lies, Askin says. “Most security issues are actually internal,” he says. For consumers, Askin recommends having a credit card for Internet-only purchases.
Do You Know The Way To HSA?
Originally posted by Patty Kujawa on January 28, 2015 on www.workforce.com.
With the rapid growth in high-deductible health plans, health savings accounts provide an option to pay medical bills and save for the future.
Corey Barnett is an avid saver, but doesn't like the idea of stashing his retirement reserves in one place.
That's why when he left his steady job to create a digital marketing company in February 2014, the 25-year-old rolled his 401(k) into an individual retirement account and specifically looked for a high-deductible health plan so he could continue using his health savings account as a way to pay for current medical bills as well as save and invest money for retiree health costs.
Barnett likes the HSA because he finds it tax-savvy and flexible; money goes in, grows and goes out tax-free for medical bills: He can use the money today if he gets sick or he can save it for tomorrow's retiree health bills.
Read full article here.
Employer FAQs: Responding to the Anthem Breach
Originally posted February 9, 2015 by The National Law Review - National Law Forum LLC.
The first massive data breach of 2015 hit one of the country’s largest insurance issuers, Anthem, Inc., including Anthem Blue Cross and Blue Shield and other related entities (Anthem). The incident reportedly affected over 80 million persons who are or were covered under a policy or program insured or serviced by Anthem. The personal note from Anthem's CEO, Joseph R. Swedish, and the Anthem Facts (or FAQs) seek to provide helpful information to the millions of individuals affected. These communications address what is known about the incident, describe the kinds of information compromised, warn affected persons about potential email attacks, and advise that there is more information coming.
But there is not much information at this point for employers that are plan sponsors of group health plans and other welfare plans serviced by Anthem either as an insurance issuer or a third party claims administrator (TPA). Below are some FAQs about the Anthem breach for affected employers.
Isn't this really Anthem's problem?
From a legal compliance standpoint, the answer largely depends on whether the plan is insured or self-funded. For example, as discussed below, in the case of a self-funded group health plan, the HIPAA breach notification rules place the obligation to notify affected persons on the covered entity (i.e., the plan, and practically the plan sponsor) and not on the business associate (i.e., the TPA). However, contract obligations in the business associate agreement (or administrative services only agreement) have to be considered. Finally, as a practical matter, because employees and other persons covered under the plan(s) will be concerned and have questions, employers will need to have a strategy for addressing those concerns.
Is the information involved subject to HIPAA; the Anthem FAQs say Anthem does not believe diagnosis or treatment information was compromised?
According to the Anthem FAQs:
the member data accessed included names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information...[but its] investigation to date indicates there was no diagnosis or treatment data exposed.
Many maintain the mistaken belief that, in the case of a group health plan, a covered person’s name and social security number, alone, is not “protected health information” (PHI) under the privacy regulations issued under the Health Insurance Portability and Accountability Act (HIPAA). The absence of diagnosis or treatment data does not make information any less PHI. This is because the regulatory definition includes not only information about a person’s physical or mental health condition, but also how care is paid for and provided. Thus, data elements that relate to the payment or provision of health care, such as address and email address, could constitute PHI even if not as sensitive as a covered person’s diagnosis information.
What about the state breach notification laws, do they apply?
The Anthem breach involves personal information of individuals, such as names, member ID/social security numbers and other data, the kind of information protected by state breach notification laws, which currently exist in 47 states. Given the massive scale of the breach, it is likely that there are affected individuals residing in all 50 states and beyond.
Some of those state laws have exceptions when HIPAA or other federal regulations apply. Some do not. According to the Anthem FAQs, all product lines have been affected, not just health insurance (medical, dental and vision). This includes life, disability, workers compensation and other policies and products which typically are not subject to HIPAA. Thus, regardless of the Anthem policy or product at issue, the applicable state laws will need to be considered to determine their application in this case.
Our plan is/was insured by Anthem, what should we be doing?
