Colington Consulting

Colington Consulting Helping Organizations Achieve HIPAA Compliance.
HIPAA Compliance Services & Training
(1)

HIPAA RISK ASSESSMENTS The risk analysis is the first step to identify vulnerabilities and risks; determine the potential impact and provide a gap analysis. All assessments will include an action plan to prevent unauthorized access, tampering and theft. Our assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule. HIPAA RISK MANAGEMENT PLAN We develop and help your practice or business implement a Risk Management Plan. Think of your risk plan as your overall policies and procedures manual on how to make decisions to address security risk and vulnerabilities for HIPAA Security Rule compliance. Your completed plan will address all the required topics to include administrative, technical, and physical safeguards. Regardless of practice or business size, a Risk Management Plan is required. This may be one of the first documents OCR will request if there is a breach of electronic patient records or if a compliance audit is conducted. HIPAA PRIVACY POLICIES AND PROCEDURES MANUAL The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to healthcare providers that conduct certain healthcare related transactions. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without authorization. The best way to ensure your staff is familiar with the appropriate safeguards is by having a HIPAA Privacy Policies and Procedures Manual. We develop and help your practice or business implement a Privacy Manual. SECURITY AWARENESS TRAINING We develop security awareness training specifically designed for your practice or business office environment. Our training will address the four standard implementation specifications. Those are security reminders, protection for malicious software, log-in monitoring, and password management. We conduct initial, comprehensive training along with periodic refreshers. HIPAA DOCUMENTATION REVIEW If your practice or business already has documentation in place, we can conduct a review of those documents to ensure you are meeting the current HIPAA Security Rule and HITECH compliance requirements for patient electronic health records. This cost effective review can determine if all high risk areas for compliance are being properly addressed.

Mission: With over 30 years of law enforcement, security, inspection, regulatory compliance, and risk mitigation experience, we carry out every project with integrity, expertise, and resourcefulness. Our business is to mitigate risk.

OCR just announced a substantial HIPAA violation settlement.
05/06/2019
Tennessee diagnostic medical imaging services company pays $3,000,000 to settle breach exposing over 300,000 patients’ protected health information

OCR just announced a substantial HIPAA violation settlement.

Touchstone Medical Imaging (“Touchstone”) has agreed to pay $3,000,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (...

If you like our FB page, how about a follow on our LinkedIn Business page?
05/03/2019
www.linkedin.com

If you like our FB page, how about a follow on our LinkedIn Business page?

Could this mean that OCR will become more aggressive in seeking lower end settlements?  Is a lot of less better than a f...
04/30/2019
HHS curbs fines for HIPAA violations

Could this mean that OCR will become more aggressive in seeking lower end settlements? Is a lot of less better than a few larger settlements from a message sending perspective? We shall see. #CCHIPAA

A new legal interpretation of the act would cut the annual ceiling for a fine from $1.5 million and move to a tiered system, depending on violation severity.

04/12/2019
Healthcare Organizations Need to Check out their Security Posture

Excellent advice. In as little as 15 minutes, our HIPAA compliance experts will evaluate your current compliance program to determine if all mandatory privacy and security safeguards are in place to meet government regulations. Avoid record amounts of fines and penalties that are being imposed.
Give us a call today at 800-733-6379.

Healthcare has the second highest number of breaches following financial services, according to Verizon's Data Breach Investigations Report.

Excellent article.  If your organization needs assistance implementing a HIPAA compliance program, give us a call today ...
03/29/2019
Key Privacy and Security Program Elements to Survive a HIPAA Audit

Excellent article. If your organization needs assistance implementing a HIPAA compliance program, give us a call today at 800-733-8379. Be proactive and do not wait for a breach to occur.

AdvanceMD's Troy Young shares key security program needs that can help health organizations stay compliant with HIPAA and to avoid an OCR audit, as well as the trigger events that spur an audit.

Another reported HIPAA breach.......
03/22/2019
Email Server Migration Incident Impacts 277,000

Another reported HIPAA breach.......

An incident involving a third-party vendor migrating a server containing archived email of a medical device provider has resulted in a reported health data breach

Read the latest blog article by Jay Hodes, President - Colington Consulting titled "Is it Time for Your Organization to ...
03/18/2019
Is it Time for Your Organization to Hit t

Read the latest blog article by Jay Hodes, President - Colington Consulting titled "Is it Time for Your Organization to Hit the HIPAA Breach Panic Button."

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

Guilty Plea in Rare HIPAA Criminal Case
03/12/2019
Guilty Plea in Rare HIPAA Criminal Case

Guilty Plea in Rare HIPAA Criminal Case

A former patient coordinator at UPMC, a medical center in Pittsburgh, has pleaded guilty to wrongfully disclosing health information in a rare case involving

Three important takeaways from this case:1. The hospital was proactive in terminating (Sanctioned) those members of the ...
03/08/2019
Hospital Workers Fired for Smollett Searches: Sources

Three important takeaways from this case:

1. The hospital was proactive in terminating (Sanctioned) those members of the workforce that violated internal HIPAA policies and procedures.

