Colington Consulting

Colington Consulting Helping Organizations Achieve HIPAA Compliance™ HIPAA RISK ASSESSMENTS
The risk analysis is the first step to identify vulnerabilities and risks; determine the potential impact and provide a gap analysis.

All assessments will include an action plan to prevent unauthorized access, tampering and theft. Our assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule. HIPAA RISK MANAGEMENT PLAN
We develop and help your practice or business implement a Risk Management Plan. Think of your risk plan as your overall policie

All assessments will include an action plan to prevent unauthorized access, tampering and theft. Our assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule. HIPAA RISK MANAGEMENT PLAN
We develop and help your practice or business implement a Risk Management Plan. Think of your risk plan as your overall policie

Operating as usual

Check out our latest blog post.
09/16/2021
HIPAA Requirements – Providing Timely Access to Medical Records

Check out our latest blog post.

A fundamental part of the HIPAA Privacy Rule is to provide patients with the right to access and obtain copies of their health information when requested. However, over the past couple of years, there has been an increa...

We are pleased to announce our HIPAA training courses have been updated to our newest versions.  We offer training cours...
09/15/2021
Colington Consulting

We are pleased to announce our HIPAA training courses have been updated to our newest versions. We offer training courses for Covered Entities and Business Associates.

If your workforce needs to meet annual training requirements, sign up today to enroll in one of these courses.

We can also provide live, instructor led HIPAA training. Give us a call today at 800-733-6379 for more information about this option.

HIPAA Training Courses

The report states "Examining breaches caused by hacking reveals something unexpected – attackers breached outpatient fac...
08/26/2021
Report: Cybercriminals increasingly targeting outpatient facilities

The report states "Examining breaches caused by hacking reveals something unexpected – attackers breached outpatient facilities and specialty clinics nearly as much as hospitals."

Does your organization need to conduct a HIPAA Security Assessment to determine vulnerabilities and threats? If so, give our office a call today at 800-733-6379 to schedule an assessment.

A report released Thursday by the cybersecurity firm Critical Insight found that bad actors have begun to shift their healthcare targets. The report used cyberattack data from the first half of 2021 to show that the number of breaches in the beginning of 2021 was higher than any six-month period bet...

This is substantial. Although the results are based on average costs, small to mid-size healthcare providers should be c...
08/04/2021
The Average Cost of a Healthcare Data Breach is Now $9.42 Million

This is substantial. Although the results are based on average costs, small to mid-size healthcare providers should be concerned about these findings. Can your practice afford to cover costs associated with a breach? A HIPAA Security Risk Assessment is a great way to initially determine threats and vulnerabilities to help avoid a possible breach. If your organization needs to have a risk assessment conducted, give our office a call at 800-733-6379 to start the process.

IBM Security has published its 2021 Cost of a Data Breach Report, which shows data breach costs have risen once again and are now at the highest level IBM Security has published its 2021 Cost of a Data Breach Report. The average cost of a data breach is now $4.24 million, with healthcare data breach...

Great job by the HIPAA Journal to pull together the June 2021 breach stats.
07/28/2021
June 2021 Healthcare Data Breach Report

Great job by the HIPAA Journal to pull together the June 2021 breach stats.

For the third consecutive month, the number of reported healthcare data breaches of 500 or more records increased. June saw an 11% increase in reported

Another reported HIPAA breach.
07/19/2021
Wisconsin Dermatology Practice Reports Data Breach Affecting 2.41 Million Individuals

Another reported HIPAA breach.

Manitowoc, WI-based Forefront Management, LLC and Forefront Dermatology, S.C. discovered on June 4, 2021 that unauthorized individuals had gained access Forefront Management has reported a cyberattack that potentially involved the PII and PHI of 4,431 individuals, including Forefront Dermatology pat...