Under HIPAA, both the employer’s group health plan under ERISA and the health insurance issuer that provides the insurance for that ERISA plan are covered entities under HIPAA. Covered entities have the primary breach notification obligations. Under state breach notification laws, the primary notification obligation generally falls on the entity that owns or licenses the data, not necessarily the entity that held the data at the time of the incident. However, in the case of a breach experienced by an insurer, and not the employer sponsoring the plan, the insurer generally is considered to be responsible for responding to the breach. Even if not entirely clear in the applicable statutes or regulations, this makes practical sense because the carrier is in control of the investigation and the facts, and usually is in the best position to work with law enforcement. Carriers can typically disseminate notifications more efficiently across the affected policies, as well as to federal and state agencies, and the media.
To date, Anthem appears to be taking the lead on the investigation and notifying affected persons. For example, its FAQs inform members that they can expect to “receive notice via mail which will advise them of the protections being offered to them as well as any next steps”. Because this incident affects both HIPAA-covered and non-HIPAA plans, it is likely the notices will address the applicable HIPAA and state law requirements.
Still, there are some action items for affected employers to consider:
-
Stay informed. Closely follow the developments reported by Anthem, including coordinating with your benefits broker who might have additional information.
-
Consult with counsel. Experienced counsel can help employers properly identify their obligations and coordinate with Anthem as needed.
-
Communicate with employees. Be prepared to respond to employee questions – consider providing a short summary of the incident to employees along with links to the Anthem materials and FAQs.
-
Evaluate vendors. Use this incident as a reason to examine more closely the data privacy and security practices of all third party vendors that handle the personal information of your employees and customers, including insurance companies. Of course, a data breach is generally not a reason, by itself, to switch vendors. With breaches of all sizes affecting many companies, there is no telling whether the grass will be greener. But making inquiries and pressing vendors to do more, including by contract, is a prudent course of action, and even required in some states.
-
Revisit your own data security compliance measures. Employers should take this as an opportunity to assess or reassess their own data security compliance measures. As many have noted, it is not just large companies that are vulnerable to these kinds of attacks.
Our plan is/was self-insured and Anthem was our TPA, what should we be doing?
In this case, whether the plan is a health plan covered by HIPAA or another employee welfare benefit, as TPA, Anthem maintains the personal information of covered persons on behalf of the employer. In that case, Anthem’s legal obligations under HIPAA and state law, as applicable, generally require only that it notify the employer concerning the circumstances of the breach – how it happened, the kind of information breach, who was affected, etc. Then it is up to the employer/covered entity to carry out an appropriate investigation, provide notice to affected persons and otherwise comply with the applicable federal and state laws. However, administrative service agreements and in the case of health plans, business associate agreements, may delegate some of these responsibilities to the TPA, as well as indemnification obligations. So, in addition to some of the steps listed above, employers have a number of things to consider and steps to take:
- Determine if plans have been affected. Employers might soon be receiving communications from Anthem concerning whether their plans have been affected. They also may want to reach out to Anthem and inquire.
- Act quickly. HIPAA and state breach notification laws generally require that notices be provided without unreasonable delay, as well as place outside limits on when such notices can be provided – e.g., 60 days following discovery under HIPAA, and 30 days in Florida.
- Examine the administrative services agreement and/or business associate agreement. For plans have been affected, employers need to review the related agreements as they could place certain obligations either on the employer or Anthem. The agreements also could be silent, in which case the plan/employer likely has the obligations to notify participants, agencies and media.
- If Anthem is responsible for responding, employers should consider taking certain steps to ensure Anthem’s reaction is compliant – e.g., has it protected data from further attacks, completed the investigation, identified all affected persons, crafted content-compliant notifications (HIPAA and some state laws have specific content requirements), and notified the applicable federal and state agencies.
- If the employer retained the responsibility to respond, it should be taking steps immediately to determine what happened and coordinate with Anthem concerning the response. This includes some of the steps listed above. For instance, in the case of group health plans under HIPAA, employers will need to confirm with Anthem whether Anthem or the employer/group health plan will be notifying the Department of Health and Human Services. Also, employers that have developed a data breach response plan (a good idea for all employers) should review that plan and follow it.
