Colington Consulting

Colington Consulting Helping Organizations Achieve HIPAA Compliance.
HIPAA Compliance Services & Training

HIPAA RISK ASSESSMENTS The risk analysis is the first step to identify vulnerabilities and risks; determine the potential impact and provide a gap analysis. All assessments will include an action plan to prevent unauthorized access, tampering and theft. Our assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule. HIPAA RISK MANAGEMENT PLAN We develop and help your practice or business implement a Risk Management Plan. Think of your risk plan as your overall policies and procedures manual on how to make decisions to address security risk and vulnerabilities for HIPAA Security Rule compliance. Your completed plan will address all the required topics to include administrative, technical, and physical safeguards. Regardless of practice or business size, a Risk Management Plan is required. This may be one of the first documents OCR will request if there is a breach of electronic patient records or if a compliance audit is conducted. HIPAA PRIVACY POLICIES AND PROCEDURES MANUAL The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to healthcare providers that conduct certain healthcare related transactions. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without authorization. The best way to ensure your staff is familiar with the appropriate safeguards is by having a HIPAA Privacy Policies and Procedures Manual. We develop and help your practice or business implement a Privacy Manual. SECURITY AWARENESS TRAINING We develop security awareness training specifically designed for your practice or business office environment. Our training will address the four standard implementation specifications. Those are security reminders, protection for malicious software, log-in monitoring, and password management. We conduct initial, comprehensive training along with periodic refreshers. HIPAA DOCUMENTATION REVIEW If your practice or business already has documentation in place, we can conduct a review of those documents to ensure you are meeting the current HIPAA Security Rule and HITECH compliance requirements for patient electronic health records. This cost effective review can determine if all high risk areas for compliance are being properly addressed.

Mission: With over 35 years of law enforcement, security, inspection, regulatory compliance, and risk mitigation experience, we carry out every project with integrity, expertise, and resourcefulness. Our business is to mitigate risk.

A new blog article by Jay Hodes, President  - Colington Consulting has been posted on our web site.  You also find more ...
05/07/2020

A new blog article by Jay Hodes, President - Colington Consulting has been posted on our web site. You also find more information about our new web based training course "HIPAA Privacy & Coronavirus - What Your Workforce Needs to Know."

Samantha Gilbert, Senior Legal Compliance Writer, with Lexology Pro Compliance, recently published an article titled "CO...
05/01/2020
COVID-19: Sharing health data in the US and Canada | Lexology

Samantha Gilbert, Senior Legal Compliance Writer, with Lexology Pro Compliance, recently published an article titled "COVID-19: Sharing health data in the US and Canada." As part of this article, Jay Hodes, President - Colington Consulting provided comments.

FYI - You will need to register and set up an account to see the full article.

In the first of a two-part series on sharing health data to fight COVID-19, Samantha Gilbert analyses US and Canadian regulators’ advice and explores why compliance teams should err on the side of caution when it comes to sharing information and maintain data minimisation procedures wherever they ...

We are pleased to announce the addition of new, web-based training; HIPAA Privacy and Coronavirus - What Your Workforce ...
04/27/2020
HIPAA Privacy and Coronavirus – What Your Workforce Needs to Know

We are pleased to announce the addition of new, web-based training; HIPAA Privacy and Coronavirus - What Your Workforce Needs to Know. This is a 40 minute course and a must for all Covered Entities and Business Associate workforce members in understanding what protected health information can and cannot be shared during this public health emergency. For more information or to enroll, here is the link to the training; https://cchipaa.talentlms.com/catalog/info/id:161

HIPAA Training Courses

Is your healthcare organization onboarding new staff or using 1099 employees to support COVID-19 services?  Each new sta...
04/15/2020

Is your healthcare organization onboarding new staff or using 1099 employees to support COVID-19 services? Each new staff member or employee should receive HIPAA Security Awareness & Privacy Training prior to accessing any patient protected health information. We offer web based training that is affordable, easy to use, and allows for self-enrollment. For more information; check out our link; https://cchipaa.talentlms.com/catalog/info/id:146

A little insight on HIPAA enforcement actions.  Although OCR has pushed out recent guidance indicating they would use th...
04/13/2020

A little insight on HIPAA enforcement actions. Although OCR has pushed out recent guidance indicating they would use their discretionary authority when it comes to investigations, cases are continuing to be investigated. And with ransomware attacks on healthcare organizations at such a high level, expect enforcement activities to continue even in this current environment.

OCR stated in the February 20 guidance, "in an emergency situation, covered entities must continue to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures. Further, covered entities (and their business associates) must apply the administrative, physical, and technical safeguards of the HIPAA Security Rule to electronic protected health information."

