Colington Consulting

Colington Consulting

Helping Organizations Achieve HIPAA Compliance™ HIPAA Compliance Services & Training HIPAA RISK ASSESSMENTS The risk analysis is the first step to identify vulnerabilities and risks; determine the potential impact and provide a gap analysis.

All assessments will include an action plan to prevent unauthorized access, tampering and theft. Our assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule. HIPAA RISK MANAGEMENT PLAN We develop and help your practice or business implement a Risk Management Plan. Think of your risk plan as your overall policies and procedures manual on how to make decisions to address security risk and vulnerabilities for HIPAA Security Rule compliance. Your completed plan will address all the required topics to include administrative, technical, and physical safeguards. Regardless of practice or business size, a Risk Management Plan is required. This may be one of the first documents OCR will request if there is a breach of electronic patient records or if a compliance audit is conducted. HIPAA PRIVACY POLICIES AND PROCEDURES MANUAL The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to healthcare providers that conduct certain healthcare related transactions. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without authorization. The best way to ensure your staff is familiar with the appropriate safeguards is by having a HIPAA Privacy Policies and Procedures Manual. We develop and help your practice or business implement a Privacy Manual. HIPAA SECURITY AWARENESS & PRIVACY TRAINING We can develop security awareness & privacy training specifically for your practice or business office environment. We offer web based HIPAA training available through our website. HIPAA DOCUMENTATION REVIEW If your practice or business already has documentation in place, we can conduct a review of those documents to ensure you are meeting the current HIPAA Security Rule and HITECH compliance requirements for patient electronic health records. This cost effective review can determine if all high risk areas for compliance are being properly addressed.

Mission: With over 35 years of law enforcement, security, inspection, regulatory compliance, and risk mitigation experience, we carry out every project with integrity, expertise, and resourcefulness. Our business is to mitigate risk.

Operating as usual

hhs.gov

OCR Settles Eleventh Investigation in HIPAA Right of Access Initiative

OCR announces another settlement for violations of the HIPAA Privacy Rule. At Colington, we include a HIPAA Privacy Assessment as part of our overall HIPAA Risk Assessment process. As government enforcement continues at this rapid pace, make sure your organization can meet all regulatory requirements.

Call us today at 800-733-6379 to schedule your organization's HIPAA Risk Assessments. Don't be the next organization in the news for HIPAA violations.

hhs.gov The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its eleventh settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely a...

hhs.gov

OCR Settles Tenth Investigation in HIPAA Right of Access Initiative

OCR is on a roll with settlements. Here is another message sending case. How can your organization prevent this from happening? Let Colington Consulting conduct a HIPAA Privacy Assessment to determine if all requirements under the HIPAA Privacy Rule are being followed. Give us a call today at 800-733-6379 to schedule the assessment.

hhs.gov The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces that it has settled its tenth enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals' right to timely acc...

Colington Consulting's cover photo

healthitsecurity.com

Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations

New Jersey Attorney General settlement for HIPAA violations. The case involved improper disposal of devices containing patient protected health information identifiers.

healthitsecurity.com Wakefern Food Corp and two associated ShopRite pharmacies reached a $235,000 settlement with New Jersey to resolve allegations of violations of the NJ Consumer Fraud Act and HIPAA Privacy Rule.

youtube.com

Dozens of patient records dumped in St. Louis industrial area

There is NO excuse for this. Blatant disregard for patient privacy. OCR needs to send a strong message when and if the company or person responsible for this breach decides to settle the case.

ST. LOUIS — Gary Fiorino set out to explore a hidden part of St. Louis earlier this year. He knew the area as a landmark of World War II, where a small-arms ...

apnews.com

FBI warns ransomware assault threatens US healthcare system

This is troubling, especially for small to mid-size healthcare providers who may not the proper safeguards in place to defend against these types of attacks.

One of the first steps to determine if the proper safeguards are in place, is to conduct a HIPAA Security Risk Assessment (SRA). An SRA, besides being a regulatory requirement, can determine vulnerabilities and threats that can be exploited by these bad actors.