However, as a practical matter and regardless of what is in the services agreement, Anthem may decide to take the lead on the response, and not give employers much choice in shaping the communications made to persons covered under the plans.
-
Communicate with covered persons. If it turns out that the employer will be notifying plan participants, in addition to the notification letters referred to above, employers also need to be prepared to address participant questions about the incident. Designating certain individuals or outside vendors to handle these questions and creating a script of anticipated questions and answers would facilitate a consistent and controlled response.
-
Evaluate insurance protections. Some employers may have purchased “cyber” or “breach response” insurance which could cover some of the costs related to responding to the breach or defending litigation that may follow. Employers should review their policy(ies) with their brokers to understand the potential coverage and what steps, if any, they need to take to confirm coverage.
-
Document steps taken. Employers should document the steps they take to investigate and respond to the incident, particularly if it affects one of their group health plans covered by HIPAA.
Some employees have complained about our data security practices, how should we respond?
Take them seriously! Data security has been recognized at the federal, state and local levels as an important public policy concern, most recently by President Obama at the recent State of Union Address. Disciplining or taking adverse action against an employee who has raised these concerns could expose the employer to retaliation claims or violations of employee whistleblower protections.
Ongoing training about job descriptions can drive employee engagement
Originally posted on HR.BLR.com on November 26, 2014
Ongoing training about job descriptions is “essential, since no job remains exactly the same from year to year,” say Michael Houlihan and Bonnie Harvey, business, marketing, and corporate training experts and co-authors of The Entrepreneurial Culture: 23 Ways to Engage and Empower Your People.
In fact, since “job descriptions are typically out of date when the job is filled,” the authors recommend that employers “ask every employee every year to rewrite his or her job description and tell the employer what kind of training they require to stay up with the technological and procedural changes they have witnessed during that year. Involving them in this process gives them ownership of the job and will fully engage them in the training they requested to do a better job.”
“Engage employees with questions like, ‘What kinds of skills do you need to do your job better?’ When they have a hand in the training program, they will put the most into it and get the most out of it,” Harvey says.
The offering of bonuses based on overall company performance also can drive engagement in training. “Once in place, these incentives will provide a powerful consideration to learn the job, learn the company, learn the market, and become a sponge for any training that will help them achieve that bonus,” says Houlihan.
Cross-training provides another opportunity to engage employees. “We believe in know-the-need rather than need-to-know,” says Harvey. “Many companies feel that certain subjects are not necessary for the individual to do their job. They put them on a need-to-know basis.”
However, “training in other departments, together with the challenges facing those departments, provides employees with appreciation for those functions, and they are more likely to identify with them as part of the same team,” she says. “Cross-training can provide big picture thinking and reduce silo isolation, which can have a very positive impact on interdepartmental cooperation.”
Saxon Financial Consulting Announces New Office Location
Saxon Financial Consulting has announced that they have moved their office to new location in the Cincinnati area.
Saxon, a leading financial consulting firm specializing in employee benefits and financial services in the Cincinnati area, has announced an office location change that occurred in mid-November. The new and larger office facility will allow Saxon to better serve the needs of their clients and employees.
“I feel that this new office location reflects Saxon’s long-term commitment to the Cincinnati area as well as company expansion in the future.” – Karie Waddell-Gallo, Associate at Saxon
The new Saxon office address is 9636 Cincinnati Columbus Road, Cincinnati, Ohio 45241. All other office numbers and contact information remain the same.
“We are so pleased about the new office and rest assured that it will provide Saxon room for growth and expansion into the future.” – Jamie Carlton, Principal at Saxon
For more information on the Saxon office location change, please contact Karie Waddell-Gallo at 513-774-5481.
ACA lawsuit could have implications beyond health care
Originally posted by Mike Nesper on November 24, 2014 on BenefitNews.com.
Employers should continue preparations to comply with the Affordable Care Act despite House Republicans’ recent lawsuit against President Obama. The lawsuit, announced Friday, challenges the lawfulness of subsidies for lower-income individuals and Obama’s postponement of the employer mandate.
The lawsuit won’t have any short-term effects on the ACA, says Benefit Advisors Network Executive Director Perry Braun. “I would recommend not delaying any implementation plans and to move forward,” he says.
