Colington Consulting

Colington Consulting

Helping Organizations Achieve HIPAA Compliance™ HIPAA RISK ASSESSMENTS
The risk analysis is the first step to identify vulnerabilities and risks; determine the potential impact and provide a gap analysis.

All assessments will include an action plan to prevent unauthorized access, tampering and theft. Our assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule. HIPAA RISK MANAGEMENT PLAN
We develop and help your practice or business implement a Risk Management Plan. Think of your risk plan as your overall policie

Operating as usual

HIPAA Requirements – Providing Timely Access to Medical Records 09/16/2021

HIPAA Requirements – Providing Timely Access to Medical Records

Check out our latest blog post.

HIPAA Requirements – Providing Timely Access to Medical Records A fundamental part of the HIPAA Privacy Rule is to provide patients with the right to access and obtain copies of their health information when requested. However, over the past couple of years, there has been an increa...

Colington Consulting 09/15/2021

Colington Consulting

We are pleased to announce our HIPAA training courses have been updated to our newest versions. We offer training courses for Covered Entities and Business Associates.

If your workforce needs to meet annual training requirements, sign up today to enroll in one of these courses.

We can also provide live, instructor led HIPAA training. Give us a call today at 800-733-6379 for more information about this option.

Colington Consulting HIPAA Training Courses

OCR Resolves Twentieth Investigation in HIPAA Right of Access Initiative with $80,000 Settlement 09/10/2021

OCR Resolves Twentieth Investigation in HIPAA Right of Access Initiative with $80,000 Settlement

OCR continues it's enforcement and settlement campaign with another Right to Access case.

OCR Resolves Twentieth Investigation in HIPAA Right of Access Initiative with $80,000 Settlement The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces the resolution of its twentieth investigation in its HIPAA Right

Report: Cybercriminals increasingly targeting outpatient facilities 08/26/2021

Report: Cybercriminals increasingly targeting outpatient facilities

The report states "Examining breaches caused by hacking reveals something unexpected – attackers breached outpatient facilities and specialty clinics nearly as much as hospitals."

Does your organization need to conduct a HIPAA Security Assessment to determine vulnerabilities and threats? If so, give our office a call today at 800-733-6379 to schedule an assessment.

Report: Cybercriminals increasingly targeting outpatient facilities A report released Thursday by the cybersecurity firm Critical Insight found that bad actors have begun to shift their healthcare targets. The report used cyberattack data from the first half of 2021 to show that the number of breaches in the beginning of 2021 was higher than any six-month period bet...

OCR’s HIPAA Resolution Agreements: the Year Thus Far | JD Supra 08/12/2021

OCR’s HIPAA Resolution Agreements: the Year Thus Far | JD Supra

Good summary!

OCR’s HIPAA Resolution Agreements: the Year Thus Far | JD Supra The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has continued its enforcement of HIPAA’s privacy and...

The Average Cost of a Healthcare Data Breach is Now $9.42 Million 08/04/2021

The Average Cost of a Healthcare Data Breach is Now $9.42 Million

This is substantial. Although the results are based on average costs, small to mid-size healthcare providers should be concerned about these findings. Can your practice afford to cover costs associated with a breach? A HIPAA Security Risk Assessment is a great way to initially determine threats and vulnerabilities to help avoid a possible breach. If your organization needs to have a risk assessment conducted, give our office a call at 800-733-6379 to start the process.

The Average Cost of a Healthcare Data Breach is Now $9.42 Million IBM Security has published its 2021 Cost of a Data Breach Report, which shows data breach costs have risen once again and are now at the highest level IBM Security has published its 2021 Cost of a Data Breach Report. The average cost of a data breach is now $4.24 million, with healthcare data breach...

June 2021 Healthcare Data Breach Report 07/28/2021

June 2021 Healthcare Data Breach Report

Great job by the HIPAA Journal to pull together the June 2021 breach stats.

June 2021 Healthcare Data Breach Report For the third consecutive month, the number of reported healthcare data breaches of 500 or more records increased. June saw an 11% increase in reported

Wisconsin Dermatology Practice Reports Data Breach Affecting 2.41 Million Individuals 07/19/2021

Wisconsin Dermatology Practice Reports Data Breach Affecting 2.41 Million Individuals

Another reported HIPAA breach.

Wisconsin Dermatology Practice Reports Data Breach Affecting 2.41 Million Individuals Manitowoc, WI-based Forefront Management, LLC and Forefront Dermatology, S.C. discovered on June 4, 2021 that unauthorized individuals had gained access Forefront Management has reported a cyberattack that potentially involved the PII and PHI of 4,431 individuals, including Forefront Dermatology pat...