OCR Issues Summer 2021 Cybersecurity Newsletter
07/15/2021
OCR Issues Summer 2021 Cybersecurity Newsletter

OCR Issues Summer 2021 Cybersecurity Newsletter

On July 14, OCR issued it's Summer 2021 Cybersecurity Newsletter titled "Controlling Access to ePHI: For Whose Eyes Only?" Here are the first few paragraphs of this very timely newsletter:

As healthcare organizations have been getting back to some sense of normalcy, it is time to revisit HIPAA compliance req...
07/14/2021

As healthcare organizations have been getting back to some sense of normalcy, it is time to revisit HIPAA compliance requirements. Some chose to make HIPAA requirements a back burner topic during COVID. The HIPAA rules are still the rules. If you practice or organization needs to conduct a Security Risk Assessment or update HIPAA policies and procedures, give our office a call at 800-733-6379 to see how we can help.

As healthcare organizations have been getting back to some sense of normalcy, it is time to revisit HIPAA compliance requirements. Some chose to make HIPAA requirements a back burner topic during COVID. The HIPAA rules are still the rules. If you practice or organization needs to conduct a Security Risk Assessment or update HIPAA policies and procedures, give our office a call at 800-733-6379 to see how we can help.

Add another significant HIPAA data breach to the list for 2021.  We partner with some outstanding cybersecurity companie...
06/29/2021
February data breach exposed Wolfe Eye Clinic patient information

Add another significant HIPAA data breach to the list for 2021. We partner with some outstanding cybersecurity companies who can proactively evaluate your network, systems, and end points. To find out more, please give our office a call at 800-733-6379.

Wolfe Eye Clinic says current and former patient's personal information may have been accessed in a data breach.

Lesson learned from this breach: If you are going to use an external hard drive to back up PHI data, make sure it is enc...
06/21/2021
Washington practice eliminates external hard drives containing PHI after theft: 4 details

Lesson learned from this breach: If you are going to use an external hard drive to back up PHI data, make sure it is encrypted. How does your organization back up ePHI data? On prem, in the cloud, or not really sure how it is backed up? Although the HIPAA Security Rule does not specify how, it does require the organization to verify the data is being backed up and have a process in place to restore that data.

Tacoma, Wash.-based NorthWest Congenital Heart Care experienced a data breach May 7 when an unauthorized person stole a hard drive from a physician's office.

Read our latest blog post regarding information system activity reviews.
06/16/2021
Key Facts About HIPAA Compliance – # 15

Read our latest blog post regarding information system activity reviews.

Our series is designed to explain best practices about HIPAA compliance, HIPAA settlements, and the various requirements an organization must have in place under the HIPAA Security & Privacy Rules.

Significant breach reported affecting more than 3.2 million individuals.
06/07/2021
More than 3.2 Million Individuals Affected by 20/20 Hearing Care Network Data Breach

Significant breach reported affecting more than 3.2 million individuals.

The 20/20 Hearing Care Network has started notifying millions of current and former members that some of their protected health information (PHI) has The 20/20 Hearing Care Network has notified current and former members about a security breach in which PHI was accessed, downloaded, and deleted from...

HIPAA settlements roll on.  Another case in which receiving a copy of medical records did not comply with HIPAA Privacy ...
06/03/2021
OCR Settles Nineteenth Investigation in HIPAA Right of Access Initiative

HIPAA settlements roll on. Another case in which receiving a copy of medical records did not comply with HIPAA Privacy Rule requirements. In this case, it took two years.

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its nineteenth settlement of an enforcement action in its HIPAA

05/21/2021

Many healthcare organizations are back to almost normal operations, although with some COVID protocols still in place. For some organizations, HIPAA compliance requirements were put on the back burner to deal with needed operational adjustments for COVID.

Does your organization need to address HIPAA compliance requirements, including conducting a Security Risk Assessment and training your staff? If so, Colington Consulting can help with all of that. Give our office a call today at 800-733-6379 to schedule a free, initial consultation.

Some good basic information.  If your organization needs more in-depth information regarding all aspects of the HIPAA Pr...
05/10/2021
HIPAA Protected Health Information | JD Supra

Some good basic information. If your organization needs more in-depth information regarding all aspects of the HIPAA Privacy Rule, give our office a call at 800-733-6379. We offer a free, initial consultation.

Most healthcare professionals understand many of HIPAA’s regulations are all about safeguarding protected health information (PHI), but there is much...