The Supreme Court is expected to rule on ACA subsidies in June — the high court agreed Nov. 7 to hear an appeal by four Virginians who are attempting to block those tax credits in 36 states. “Depending on the ruling and subsequent appeals, it could take until summer for this to be resolved,” Braun says.
The government will pay $175 billion to insurance companies over the next 10 years to help individuals who earn a yearly salary between $11,670 and $29,175 pay for health insurance. “If the lawsuit is successful, poor people would not lose their health care, because the insurance companies would still be required to provide coverage — but without the help of the government subsidy, the companies might be forced to raise costs elsewhere,” according to a Friday New York Times article.
The latest ACA-related lawsuit could have impacts beyond health care, Braun says. “The lawsuit is part of a potentially larger story, which is to have the judicial branch confirm what authority the president of United States has in changing or amending laws and what is the role of Congress,” he says. “The separation of powers is, in my opinion, the story here.”
It’s likely attempts to alter the health care law won’t be limited to the court room. In less than six weeks, Republicans will control both houses of Congress and top broker organizations expect another vote to repeal the ACA, however, they say, it’s more of a symbolic gesture than anything else. (So far, there have been 54 votes to either repeal or change the ACA).
Alden Bianchi, practice group leader of Mintz Levin’s employee benefits and executive compensation practice, says last week’s lawsuit is along the same line. “There is no substance here,” he says. “This is, as best I can tell, political. I would guess that the intention is to keep the ACA alive as a campaign issue going into 2016.”
Officials Extend Deadline for Submitting Reinsurance Contribution Form
Originally posted November 15th, 2014 on www.thinkhr.com.
Late Friday, federal officials responded to requests for an extension of the deadline for contributing entities to submit their 2014 enrollment counts in connection with Transitional Reinsurance Program contributions. The deadline has now been extended until 11:59 p.m. on December 5, 2014. The January 15, 2015 and November 15, 2015 payment deadlines remain unchanged.
CMS delays enforcement of health plan identifiers in HIPAA transactions
Originally posted by Alden Bianchi on EBN on November 6, 2014.
In a surprise move, the Centers for Medicare & Medicaid Services (CMS) announced an indefinite delay in enforcement of regulations pertaining to “health plan enumeration and use of the Health Plan Identifier (HPID) in HIPAA transactions” that would have otherwise required self-funded employer group health plans (among other “covered entities”) to take action as early as November 5, 2014.
The CMS statement reads as follows:
Statement of Enforcement Discretion regarding 45 CFR 162 Subpart E – Standard Unique Health Identifier for Health Plans
Effective Oct. 31, 2014, the CMS Office of E-Health Standards and Services (OESS), the division of the Department of Health & Human Services that is responsible for enforcement of compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) standard transactions, code sets, unique identifiers and operating rules, announces a delay, until further notice, in enforcement of 45 CFR 162, Subpart E, the regulations pertaining to health plan enumeration and use of the Health Plan Identifier (HPID) in HIPAA transactions adopted in the HPID final rule (CMS-0040-F). This enforcement delay applies to all HIPAA covered entities, including health care providers, health plans, and healthcare clearinghouses.
On Sept. 23, 2014, the National Committee on Vital and Health Statistics (NCVHS), an advisory body to HHS, recommended that HHS rectify in rulemaking that all covered entities (health plans, health care providers and clearinghouses, and their business associates) not use the HPID in the HIPAA transactions. This enforcement discretion will allow HHS to review the NCVHS’s recommendation and consider any appropriate next steps.
The CMS statement followed, but was not anticipated by, a recent series of FAQs that provided some important and welcome clarifications on how employer-sponsored group health plans might comply with the HPID requirements.
Background
Congress enacted the HIPAA administrative simplification provisions to improve the efficiency and effectiveness of the health care system. These provisions required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. As originally enacted, HIPAA directed HHS to establish standards for assigning unique health identifiers for each individual, employer, health plan, and health care provider. The Affordable Care Act modified and expanded these requirements to include an HPID. On Sept. 5, 2012, HHS published final regulations adopting HPID enumeration standards for health plans (“enumeration” is the process of getting an HPID).
