• search
Helping Organizations Achieve HIPAA Compliance ™
Call Today: (800) 733-6379

HIPAA Compliance Services

Helping Organizations Achieve HIPAA Compliance 

Are These the Types of Situations Your Organization Tries to Address:

  • The regulations are so complex, we can’t seem to figure out what needs to be in place to meet requirements.
  • We spoke with other HIPAA compliance companies and consultants and are now even more confused about the requirements and received conflicting quotes for services.
  • The cost for compliance services seems very high and well beyond our budget.
  • We think our HIPAA compliance program addresses all the requirements, but we are not sure.
  • Would our organization be prepared if a HIPAA breach does occur?
  • We are a small organization and do not have the internal resources to manage our HIPAA compliance program and to make sure we are up-to-date with the current regulations.
  • We are a new organization and quickly need to put a HIPAA compliance program in place.

At Colington Consulting, we offer a full range of services for all types of healthcare organizations and business associates to meet regulatory HIPAA compliance requirements and address all these situations and more. Leveraging our experience in government operations, Colington Consulting offers expertise to implement compliance programs and make sure you have the proper safeguards in place. Our fees are based on what specifically your organization will need to meet regulatory requirements and reasonably priced to accommodate any budget.

Whether you are a dental practice, healthcare app developer, general medical practice, urgent care facility, or a hospital system seeking assistance with HIPAA Security and Privacy Rule compliance, our solutions are designed to maximize your valuable time. Colington Consulting provides consultation should your practice or business be the subject of a HHS-OCR compliance investigation or audit.

Think it can’t happen to you? More than 290 million individuals have been affected by reported HIPAA breaches.  The HHS Office for Civil Rights that enforces HIPAA compliance has settled or imposed a civil money penalty resulting in a total dollar amount of more than $106 million.

Let Colington Consulting help implement your compliance requirements to mitigate your risk. Contact us at (800) 733-6379 or info@cchipaa.com to get started with a free, initial consultation

Please see all the compliance services we offer:

HIPAA Security Risk Assessments

A HIPAA Security Risk Assessment is the first step to identify vulnerabilities and risks, determine the potential impact, and provide a gap analysis. All assessments will include remediation action plans for the confidentiality, integrity, and availability of electronic protected health information held by the organization.

Colington Consulting's assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule, HITECH, the HIPAA Omnibus Rule and applicable parts of National Institute of Standards and Technology (NIST) SP 800 series requirements.  Our process will determine and document the likelihood that a particular threat will trigger or exploit a particular vulnerability as well as the impact if a vulnerability is triggered or exploited.  An Overall Security Risk is determined for compliance with particular standards and implementation specifications of the Security Rule and serves in part, as the gap analysis.

Once completed, our assessments are easy to understand and show what steps need to be taken to mitigate risk. We assist you with every step in the process.

Here is a sample of part of an assessment report:

HIPAA Privacy Assessments

A privacy assessment will determine if an organization is meeting requirements of the HIPAA Privacy Rule.  A comprehensive assessment report is provided.  We offer Covered Entity and Business Associate versions for the assessment. 

HIPAA Risk Management Plans (Policies & Procedures)

Colington Consulting develops and helps your organization implement a risk management plan and a comprehensive HIPAA compliance program. 

Think of your risk plan as your overall policies and procedures manual to address critical requirements under the HIPAA Security Rule. Our user friendly formats make it easy for workforce members to quickly find a particular section and apply the specific procedure to follow. 

Your completed and customized plan will address all the required topics to include administrative, technical, physical safeguards along with breach notification requirements. The plan will cover all the HIPAA Security Standards and Implementation Specifications as required by the security management process for compliance. 

We have risk plan versions for Covered Entities, Business Associates, and HIPAA Hybrid Entities. 

Regardless of practice or business size, HIPAA policies and procedures are required. This may be one of the first documents the Office for Civil Rights (OCR) will request as part of a breach investigation of protected health information.