2. Making sure members of a Covered Entity always understand an impermissible access of a patient's medical records is a violation of the Minimum Necessary Requirement of the HIPAA Privacy Rule.

3. Why required audit capabilities are an important part of a HIPAA compliance program. The ability to know who accessed what record, at what time, and from what location.

At least 50 employees may have been fired from Northwestern Memorial Hospital for accessing the medical profile and records of 'Empire' actor Jussie Smollett without authorization, sources with knowledge of the...

We are pleased to provide this guest post by Jason Silverstein, COO, PHIflow and one of our outstanding referral partner...
03/08/2019
“It all starts with trust” – Patient Priv

We are pleased to provide this guest post by Jason Silverstein, COO, PHIflow and one of our outstanding referral partners.

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

Another breach caused by human error and could have been easily avoided with a policy and procedure.
02/20/2019
Anesthesia Associates of Kansas City Discovers Theft of Patient Schedules

Another breach caused by human error and could have been easily avoided with a policy and procedure.

Patient schedules containing a limited amount of protected health information relating to up to 3,472 patients have been stolen from the vehicle of an employee of Anesthesia Associates of Kansas City.

02/18/2019

Does your medical or dental office need to complete annual HIPAA Security Awareness & Privacy Training?
If so, we can provide that training as an instructor led webinar. This interactive training will allow your staff to ask any HIPAA compliance questions they may have. For more information, give us a call today at 800-733-6379.

02/14/2019
Hackers are stealing sensitive medical records and selling them on dark web

For those in the healthcare sector, this is probably not going to come as a big surprise. Great work by the HHS Office of Inspector General, Office of Investigations, on this topic. The segment has a lot of great info but does not mention the additional implications associated with HIPAA violations.

As health care providers store patients' medical records digitally, some have left their files vulnerable to being exposed – and even sold on the internet's ...

Check out the latest blog article by Jay Hodes, President - Colington Consulting.
02/12/2019
What Comes Up, Must Go Down: Regulatory T

Check out the latest blog article by Jay Hodes, President - Colington Consulting.

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

As the article states, "it marks the first time that multiple State AGs have acted together to enforce HIPAA."  This is ...
02/07/2019
Historic State AG HIPAA Filing: An Important Case We Are Watching

As the article states, "it marks the first time that multiple State AGs have acted together to enforce HIPAA." This is an interesting concept and carries a lot of weight from an enforcement perspective.

In December 2018, twelve state Attorneys General (“AGs”) jointly filed suit1 against Medical Informatics Engineering, Inc. (“MIE”) claiming it violated the Health Insurance Por

Read the latest blog post by Jay Hodes, President - Colington Consulting regarding the need for Business Associate Agree...
01/31/2019
The Ongoing Importance of Completing Busi

Read the latest blog post by Jay Hodes, President - Colington Consulting regarding the need for Business Associate Agreements.

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

Interesting quote from the Director of the Division of Public Assistance who said "I think its important to reassure fol...
01/25/2019
DHSS cyber attack impacts more than 100,000 Alaska households

Interesting quote from the Director of the Division of Public Assistance who said "I think its important to reassure folks that every step that we can possibly take to prevent this kind of happening has been put in place but unfortunately there are some viruses we just aren't able to be prepared for." Obviously not. This organization settled with OCR in 2012 for $1.7 million in a case regarding a stolen USB drive. Another hard lesson learned in this recent case about the need for more proactive cybersecurity measures.

A cyber attack in April has impacted more than 100,000 Alaska households. The Department of Health and Human Services says the breach applies to people who applied for programs through the Division of Public Assistance.

Read the latest blog article by Jay Hodes, President - Colington Consulting
01/15/2019
HIPAA Best Practices for Employee Termina

Read the latest blog article by Jay Hodes, President - Colington Consulting

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

Read the latest blog article by Jay Hodes, President - Colington Consulting.
01/09/2019
Is a HIPAA Violation a Reportable Breach?

Read the latest blog article by Jay Hodes, President - Colington Consulting.

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

More enforcement action by a state Attorney General.
12/21/2018
Another State Announces a HIPAA Breach Settlement

More enforcement action by a state Attorney General.

In the latest in a series of HIPAA enforcement actions taken by states this year, Massachusetts Attorney General Maura Healey's office has signed a $75,000 consent

OCR spreading some unwanted holiday cheer and settles with a hospital for $111,400 for HIPAA violation.  #CCHIPAA
12/11/2018
Colorado hospital failed to terminate former employee’s access to electronic protected health information

OCR spreading some unwanted holiday cheer and settles with a hospital for $111,400 for HIPAA violation. #CCHIPAA

Pagosa Springs Medical Center (PSMC) has agreed to pay $111,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services and to adopt a substantial corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA)...