For the purposes of HPID enumeration, health plans are divided into controlling health plans (CHPs) and sub-health plans (SHPs). Large CHPs (i.e., those with more than $5 million in annual claims) would have been required to obtain HPIDs by Nov. 5, 2014. Small controlling health plans had an additional year, until November 5, 2015.
The Issue(s)
While we have no idea what led the NCVHS to recommend to CMS that it abruptly suspend the HPID rules, we can make an educated guess—two guesses, actually.
What is it that is being regulated here?
The HIPAA administrative simplification rules apply to “covered entities.” i.e., health care providers, health plans, and health care data clearing houses. Confusingly, the term health plan includes both group health insurance sponsored and sold by state-licensed insurance carriers and employer-sponsored group health plans. Once HHS began issuing regulations, it became apparent that this law was directed principally at health care providers and health insurance issuers or carriers. Employer-sponsored group health plans were an afterthought. The problem for this latter group of covered entities is determining what, exactly, is being regulated. The regulatory scheme treats an employer’s group health plan as a legally distinct entity, separate and apart from the employer/plan sponsor. This approach is, of course, at odds with the experience of most human resource managers, employees and others, who view a company’s group health plan as a product or service that is “outsourced” to a vendor. In the case of an insured plan, the vendor is the carrier; in the case of a self-funded plan, the vendor is a third-party administrator.
The idea that a group health plan may be treated as a separate legal entity is not new. The civil enforcement provisions of the Employee Retirement Income Security Act of 1974 (ERISA) permit an employee benefit plan (which includes most group health plans) to be sued in its own name. (ERISA § 502(d) is captioned, “Status of employee benefit plan as entity.”) The approach taken under HIPAA merely extends this concept. But what exactly is an employee benefit plan? In a case decided in 2000, the Supreme Court gave us an answer, saying:
“One is thus left to the common understanding of the word ‘plan’ as referring to a scheme decided upon in advance . . . Here the scheme comprises a set of rules that define the rights of a beneficiary and provide for their enforcement. Rules governing collection of premiums, definition of benefits, submission of claims, and resolution of disagreements over entitlement to services are the sorts of provisions that constitute a plan.” (Pegram v. Herdrich, 530 U.S. 211, 213 (2000).)
Thus, what HHS has done in the regulations implementing the various HIPAA administrative simplification provisions is to impose rules on a set of promises and an accompanying administrative scheme. (Is there any wonder that these rules have proved difficult to administer?) The ERISA regulatory regime neither recognizes nor easily accommodates controlling health plans (CHPs) and subhealth plans (SHPs). The FAQs referred to above attempted to address this problem by permitting plan sponsors to apply for one HPID for each ERISA plan even if a number of separate benefit plan components (e.g., medical, Rx, dental, and vision) are combined in a wrap plan. It left in place a larger, existential problem, however: It’s one thing to regulate a covered entity that is a large, integrated health care system; it’s quite another to regulate a set of promises. The delay in the HPID enumeration rules announced in the statement set out above appears to us to be a tacit admission of this fact.
Why not permit a TPA to handle the HPID application process?
One of the baffling features of the recently suspended HPID rules is CMS’ rigid insistence on having the employer, in its capacity as group health plan sponsor, file for its own HPID. It was only very recently that CMS relented and allowed the employer to delegate the task of applying for an HPID for a self-funded plan to its third party administrator. By cutting third party administrators out of the HPID enumeration process, the regulators invited confusion. The reticence on CMS’ part to permit assistance by third parties can be traced to another structural anomaly. While HIPAA views TPAs in a supporting role (i.e., business associates), in the real world of self-funded group health plan administration, TPAs function for the most part autonomously. (To be fair to CMS, complexity multiplies quickly when, as is often the case, a TPA is also a licensed carrier that is providing administrative-services-only, begging the question: Are transmissions being made as a carrier or third party administrator?)