OCR Issues Summer 2021 Cybersecurity Newsletter 07/15/2021

OCR Issues Summer 2021 Cybersecurity Newsletter

OCR Issues Summer 2021 Cybersecurity Newsletter On July 14, OCR issued it's Summer 2021 Cybersecurity Newsletter titled "Controlling Access to ePHI: For Whose Eyes Only?" Here are the first few paragraphs of this very timely newsletter:

07/14/2021

As healthcare organizations have been getting back to some sense of normalcy, it is time to revisit HIPAA compliance requirements. Some chose to make HIPAA requirements a back burner topic during COVID. The HIPAA rules are still the rules. If you practice or organization needs to conduct a Security Risk Assessment or update HIPAA policies and procedures, give our office a call at 800-733-6379 to see how we can help.

As healthcare organizations have been getting back to some sense of normalcy, it is time to revisit HIPAA compliance requirements. Some chose to make HIPAA requirements a back burner topic during COVID. The HIPAA rules are still the rules. If you practice or organization needs to conduct a Security Risk Assessment or update HIPAA policies and procedures, give our office a call at 800-733-6379 to see how we can help.

February data breach exposed Wolfe Eye Clinic patient information 06/29/2021

February data breach exposed Wolfe Eye Clinic patient information

Add another significant HIPAA data breach to the list for 2021. We partner with some outstanding cybersecurity companies who can proactively evaluate your network, systems, and end points. To find out more, please give our office a call at 800-733-6379.

February data breach exposed Wolfe Eye Clinic patient information Wolfe Eye Clinic says current and former patient's personal information may have been accessed in a data breach.

Washington practice eliminates external hard drives containing PHI after theft: 4 details 06/21/2021

Washington practice eliminates external hard drives containing PHI after theft: 4 details

Lesson learned from this breach: If you are going to use an external hard drive to back up PHI data, make sure it is encrypted. How does your organization back up ePHI data? On prem, in the cloud, or not really sure how it is backed up? Although the HIPAA Security Rule does not specify how, it does require the organization to verify the data is being backed up and have a process in place to restore that data.

Washington practice eliminates external hard drives containing PHI after theft: 4 details Tacoma, Wash.-based NorthWest Congenital Heart Care experienced a data breach May 7 when an unauthorized person stole a hard drive from a physician's office.

Key Facts About HIPAA Compliance – # 15 06/16/2021

Key Facts About HIPAA Compliance – # 15

Read our latest blog post regarding information system activity reviews.

Key Facts About HIPAA Compliance – # 15 Our series is designed to explain best practices about HIPAA compliance, HIPAA settlements, and the various requirements an organization must have in place under the HIPAA Security & Privacy Rules.

Hospital Pays Ransom in Exchange for Promised Data Destruction 06/09/2021

Hospital Pays Ransom in Exchange for Promised Data Destruction

Another troubling case and HIPAA breach.

Hospital Pays Ransom in Exchange for Promised Data Destruction The recent decision by a Massachusetts-based hospital to pay a ransom in exchange for promises by the attackers to destroy stolen data spotlights the difficult

More than 3.2 Million Individuals Affected by 20/20 Hearing Care Network Data Breach 06/07/2021

More than 3.2 Million Individuals Affected by 20/20 Hearing Care Network Data Breach

Significant breach reported affecting more than 3.2 million individuals.

More than 3.2 Million Individuals Affected by 20/20 Hearing Care Network Data Breach The 20/20 Hearing Care Network has started notifying millions of current and former members that some of their protected health information (PHI) has The 20/20 Hearing Care Network has notified current and former members about a security breach in which PHI was accessed, downloaded, and deleted from...

OCR Settles Nineteenth Investigation in HIPAA Right of Access Initiative 06/03/2021

OCR Settles Nineteenth Investigation in HIPAA Right of Access Initiative

HIPAA settlements roll on. Another case in which receiving a copy of medical records did not comply with HIPAA Privacy Rule requirements. In this case, it took two years.

OCR Settles Nineteenth Investigation in HIPAA Right of Access Initiative The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its nineteenth settlement of an enforcement action in its HIPAA

Clinical Laboratory Pays $25,000 to Settle Potential HIPAA Security Rule Violations 05/25/2021

Clinical Laboratory Pays $25,000 to Settle Potential HIPAA Security Rule Violations

New HIPAA settlement announced this morning.

Clinical Laboratory Pays $25,000 to Settle Potential HIPAA Security Rule Violations Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories (Peachstate), has agreed to pay $25,000 to the Office for Civil Rights (OCR) at

[05/21/21]   Many healthcare organizations are back to almost normal operations, although with some COVID protocols still in place. For some organizations, HIPAA compliance requirements were put on the back burner to deal with needed operational adjustments for COVID.

Does your organization need to address HIPAA compliance requirements, including conducting a Security Risk Assessment and training your staff? If so, Colington Consulting can help with all of that. Give our office a call today at 800-733-6379 to schedule a free, initial consultation.