More reported HIPAA breaches
12/11/2018
16,000 Redwood Eye Center Patients Impacted by MSP Breach

More reported HIPAA breaches

A managed service provider that hosts the electronic health records of Redwood Eye Center in Vallejo, CA has experienced a security breach that has resulted in the exposure of 16,000 patients' protected health information.

For the second year, Colington Consulting is proud to support this great cause.
12/06/2018
Wreaths Across America

For the second year, Colington Consulting is proud to support this great cause.

I just sponsored a Veteran's Remembrance Wreath that will be placed in honor of a hero on Wreaths Across America Day, December 15, 2018. Join me in supporting WAA's mission to Remember, Honor, and Teach!

Read the latest blog article by Jay Hodes, President - Colington Consulting
12/06/2018
Am I Designated as a HIPAA Business Assoc

Read the latest blog article by Jay Hodes, President - Colington Consulting

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

$500,000 HIPAA Settlement Just Announced by OCR.  More to come in the remaining days of the year?  Stay tuned>
12/04/2018
Florida contractor physicians’ group shares protected health information with unknown vendor without a business associate agreement

$500,000 HIPAA Settlement Just Announced by OCR. More to come in the remaining days of the year? Stay tuned>

Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) and to adopt a substantial corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (H...

Very interesting but troubling incident.  Sounds like a possible payment dispute. Still does not justify not returning t...
11/28/2018
Dental Breach Notification Sparked by EMR Vendor Refusal

Very interesting but troubling incident. Sounds like a possible payment dispute. Still does not justify not returning the records.

EMR Vendor MOGO refused to return a patient database to Florida-based Key Dental Group at the termination of its contract, violating portions of HIPAA and the end user license agreement.

Read the latest blog article by Jay Hodes, President - Colington Consulting
11/13/2018
The Danger of Disregarding Risk Analysis:

Read the latest blog article by Jay Hodes, President - Colington Consulting

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

Read the latest blog from Jay Hodes, President - Colington Consulting, regarding the 2018 HIPAA Security Conference.
10/29/2018
Highlights from the 2018 HIPAA Security C

Read the latest blog from Jay Hodes, President - Colington Consulting, regarding the 2018 HIPAA Security Conference.

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

Just days before the annual HIPAA Security Conference in Washington, DC, OCR announces the largest settlement ever at $1...
10/16/2018
Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History

Just days before the annual HIPAA Security Conference in Washington, DC, OCR announces the largest settlement ever at $16 million.

Anthem, Inc. has agreed to pay $16 million to the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules after a ser...

Another reason to conduct thorough background checks in the healthcare sector.
09/25/2018
UMass Memorial Health Care Entities to Pay $230,000 to Resolve AG’s Lawsuit Over Data Breaches

Another reason to conduct thorough background checks in the healthcare sector.

UMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. will pay a total of $230,000 to resolve claims that two separate data breaches exposed the personal and health information of more than 15,000 Massachusetts residents, Attorney General Maura Healey announced today. According to...

OCR announces three related settlements today.  These are the first settlements since February.  Could this signal more ...
09/20/2018
Unauthorized Disclosure of Patients’ Protected Health Information During “Boston Med” Filming Results in Multiple HIPAA Settlements Totaling $999,000

OCR announces three related settlements today. These are the first settlements since February. Could this signal more to come before the end of the year?

Today, the Department of Health and Human Services, Office for Civil Rights (OCR) announced that it has reached separate settlements with Boston Medical Center (BMC), Brigham and Women's Hospital (BWH), and Massachusetts General Hospital (MGH) for compromising the privacy of patients’ protected he...

Good advice for an individual to take action to help prevent a personal identity breach from occurring and what to do if...
09/20/2018
How to recover from a health care data breach - The Parallax

Good advice for an individual to take action to help prevent a personal identity breach from occurring and what to do if a victim.

You can’t personally prevent a health care data breach. But you can take steps to minimize how much a breach can affect you.

Although settlement activity by OCR may be way down, there are still over 400 open breach investigations underway.  Very...
09/17/2018
Are State AGs Picking Up Slack in HIPAA Enforcement?

Although settlement activity by OCR may be way down, there are still over 400 open breach investigations underway. Very few will result in resolution agreements. Most organizations that report breaches will be put under some type of corrective action plan by OCR after their review and investigation. This will mean making sure organizations meet all HIPAA Security and Privacy Rule requirements. That can be a lot of compliance work for any organization.

Is a recent HIPAA settlement issued by the New York state attorney general’s office another sign that states might begin to overshadow federal regulators when it

Address

11325 Random Hills Road
Fairfax, VA
22030

Opening Hours

Monday 09:00 - 17:00
Tuesday 09:00 - 17:00
Wednesday 09:00 - 17:00
Thursday 09:00 - 17:00
Friday 09:00 - 17:00

Telephone

(800) 733-6379

Alerts

Be the first to know and let us send you an email when Colington Consulting posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Colington Consulting:

Videos

Nearby health & beauty businesses


Other Medical & Health in Fairfax

Show All