Business Associate/Vendor HIPAA Evaluations

Colington Consulting provides assistance in monitoring your Business Associate vendors.  We conduct third party vendor evaluations to determine if the necessary safeguards are in place to receive, maintain or transmit your organization's ePHI.  We can manage the entire process for your organization by outsourcing this task to us.  

These evaluations can be conducted prior to signing a Business Associate Agreement or at any step along the way including being done on an annual basis for current Business Associates.  Let us handle this process for your organization. 

Organizations can also add additional questions to cover topics such as general compliance and cybersecurity.

Contact us for more information on making vendor monitoring part of your overall HIPAA compliance program.  

HIPAA Security Awareness & Privacy Training

Colington Consulting can develop web-based HIPAA Security Awareness and Privacy training specifically designed for your practice or business office environment. 

Our training will address the HIPAA Security and Privacy Rules, along with the four required implementation specifications: security reminders, protection for malicious software, log-in monitoring, and password management. 

We conduct initial, comprehensive training and offer periodic refreshers.

Please see our HIPAA Training page.

Facility Security Plans & Surveys

Under the HIPAA Security Standards and Implementation Specifications; Physical Safeguards; Facility Access Controls; CFR §164.310(a)(1); a Facility Security Plan needs to be developed and included as part of your overall security management process.

We will conduct a facility security survey to evaluate access controls measures to include electronic information systems, locks, windows, doors, alarm systems, visitor control,  and how ePHI is being secured onsite.  The survey also looks at positioning of workstations making sure no ePHI can be viewed by those not authorized to see it. Once completed, the survey will provide recommendations to enhance security measures, if required.

The survey then allows us to develop an overall Facility Security Plan for your organization. Regardless of size, facility security must be addressed in writing with policies and procedures to safeguard the office location and the equipment from unauthorized physical access, tampering, and theft.

HIPAA Breach Response and Management

As HIPAA compliance experts and former criminal investigators, our team can rapidly respond on-site to assist your organization in conducting a HIPAA breach investigation.  Our investigative process is a systematic approach to determine how the breach was caused. Our assistance will:

  •  Manage the incident response for your organization
  •  Investigate and determine the cause of the breach
  •  Conduct workforce interviews for adherence to policy and procedure
  •  Ensure the HHS Breach Notification Rule process is being followed
  •  Work with legal counsel to meet any organizational obligations or other potential violations of law
  •  Manage post-incident activities and offer expert analysis 
  •  Provide assistance in completing an OCR Data Request Letter
  •  Provide organizational support and assistance as part of any OCR investigation

Our assistance may include conducting an IT forensics assessment; IT systems penetration testing, and accurately determining all IT assets that access ePHI.

HIPAA Privacy Policy and Procedure Manual

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to healthcare providers that conduct certain healthcare-related transactions.

The rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without authorization.

The best way to ensure your staff is familiar with the appropriate safeguards is by having a HIPAA Privacy Policy and Procedure Manual. Colington Consulting develops and help your practice or business implement a privacy manual.

Comprehensive HIPAA Documentation Review

If your practice or business already has documentation in place, Colington Consulting can conduct a review of those documents to ensure you are meeting the current HIPAA Security Rule and HITECH compliance requirements for patient electronic health records. 

This cost-effective review can determine if all high-risk areas for compliance are being properly addressed. Our written and objective analysis of your current HIPAA compliance program can be used for attestation purposes. 

Hourly HIPAA Consulting

Does your organization constantly have questions about HIPAA privacy and security issues?

Is your business looking to provide services in the healthcare sector and needs to know what HIPAA issues you will face?

Are you a developer considering launching a healthcare app and need a data flow analysis to determine if any protected health information will be accessed, stored, or transmitted?

These are all circumstances in which Colington Consulting has provided hourly consulting to advise our clients on what the HIPAA requirements call for. 

If your organization is looking for advice regarding best practices, let us provide the expert guidance and resources you need to make sure HIPAA requirements are followed. Our hourly consulting is billed in quarter increments.

Colington Consulting - HIPAA - HIPAA Training - HIPAA Law - HIPAA Compliance - HIPAA - Burke, Virginia

HIPAA Training Courses

HIPAA Training Courses

Learn More & Register