According to this article "there was a 38.8% increase in reported healthcare data breaches in March" with "62 breaches o...
04/27/2021
March 2021 Healthcare Data Breach Report

According to this article "there was a 38.8% increase in reported healthcare data breaches in March" with "62 breaches of 500 or more records reported to" OCR.

As this trend continues, organizations must be proactive with their HIPAA compliance programs. Conducting HIPAA Security Risk Assessments can identify potential vulnerabilities and threats.

If your organization needs to conduct a risk assessment, give our office a call today at 800-733-6379. We can schedule your assessment within a coupe of days. Make sure your organization is not one of those stats for next month.

Healthcare data breaches increased by 38.8% in March. 62 breaches of 500 or more records were reported and 2,913,084 healthcare records were breached.

Is your organization struggling to meet or understand HIPAA compliance requirements? Find out if your organization is me...
04/06/2021
HIPAA Compliance Services - Colington Consulting

Is your organization struggling to meet or understand HIPAA compliance requirements? Find out if your organization is meeting those critical HIPAA compliance requirements by taking our 15- question survey which can be found on our website home page. The survey is free to use with no marketing strings attached. Based on the results of the survey, we offer a free initial consultation to see how we can help your organization achieve HIPAA compliance.

Helping Organizations Achieve HIPAA Compliance with a full range of services for Covered Entities and Business Associates

We would like to thank Atlantic.Net for recognizing us as one the of the Top 10 HIPAA Compliance Companies 2020.  Rated ...
03/31/2021
Top 10 HIPAA Consulting Companies in 2020 | Atlantic.Net

We would like to thank Atlantic.Net for recognizing us as one the of the Top 10 HIPAA Compliance Companies 2020. Rated as #2, this year we strive to be #1.

Choosing a suitable HIPAA consultant can be tough, so Atlantic.Net has collated a list of the Top 10 HIPAA Consulting Companies in 2020.

OCR continues to roll on with settlement activity. In this case, the organization agreed to take corrective actions and ...
03/29/2021
OCR Settles Eighteenth Investigation in HIPAA Right of Access Initiative

OCR continues to roll on with settlement activity. In this case, the organization agreed to take corrective actions and pay $30,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard.

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its eighteenth settlement of an enforcement action in its HIPAA

This is troubling but not surprising. This article does state "Business associate breaches resulted in the exposure or t...
03/23/2021
2020 Saw Major Increase in Healthcare Hacking Incidents and Insider Breaches

This is troubling but not surprising. This article does state "Business associate breaches resulted in the exposure or theft of more than 24 million patient records, with 55% of all hacking incidents having some business associate involvement along with 25% of insider error incidents. The number of breaches involving business associates could be considerably higher as the researchers were unable to accurately determine if business associates were involved in many of the breaches."

If your organization is a HIPAA Business Associate and assistance is needed in implementing a compliance program to meet all regulatory requirements, give us a call today at 800-733-6379 for a free, initial consultation.

The 2021 Protenus Breach Barometer report shows healthcare hacking incidents increased by 42% in 2020 and insider breaches increased for the first time in 4 years.

Although we address HIPAA from the compliance perspective, we partner with IT companies that can help organizations impl...
03/11/2021
Small and Medium Sized Practices Under Increased Pressure from Cyberattacks

Although we address HIPAA from the compliance perspective, we partner with IT companies that can help organizations implement technical safeguards to address cybersecurity concerns. Give us a call today 800-733-6379 for more information.

Cyberattacks on small and medium sized healthcare organizations are increasing. They are the sweet spot for cybercriminals – Attacks are relatively easy and still very profitable.

This is an interesting article from the AMA. In their Code of Medical Ethics Opinion 3.1.1, it states “Protecting inform...
03/04/2021
Common HIPAA violations physicians should guard against

This is an interesting article from the AMA. In their Code of Medical Ethics Opinion 3.1.1, it states “Protecting information gathered in association with the care of the patient is a core value in health care." “However, respecting patient privacy in other forms is also fundamental, as an expression of respect for patient autonomy and a prerequisite for trust.”

It may be a core value and instill trust but it is mandated by the HIPAA Privacy Rule. As part of the assessment process our company conducts, we address Privacy Rule requirements. Although a Privacy Rule Assessment is not a regulatory requirement, like a Security Risk Assessment is, organizations still have culpability for not complying with a patient's privacy rights, especially a right to access one's medical records.