Need to conduct an SRA? Colington Consulting can get your organization's assessment scheduled and completed within days. Give us a call at 800-733-6379 to schedule.

apnews.com BOSTON (AP) — Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information...

hhs.gov

Aetna Pays $1,000,000 to Settle Three HIPAA Breaches

Even during this public health emergency for COVID, OCR continues to roll along with enforcement activities and settlements. Organizations need to remember the HIPAA rules are still the rules and must continue to make a good faith effort to follow them.

hhs.gov Aetna Life Insurance Company and the affiliated covered entity (Aetna) has agreed to pay $1,000,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability....

healthitsecurity.com

3 Compliance Considerations for HIPAA-Required Breach Response

This is some great advice. At Colington, we always generate comprehensive breach notification policies and procedures for all of our clients. We assist to make a determine whether a security incident rises to the level of a reportable breach. If your organization needs to put into place these types of procedures, give us a call today at 800-733-6379 for a free, initial consultation.

healthitsecurity.com Responding to a breach requires a host of security processes and procedures. And for healthcare provider organizations, it can prove challenging to remain compliant with the HIPAA Privacy Rule.

cchipaa.com

Key Facts About HIPAA Compliance – What You Need to Know # 12

Helping Organizations Achieve HIPAA Compliance #CCHIPAA

cchipaa.com Our series is designed to explain best practices about HIPAA compliance, HIPAA settlements, and the various requirements an organization must have in place under the HIPAA Security & Privacy Rules.

hhs.gov

Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People

OCR ends the week with another significant settlement. Second highest payment ever for a breach affecting over 10 million people.

hhs.gov Premera Blue Cross (PBC) has agreed to pay $6.85 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy....

hhs.gov

HIPAA Business Associate Pays $2.3 Million to Settle Breach

This is the 7th settlement announced by OCR just in the last 8 days. More to come??

hhs.gov HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individuals

hhs.gov

Orthopedic Clinic Pays $1.5 Million to Settle Systemic Noncompliance with HIPAA Rules

OCR enforcement actions continue with another significant settlement announced. Does your organization want to avoid costly settlements for HIPAA violations? Find out how by giving us a call at 800-733-6379.

hhs.gov Athens Orthopedic Clinic PA ("Athens Orthopedic") has agreed to pay $1,500,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Ac...

cchipaa.com

OCR Settles Multiple Complaints Regarding Patient Right of Access

Read the latest blog post by Jay Hodes, President - Colington Consulting

cchipaa.com by Jay Hodes – President, Colington Consulting

cchipaa.com

HIPAA Compliance Services - Colington Consulting

We just added a free HIPAA Compliance Survey to our website home page. Find out if your organization is meeting critical HIPAA compliance requirements by taking this 15-question survey. This is a free download for organizational use. No commitments or obligations to use our survey and no marketing follow up by our company. To find the survey, click on our home page; www.cchipaa.com

cchipaa.com Helping Organizations Achieve HIPAA Compliance with a full range of services for Covered Entities and Business Associates

cchipaa.com

Office for Civil Rights - Guidance on HIPAA IT Asset Inventories

Read our latest blog article regarding HIPAA IT Asset Inventory requirements.

cchipaa.com On August 25, 2020, OCR as part of its quarterly cybersecurity newsletter, provided outstanding guidance regarding HIPAA and IT Asset Inventories. As part of the risk assessment process at Colington Consulting, this is ...

jdsupra.com

OCR Enforcement of HIPAA Security Requirements Continues Despite Pandemic | JD Supra

If your organization needs to implement a HIPAA compliance program or have us conduct a HIPAA Risk Assessment, give us a call today at 800-733-6379.

Should a breach occur and your organization's HIPAA requirements are not in place, expect an OCR investigation to be highly critical of non-compliance issues.

jdsupra.com Two recent settlements of HIPAA violations related to security breaches at a small healthcare provider and a health system highlight the continued...

Over the last few weeks, our office received a number of inquires regarding HIPAA compliance services.

Even as we continue to be challenged by the disruptions of COVID-19, it is important to know that HIPAA compliance requirements are still in place. Over the past few months, the HHS Office of Civil Rights (OCR) announced it would exercise its enforcement discretion and will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against health care providers or their business associates. However, this discretion is very specific and narrow in scope.