HIPAA Compliance
That the HPID enumeration rules have been delayed does not mean that employers which sponsor self-funded plans have nothing to do. The HIPAA privacy rule imposes on covered entities a series of requirements that must be adhered to. These include the following:
Privacy Policies and Procedures: A covered entity must adopt written privacy policies and procedures that are consistent with the privacy rule.
Privacy Personnel: A covered entity must designate a privacy official responsible for developing and implementing its privacy policies and procedures, and a contact person or contact office responsible for receiving complaints and providing individuals with information on the covered entity’s privacy practices.
Workforce Training and Management: Workforce members include employees, volunteers, and trainees, and may also include other persons whose conduct is under the direct control of the covered entity (whether or not they are paid by the entity). A covered entity must train all workforce members on its privacy policies and procedures, as necessary and appropriate for them to carry out their functions. A covered entity must also have and apply appropriate sanctions against workforce members who violate its privacy policies and procedures or the Privacy Rule.
Mitigation: A covered entity must mitigate, to the extent practicable, any harmful effect it learns was caused by use or disclosure of protected health information by its workforce or its business associates in violation of its privacy policies and procedures or the Privacy Rule.
Data Safeguards: A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure.
Complaints: A covered entity must have procedures for individuals to complain about its compliance with its privacy policies and procedures and the Privacy Rule. The covered entity must explain those procedures in its privacy practices notice. Among other things, the covered entity must identify to whom individuals at the covered entity may submit complaints and advise that complaints also may be submitted to the Secretary of HHS.
Retaliation and Waiver: A covered entity may not retaliate against a person for exercising rights provided by the Privacy Rule, for assisting in an investigation by HHS or another appropriate authority, or for opposing an act or practice that the person believes in good faith violates the Privacy Rule. A covered entity may not require an individual to waive any right under the Privacy Rule as a condition for obtaining treatment, payment, and enrollment or benefits eligibility.
Documentation and Record Retention: A covered entity must maintain, until six years after the later of the date of their creation or last effective date, its privacy policies and procedures, its privacy practices notices, disposition of complaints, and other actions, activities, and designations that the Privacy Rule requires to be documented.
The HIPAA security rule requires covered entities to conduct a risk assessment, and to adopt policies and procedures governing two dozen or so security parameters.
Just Say 'No' to Co-Workers' Halloween Candy
Originally posted on October 14, 2014 by Josh Cable on ehstoday.com.
Workplace leftovers might seem like one of the perks of the job. But when co-workers try to pawn off their Halloween candy on the rest of the department, it's more of a trick than a treat.
Those seemingly generous and thoughtful co-workers often are just trying to keep temptation out of their homes.
"Not only does candy play tricks on your waistline, but it also turns productive workers into zombies," says Emily Tuerk, M.D., adult internal medicine physician at the Loyola University Health System and assistant professor in the Department of Medicine at the Loyola University Chicago Stritch School of Medicine.
"A sugar high leads to a few minutes of initial alertness and provides a short burst of energy. But beware of the scary sugar crash. When the sugar high wears off, you'll feel tired, fatigued and hungry."
Tuerk offers a few tips to help you and others on your team avoid being haunted by leftover candy:
- Make a pact with your co-workers to not bring in leftover candy.
- Eat breakfast, so you don't come to work hungry.
- Bring in alternative healthy snacks, such as low-fat yogurt, small low-fat cheese sticks, carrot sticks or cucumber slices. Vegetables are a great healthy snack. You can't overdose on vegetables.
- Be festive without being unhealthy. Blackberries and cantaloupe are a fun way to celebrate with traditional orange and black fare without packing on the holiday pounds. Bring this to the office instead of candy as a creative and candy-free way to participate in the holiday fun.
- If you must bring in candy, put it in an out-of-the-way location. Don't put it in people's faces so they mindlessly eat it. An Eastern Illinois University study found that office workers ate an average of nine Hershey's Kisses per week when the candy was conveniently placed on top of the desk, but only six Kisses when placed in a desk drawer and three Kisses when placed 2 feet from the desk.
And if you decide to surrender to temptation and have a treat, limit yourself to a small, bite-size piece, Tuerk adds. Moderation is key.