04/10/2020

As COVID-19 events have impacted so many healthcare organizations, our company is still able to provide the majority of our HIPAA compliance services remotely. We are available and can set up an initial consultation to talk about our services and how we can assist your organization. Please give our office at call at 800-733-6379.

04/02/2020
www.hhs.gov

OCR Announces Notification of Enforcement Discretion to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities During The COVID-19 Nationwide Public Health Emergency.

This settlement, just announced by OCR, sends a very large message to small healthcare providers.  Regardless of size, m...
03/03/2020
Health Care Provider Pays $100,000 Settlement to OCR for Failing to Implement HIPAA Security Rule Requirements

This settlement, just announced by OCR, sends a very large message to small healthcare providers. Regardless of size, meeting all HIPAA requirements is not optional.

If your small healthcare practice needs assistance implementing a HIPAA compliance program, please give us a call at 800-733-6379 for a free, initial consultation.

The practice of Steven A. Porter, M.D., has agreed to pay $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) S...

It appears from this story, a now former employee had unauthorized access to patient PHI for well over two years.  This ...
01/27/2020
Beaumont fires employee for leaking patient data

It appears from this story, a now former employee had unauthorized access to patient PHI for well over two years. This case emphasizes the need and requirement to run HIPAA mandated audits on a routine basis to help discover these types of unauthorized access. At Colington Consulting, we often asked by clients how often do they need to run system access audits. Our response is always the same; as frequently as possible and at a minimum, once every 30 days.

Beaumont Health has fired an employee suspected of disclosing confidential information of more than 1,000 patients to a person believed to have been working on behalf of a personal injury attorney, the Southfield-based hospital system said Saturday morning.In a statement, Beaumont said it has…

Colington Consulting's cover photo
01/14/2020

Colington Consulting's cover photo

Colington Consulting's cover photo
01/14/2020

Colington Consulting's cover photo

A great recap of 2019 HIPAA enforcement actions.
01/07/2020
HIPAA Enforcement in 2019

A great recap of 2019 HIPAA enforcement actions.

HIPAA enforcement in 2019 has continued at a high level. There has also been a change in direction for OCR, which is now targeting HIPAA Right of Access failures.

As predicted, OCR ends the year with a flurry of resolutions and settlements, including the one announced yesterday.  An...
12/31/2019
Ambulance Company Pays $65,000 to Settle Allegations

As predicted, OCR ends the year with a flurry of resolutions and settlements, including the one announced yesterday. Another message sending settlement which could indicate enforcement trends for 2020. OCR has made it clear for a while now, regardless of size, organizations must have a comprehensive HIPAA compliance program in place. It appears OCR is willing to settle for less money but targat more violators.

If your organization's New Years resolution is to meet HIPAA compliance requirements, give us at call at 800-733-6379 for a free, initial consultation.

Ambulance Company Pays $65,000 to Settle Allegations of Longstanding HIPAA Noncompliance

This is some great advice.  If your organization needs assistance implementing or reviewing a HIPAA compliance program, ...
12/15/2019
7 steps to pass, or better yet avoid, an OCR security audit

This is some great advice. If your organization needs assistance implementing or reviewing a HIPAA compliance program, give us a call at 800-733-6379. We offer a free, initial consultation. In as little as 15 minutes, our experts can determine if regulatory requirements are being met or the process needed to stand up a compliance program.

Troy Young, chief technology officer at AdvancedMD and a cybersecurity expert, offers IT and infosec professionals some useful advice to help manage the potential of HIPAA audits.

On the day before Thanksgiving, OCR announces another substantial settlement.  This was a significant amount seeing this...
11/29/2019
OCR Secures $2.175 Million HIPAA Settlement after Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information

On the day before Thanksgiving, OCR announces another substantial settlement. This was a significant amount seeing this breach only affected 577 patients. Expect more settlements to be announced before the end of the year.

In an agreement with the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS), Sentara Hospitals (Sentara) have agreed to take corrective actions and pay $2.175 million to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA)...

Read our latest Key Facts blog post.  Find out what non-compliance issues OCR is still finding. Make sure your organizat...
10/29/2019

Read our latest Key Facts blog post. Find out what non-compliance issues OCR is still finding. Make sure your organization is addressing these critical areas.

OCR Director Severino said during the recent HIPAA Security Conference, there is going to be "serious enforcement" when ...
10/20/2019

OCR Director Severino said during the recent HIPAA Security Conference, there is going to be "serious enforcement" when it comes to patient right to access issues. Sounded like the two recent privacy rule violation settlements is only the beginning of more enforcement actions to come.

As part of the assessment process with Colington, we always evaluate an organization's understanding of compliance with the HIPAA Privacy Rule. Find more about our services and give us a call at 800-733-6379 for a free, initial consultation.