Organizations must still have a HIPAA compliance program in place. There are no exceptions to meeting the HIPAA Privacy and Security Rule requirements during a public health emergency. The rules are still the rules.

To help organizations, we are offering up to a 25% discount for all of our services for a limited time. If your organization is interested in seeing how we can assist, please give us a call today at 800-733-6379.

natlawreview.com

Size Doesn’t Matter for OCR Enforcement Actions

As we have previously addressed.

natlawreview.com Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of tha

hhs.gov

Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach

OCR announces another significant settlement for non-compliance with the HIPAA Security Rule.

hhs.gov Lifespan Health System Affiliated Covered Entity (Lifespan ACE), a non-profit health system based in Rhode Island, has agreed to pay $1,040,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential...

hhs.gov

Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements

OCR is making it clear, that even during a pandemic, it is going to continue to move forward with enforcement activities and enter into resolution agreements.

This recent settlement involves a small healthcare practice and serves as a message sending case. Small providers must still meet HIPAA compliance requirements, regardless of size.

If your small healthcare organization needs to find out where it stands on the compliance spectrum and know if all regulatory requirements are properly addressed, give us a call today at 800-733-6379 for a free consultation.

hhs.gov Metropolitan Community Health Services (Metro), doing business as Agape Health Services, has agreed to pay $25,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insuran...

healthitsecurity.com

41 Providers Reported Ransomware Attacks in First Half of 2020

Another great article by Jessica Davis and another reason why OCR continues to enforce HIPAA regulations even during a public health emergency.

healthitsecurity.com Amid COVID-19, just 41 providers reported being hit with successful ransomware attacks. Emsisoft research shows a likely uptick in the rate of attacks, as remote workers return to the office.

[07/08/20]   Even as we continue to be challenged by the disruptions of COVID-19, it is important to know that HIPAA compliance requirements are still in place. Over the past few months, the HHS Office of Civil Rights (OCR) announced it would exercise its enforcement discretion and will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against health care providers or their business associates. However, this discretion is very specific and narrow in scope.

Organizations must still have a HIPAA compliance program in place. There are no exceptions to meeting the HIPAA Privacy and Security Rule requirements.

If your organization is interested in seeing how Colington Consulting can assist in evaluating your current HIPAA compliance program or need a full range of HIPAA compliance services, please give us a call today at 800-733-6379.

A new blog article by Jay Hodes, President - Colington Consulting has been posted on our web site. You also find more information about our new web based training course "HIPAA Privacy & Coronavirus - What Your Workforce Needs to Know."

lexology.com

COVID-19: Sharing health data in the US and Canada | Lexology

Samantha Gilbert, Senior Legal Compliance Writer, with Lexology Pro Compliance, recently published an article titled "COVID-19: Sharing health data in the US and Canada." As part of this article, Jay Hodes, President - Colington Consulting provided comments.

FYI - You will need to register and set up an account to see the full article.

lexology.com In the first of a two-part series on sharing health data to fight COVID-19, Samantha Gilbert analyses US and Canadian regulators’ advice and explores why compliance teams should err on the side of caution when it comes to sharing information and maintain data minimisation procedures wherever they ...

cchipaa.talentlms.com

HIPAA Privacy and Coronavirus – What Your Workforce Needs to Know

We are pleased to announce the addition of new, web-based training; HIPAA Privacy and Coronavirus - What Your Workforce Needs to Know. This is a 40 minute course and a must for all Covered Entities and Business Associate workforce members in understanding what protected health information can and cannot be shared during this public health emergency. For more information or to enroll, here is the link to the training; https://cchipaa.talentlms.com/catalog/info/id:161

cchipaa.talentlms.com HIPAA Training Courses

Is your healthcare organization onboarding new staff or using 1099 employees to support COVID-19 services? Each new staff member or employee should receive HIPAA Security Awareness & Privacy Training prior to accessing any patient protected health information. We offer web based training that is affordable, easy to use, and allows for self-enrollment. For more information; check out our link; https://cchipaa.talentlms.com/catalog/info/id:146

A little insight on HIPAA enforcement actions. Although OCR has pushed out recent guidance indicating they would use their discretionary authority when it comes to investigations, cases are continuing to be investigated. And with ransomware attacks on healthcare organizations at such a high level, expect enforcement activities to continue even in this current environment.