HIPAA Protected Health Information | JD Supra 05/10/2021

HIPAA Protected Health Information | JD Supra

Some good basic information. If your organization needs more in-depth information regarding all aspects of the HIPAA Privacy Rule, give our office a call at 800-733-6379. We offer a free, initial consultation.

HIPAA Protected Health Information | JD Supra Most healthcare professionals understand many of HIPAA’s regulations are all about safeguarding protected health information (PHI), but there is much...

March 2021 Healthcare Data Breach Report 04/27/2021

March 2021 Healthcare Data Breach Report

According to this article "there was a 38.8% increase in reported healthcare data breaches in March" with "62 breaches of 500 or more records reported to" OCR.

As this trend continues, organizations must be proactive with their HIPAA compliance programs. Conducting HIPAA Security Risk Assessments can identify potential vulnerabilities and threats.

If your organization needs to conduct a risk assessment, give our office a call today at 800-733-6379. We can schedule your assessment within a coupe of days. Make sure your organization is not one of those stats for next month.

March 2021 Healthcare Data Breach Report Healthcare data breaches increased by 38.8% in March. 62 breaches of 500 or more records were reported and 2,913,084 healthcare records were breached.

HIPAA Requirements – Patient Rights to Access Medical Records 04/12/2021

HIPAA Requirements – Patient Rights to Access Medical Records

Read the latest blog article by Jay Hodes, President - Colington Consulting.

HIPAA Requirements – Patient Rights to Access Medical Records By Jay Hodes – President, Colington Consulting

HIPAA Compliance Services - Colington Consulting 04/06/2021

HIPAA Compliance Services - Colington Consulting

Is your organization struggling to meet or understand HIPAA compliance requirements? Find out if your organization is meeting those critical HIPAA compliance requirements by taking our 15- question survey which can be found on our website home page. The survey is free to use with no marketing strings attached. Based on the results of the survey, we offer a free initial consultation to see how we can help your organization achieve HIPAA compliance.

HIPAA Compliance Services - Colington Consulting Helping Organizations Achieve HIPAA Compliance with a full range of services for Covered Entities and Business Associates

Top 10 HIPAA Consulting Companies in 2020 | Atlantic.Net 03/31/2021

Top 10 HIPAA Consulting Companies in 2020 | Atlantic.Net

We would like to thank Atlantic.Net for recognizing us as one the of the Top 10 HIPAA Compliance Companies 2020. Rated as #2, this year we strive to be #1.

Top 10 HIPAA Consulting Companies in 2020 | Atlantic.Net Choosing a suitable HIPAA consultant can be tough, so Atlantic.Net has collated a list of the Top 10 HIPAA Consulting Companies in 2020.

OCR Settles Eighteenth Investigation in HIPAA Right of Access Initiative 03/29/2021

OCR Settles Eighteenth Investigation in HIPAA Right of Access Initiative

OCR continues to roll on with settlement activity. In this case, the organization agreed to take corrective actions and pay $30,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard.

OCR Settles Eighteenth Investigation in HIPAA Right of Access Initiative The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its eighteenth settlement of an enforcement action in its HIPAA

2020 Saw Major Increase in Healthcare Hacking Incidents and Insider Breaches 03/23/2021

2020 Saw Major Increase in Healthcare Hacking Incidents and Insider Breaches

This is troubling but not surprising. This article does state "Business associate breaches resulted in the exposure or theft of more than 24 million patient records, with 55% of all hacking incidents having some business associate involvement along with 25% of insider error incidents. The number of breaches involving business associates could be considerably higher as the researchers were unable to accurately determine if business associates were involved in many of the breaches."

If your organization is a HIPAA Business Associate and assistance is needed in implementing a compliance program to meet all regulatory requirements, give us a call today at 800-733-6379 for a free, initial consultation.

2020 Saw Major Increase in Healthcare Hacking Incidents and Insider Breaches The 2021 Protenus Breach Barometer report shows healthcare hacking incidents increased by 42% in 2020 and insider breaches increased for the first time in 4 years.

Small and Medium Sized Practices Under Increased Pressure from Cyberattacks 03/11/2021

Small and Medium Sized Practices Under Increased Pressure from Cyberattacks

Although we address HIPAA from the compliance perspective, we partner with IT companies that can help organizations implement technical safeguards to address cybersecurity concerns. Give us a call today 800-733-6379 for more information.

Small and Medium Sized Practices Under Increased Pressure from Cyberattacks Cyberattacks on small and medium sized healthcare organizations are increasing. They are the sweet spot for cybercriminals – Attacks are relatively easy and still very profitable.

Common HIPAA violations physicians should guard against 03/04/2021

Common HIPAA violations physicians should guard against

This is an interesting article from the AMA. In their Code of Medical Ethics Opinion 3.1.1, it states “Protecting information gathered in association with the care of the patient is a core value in health care." “However, respecting patient privacy in other forms is also fundamental, as an expression of respect for patient autonomy and a prerequisite for trust.”