10/17/2019

OCR Director Severino announced updated stats at the HIPAA Security Conference yesterday morning. Hacking/IT incidents are significantly up to 61% of reported breaches. Of those, 40% are email related and 25% are associated with network servers. These are alarming numbers for the healthcare sector and the compromise of protected health information.

Does your organization provide information technology services in the healthcare sector?  Are you being asked to sign Bu...
10/11/2019

Does your organization provide information technology services in the healthcare sector? Are you being asked to sign Business Associate Agreements and not really sure what that entails when it comes to HIPAA?

If you want to learn more about HIPAA and how it applies to your organization but you don’t know where to start and how to turn that into an actionable plan, let us help provide that support.

Give us a call today at 800-733-6379 for a free, initial consultation. We help organizations achieve HIPAA compliance.

Another message sending settlement. Does your organization have a social media policy that addresses HIPAA compliance wi...
10/03/2019
Dental Practice Pays $10,000 to Settle Social Media Disclosures of Patients’ Protected Health Information

Another message sending settlement. Does your organization have a social media policy that addresses HIPAA compliance with the Privacy Rule? If not, we can help write one for your organization. Give us a call today at 800-733-6379 for free, initial consultation.

Elite Dental Associates, Dallas (“Elite”) has agreed to pay $10,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Pri...

Is your organization a healthcare provider? If so, do you fully understand an individual's right to access their medical...
10/01/2019

Is your organization a healthcare provider? If so, do you fully understand an individual's right to access their medical records, request changes, or the process to receive a copy? Is your Notice of Privacy Practices up to date? If these are areas your organization needs help with, give us a call today at 800-733-6379 so we can help get all of this in place.

Jay Hodes on LinkedIn: "This is significant. Not so much for the settlement amount, but it clearly sends a message. OCR ...
09/13/2019
Jay Hodes on LinkedIn: "This is significant. Not so much for the settlement amount, but it clearly sends a message. OCR management has indicated earlier this year it would be ramping up investigations regarding patient right to access issues....

Jay Hodes on LinkedIn: "This is significant. Not so much for the settlement amount, but it clearly sends a message. OCR management has indicated earlier this year it would be ramping up investigations regarding patient right to access issues....

September 13, 2019: Jay Hodes posted an article on LinkedIn

OCR seems have stalled when it comes to announcing major HIPAA settlements.  This article sheds some light on why with a...
08/21/2019
OCR Maintaining HIPAA Enforcement, Small Breaches Face Greater Scrutiny

OCR seems have stalled when it comes to announcing major HIPAA settlements. This article sheds some light on why with a possible focus on investigating smaller breaches. This may not be good news for those providers who reported a small breach.

A report from Beazley Breach Response Services sheds like on the state of OCR HIPAA enforcement: the agency prioritizes risk assessments and patterns of noncompliance during smaller breaches.

This is a great article regarding the topic of cyber insurance. If your organization is a Covered Entity or Business Ass...
08/05/2019
What Is Cyber Insurance for Healthcare Organizations?

This is a great article regarding the topic of cyber insurance. If your organization is a Covered Entity or Business Associate, you should read this article. Most cybersecurity experts say it is not if you will have a breach, but when. Be prepared!!

As the healthcare sector has continued to be a prime target for hackers in recent years, many have turned to cyber insurance to offset costs related to healthcare data breaches.

The trend continues and appears to be on pace to exceed last year's reported breaches.
07/03/2019
Health Data Breach Tally: A Mid-Year Update

The trend continues and appears to be on pace to exceed last year's reported breaches.

With half of 2019 in the rear-view mirror, what are the emerging healthcare data breach trends so far this year? Hacker/IT incidents continue to be the dominant

Read Part 2 of this blog article.
06/27/2019
A Data Breach a Day - Part 2

Read Part 2 of this blog article.

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

Read our latest Key Facts About HIPAA Compliance article.  Your organization can use these articles as a Security Remind...
06/19/2019
Key Facts About HIPAA Compliance – What Y

Read our latest Key Facts About HIPAA Compliance article. Your organization can use these articles as a Security Reminder to meet this implementation specification.

HIPAA Compliance Blog from the HIPAA COMPLIANCE EXPERTS at Colington Consulting.

Address

11325 Random Hills Road
Fairfax County, VA
22009

Opening Hours

Monday 09:00 - 17:00
Tuesday 09:00 - 17:00
Wednesday 09:00 - 17:00
Thursday 09:00 - 17:00
Friday 09:00 - 17:00

Telephone

8007336379

Alerts

Be the first to know and let us send you an email when Colington Consulting posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Colington Consulting:

Videos

Our Story

Nearby health & beauty businesses