OCR stated in the February 20 guidance, "in an emergency situation, covered entities must continue to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures. Further, covered entities (and their business associates) must apply the administrative, physical, and technical safeguards of the HIPAA Security Rule to electronic protected health information."

[04/10/20]   As COVID-19 events have impacted so many healthcare organizations, our company is still able to provide the majority of our HIPAA compliance services remotely. We are available and can set up an initial consultation to talk about our services and how we can assist your organization. Please give our office at call at 800-733-6379.

www.hhs.gov

OCR Announces Notification of Enforcement Discretion to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities During The COVID-19 Nationwide Public Health Emergency.

hhs.gov

hhs.gov

Health Care Provider Pays $100,000 Settlement to OCR for Failing to Implement HIPAA Security Rule Requirements

This settlement, just announced by OCR, sends a very large message to small healthcare providers. Regardless of size, meeting all HIPAA requirements is not optional.

If your small healthcare practice needs assistance implementing a HIPAA compliance program, please give us a call at 800-733-6379 for a free, initial consultation.

hhs.gov The practice of Steven A. Porter, M.D., has agreed to pay $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) S...

crainsdetroit.com

Beaumont fires employee for leaking patient data

It appears from this story, a now former employee had unauthorized access to patient PHI for well over two years. This case emphasizes the need and requirement to run HIPAA mandated audits on a routine basis to help discover these types of unauthorized access. At Colington Consulting, we often asked by clients how often do they need to run system access audits. Our response is always the same; as frequently as possible and at a minimum, once every 30 days.

crainsdetroit.com Beaumont Health has fired an employee suspected of disclosing confidential information of more than 1,000 patients to a person believed to have been working on behalf of a personal injury attorney, the Southfield-based hospital system said Saturday morning.In a statement, Beaumont said it has…

Our Story

HIPAA RISK ASSESSMENTS The risk analysis is the first step to identify vulnerabilities and risks; determine the potential impact and provide a gap analysis. All assessments will include an action plan to prevent unauthorized access, tampering and theft. Our assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule. HIPAA RISK MANAGEMENT PLAN We develop and help your practice or business implement a Risk Management Plan. Think of your risk plan as your overall policies and procedures manual on how to make decisions to address security risk and vulnerabilities for HIPAA Security Rule compliance. Your completed plan will address all the required topics to include administrative, technical, and physical safeguards. Regardless of practice or business size, a Risk Management Plan is required. This may be one of the first documents OCR will request if there is a breach of electronic patient records or if a compliance audit is conducted. HIPAA PRIVACY POLICIES AND PROCEDURES MANUAL The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to healthcare providers that conduct certain healthcare related transactions. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without authorization. The best way to ensure your staff is familiar with the appropriate safeguards is by having a HIPAA Privacy Policies and Procedures Manual. We develop and help your practice or business implement a Privacy Manual. SECURITY AWARENESS TRAINING We develop security awareness training specifically designed for your practice or business office environment. Our training will address the four standard implementation specifications. Those are security reminders, protection for malicious software, log-in monitoring, and password management. We conduct initial, comprehensive training along with periodic refreshers. HIPAA DOCUMENTATION REVIEW If your practice or business already has documentation in place, we can conduct a review of those documents to ensure you are meeting the current HIPAA Security Rule and HITECH compliance requirements for patient electronic health records. This cost effective review can determine if all high risk areas for compliance are being properly addressed.

Want your business to be the top-listed Law Practice in Fairfax County?

Click here to claim your Sponsored Listing.

Videos (show all)

The Reality of HIPAA Compliance
Why Work with Us?

Category

Telephone

Address


Fairfax County, VA
22009

Opening Hours

Monday 09:00 - 17:00
Tuesday 09:00 - 17:00
Wednesday 09:00 - 17:00
Thursday 09:00 - 17:00
Friday 09:00 - 17:00
About   Contact   Privacy   FAQ   Login C