It may be a core value and instill trust but it is mandated by the HIPAA Privacy Rule. As part of the assessment process our company conducts, we address Privacy Rule requirements. Although a Privacy Rule Assessment is not a regulatory requirement, like a Security Risk Assessment is, organizations still have culpability for not complying with a patient's privacy rights, especially a right to access one's medical records.

To find out more about our comprehensive assessment process, give our office a call at 800-733-6379 to schedule a free, initial consultation. #cchipaa

Common HIPAA violations physicians should guard against Since 2003, these five violations of patient privacy have been catching the attention of federal regulators who have been keeping an eye on physicians.

Key Facts About HIPAA Compliance – # 14 03/03/2021

Key Facts About HIPAA Compliance – # 14

Read our latest post regarding HIPAA policies and procedures, along with review and updates requirements. #cchipaa

Key Facts About HIPAA Compliance – # 14 Our series is designed to explain best practices about HIPAA compliance, HIPAA settlements, and the various requirements an organization must have in place under the HIPAA Security & Privacy Rules.

March 1, 2021: Deadline for Reporting 2020 Small Healthcare Data Breaches 03/01/2021

March 1, 2021: Deadline for Reporting 2020 Small Healthcare Data Breaches

Great Reminder: Breach reporting deadline is today.

March 1, 2021: Deadline for Reporting 2020 Small Healthcare Data Breaches The deadline for reporting 2020 healthcare data breaches of fewer than 500 records to the U.S. Department of Health and Human Services is March 1, 2021.

02/11/2021

Weeks into the new administration and with Acting Director Robinsue Frohboese at the helm, OCR announces another settlement in their continuous enforcement of patient right to access cases.

Weeks into the new administration and with Acting Director Robinsue Frohboese at the helm, OCR announces another settlement in their continuous enforcement of patient right to access cases.

Philadelphia Department of Public Health Terminates Vaccine Distribution Contract Over Alleged Privacy Violations 02/02/2021

Philadelphia Department of Public Health Terminates Vaccine Distribution Contract Over Alleged Privacy Violations

Why it pays to always vet vendors who are or going to be HIPAA Business Associates. As part of our HIPAA compliance services, we offer Business Associate/Vendor Evaluations to determine if the necessary safeguards are in place to receive, maintain or transmit your organization's ePHI. For more info, please give us a call today at 800-733-6379.

Philadelphia Department of Public Health Terminates Vaccine Distribution Contract Over Alleged Privacy Violations The Philadelphia Department of Public Health has terminated its contract with Philly Fighting COVID over a privacy policy that potentially allowed PHI to be sold.

01/20/2021

Yesterday, OCR pushed out an email that tallied their accomplishments during the last four years under Director Roger Severino. In terms of enforcement activity, here is what was indicated in that email:

Highest Number of HIPAA Enforcement Actions: OCR’s settlements and penalties create specific and general deterrents to HIPAA violations for the specific entities investigated, as well as the entire regulated industry. From March 2017 through January 2021, OCR set new enforcement records in this area, by completing 48 enforcement actions requiring covered entities and business associates to implement corrective actions, or the imposition of civil money penalties, including a record 19 enforcement actions in 2020.

During this period, OCR obtained over $67.6 million in settlements, judgements, and collections on privacy and security issues ranging from lack of access to patient records to massive breaches of electronic protected health information. The cases included the biggest U.S. health care data breach in history which resulted in OCR securing the largest settlement in OCR history with the $16 million settlement with Anthem, Inc. #cchipaa

Yesterday, OCR pushed out an email that tallied their accomplishments during the last four years under Director Roger Severino. In terms of enforcement activity, here is what was indicated in that email:

Highest Number of HIPAA Enforcement Actions: OCR’s settlements and penalties create specific and general deterrents to HIPAA violations for the specific entities investigated, as well as the entire regulated industry. From March 2017 through January 2021, OCR set new enforcement records in this area, by completing 48 enforcement actions requiring covered entities and business associates to implement corrective actions, or the imposition of civil money penalties, including a record 19 enforcement actions in 2020.

During this period, OCR obtained over $67.6 million in settlements, judgements, and collections on privacy and security issues ranging from lack of access to patient records to massive breaches of electronic protected health information. The cases included the biggest U.S. health care data breach in history which resulted in OCR securing the largest settlement in OCR history with the $16 million settlement with Anthem, Inc. #cchipaa

Videos (show all)

The Reality of HIPAA Compliance
Why Work with Us?

Category

Telephone

Address


Fairfax County, VA
22009

Opening Hours

Monday 9am - 5pm
Tuesday 9am - 5pm
Wednesday 9am - 5pm
Thursday 9am - 5pm
Friday 9am - 5pm