To find out more about our comprehensive assessment process, give our office a call at 800-733-6379 to schedule a free, initial consultation. #cchipaa

Since 2003, these five violations of patient privacy have been catching the attention of federal regulators who have been keeping an eye on physicians.

Read our latest post regarding HIPAA policies and procedures, along with review and updates requirements. #cchipaa
03/03/2021
Key Facts About HIPAA Compliance – # 14

Read our latest post regarding HIPAA policies and procedures, along with review and updates requirements. #cchipaa

Our series is designed to explain best practices about HIPAA compliance, HIPAA settlements, and the various requirements an organization must have in place under the HIPAA Security & Privacy Rules.

Weeks into the new administration and with Acting Director Robinsue Frohboese at the helm, OCR announces another settlem...
02/11/2021

Weeks into the new administration and with Acting Director Robinsue Frohboese at the helm, OCR announces another settlement in their continuous enforcement of patient right to access cases.

Weeks into the new administration and with Acting Director Robinsue Frohboese at the helm, OCR announces another settlement in their continuous enforcement of patient right to access cases.

Why it pays to always vet vendors who are or going to be HIPAA Business Associates.  As part of our HIPAA compliance ser...
02/02/2021
Philadelphia Department of Public Health Terminates Vaccine Distribution Contract Over Alleged Privacy Violations

Why it pays to always vet vendors who are or going to be HIPAA Business Associates. As part of our HIPAA compliance services, we offer Business Associate/Vendor Evaluations to determine if the necessary safeguards are in place to receive, maintain or transmit your organization's ePHI. For more info, please give us a call today at 800-733-6379.

The Philadelphia Department of Public Health has terminated its contract with Philly Fighting COVID over a privacy policy that potentially allowed PHI to be sold.

Yesterday, OCR pushed out an email that tallied their accomplishments during the last four years under Director Roger Se...
01/20/2021

Yesterday, OCR pushed out an email that tallied their accomplishments during the last four years under Director Roger Severino. In terms of enforcement activity, here is what was indicated in that email:

Highest Number of HIPAA Enforcement Actions: OCR’s settlements and penalties create specific and general deterrents to HIPAA violations for the specific entities investigated, as well as the entire regulated industry. From March 2017 through January 2021, OCR set new enforcement records in this area, by completing 48 enforcement actions requiring covered entities and business associates to implement corrective actions, or the imposition of civil money penalties, including a record 19 enforcement actions in 2020.

During this period, OCR obtained over $67.6 million in settlements, judgements, and collections on privacy and security issues ranging from lack of access to patient records to massive breaches of electronic protected health information. The cases included the biggest U.S. health care data breach in history which resulted in OCR securing the largest settlement in OCR history with the $16 million settlement with Anthem, Inc. #cchipaa

Yesterday, OCR pushed out an email that tallied their accomplishments during the last four years under Director Roger Severino. In terms of enforcement activity, here is what was indicated in that email:

Highest Number of HIPAA Enforcement Actions: OCR’s settlements and penalties create specific and general deterrents to HIPAA violations for the specific entities investigated, as well as the entire regulated industry. From March 2017 through January 2021, OCR set new enforcement records in this area, by completing 48 enforcement actions requiring covered entities and business associates to implement corrective actions, or the imposition of civil money penalties, including a record 19 enforcement actions in 2020.

During this period, OCR obtained over $67.6 million in settlements, judgements, and collections on privacy and security issues ranging from lack of access to patient records to massive breaches of electronic protected health information. The cases included the biggest U.S. health care data breach in history which resulted in OCR securing the largest settlement in OCR history with the $16 million settlement with Anthem, Inc. #cchipaa

Address

Fairfax County, VA
22009

Opening Hours

Monday 9am - 5pm
Tuesday 9am - 5pm
Wednesday 9am - 5pm
Thursday 9am - 5pm
Friday 9am - 5pm

Telephone

(800) 733-6379

Alerts

Be the first to know and let us send you an email when Colington Consulting posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Colington Consulting:

Videos

Nearby health & beauty businesses