About Us

Why Work with the HIPAA Compliance Experts at Colington?

The number one reason to work with us is that we help all types of organizations achieve HIPAA compliance. Colington Consulting provides comprehensive HIPAA compliance services by our team of experts. Unlike other service providers that use web-based formats and expect you to answer a series of questions you can hardly understand, we always conduct the assessment, value your input, and use a common sense approach to compliance.

We take the uncertainty out of what is reasonable and appropriate for HIPAA compliance for your organization

Our compliance experts are able to answer your questions at every step during the process. Our goal is to always educate first and empower your workforce. We provide real-time advice for best practices for securely handling protected health information, protecting patient privacy, and understanding how to avoid potential breaches.

Your HIPAA risk management plan, which includes all required policies and procedures, is specifically written for your organization. We do not use cookie-cutter templates or ask you to "fill in the blank."

Every project is customized and fulfilled with the integrity and resourcefulness developed with over 60 years of combined experience in law enforcement, regulatory compliance, inspections, facility security, risk mitigation, healthcare policy writing, healthcare solutions architecture, data flow analysis, and health information privacy requirements.

Ask our clients!! Upon request, we can provide client references who can speak about our services, professionalism, knowledge of compliance regulations, and the experience of working with our company.

Why Should Our HIPAA Services Matter to You?

Why Work with the HIPAA Compliance Experts at Colington?

HIPAA data breaches are occurring at an alarming rate. Every day new healthcare breaches are posted on the HHS website. There has been more than $102 million in fines and penalties for non-compliance.

While hackers tend to cause the most serious data breaches, employee error and carelessness are also major contributors.

Should a breach of protected health information occur, your practice or business is subject to a HIPAA compliance investigation. Colington Consulting provides assistance to sufficiently answer any questions the HHS Office for Civil Rights (OCR) may ask about your compliance program. We can manage the breach response for your organization.

The better you can demonstrate your efforts to exercise reasonable diligence to mitigate risk, the lesser amounts of civil monetary penalties may be imposed.

Not knowing what requirements need to be in place is not an excuse OCR will accept. With our assistance, we make sure all of our clients can sufficiently demonstrate how HIPAA compliance requirements are being met if the subject of an OCR investigation or compliance review.

Colington Consulting utilizes a team of former senior U.S. Department of Health and Human Services, Office of Inspector General officials and industry experts with extensive experience in regulatory requirements, security risk analysis, healthcare policy, and health information technology.

We specialize in assisting organizations that do not have the current resources to perform these critical and required functions or need to set up a new HIPAA compliance program.

The Team

Jay Hodes - President & Founder

Jay Hodes is president and founder of Colington Security Consulting, LLC, d/b/a Colington Consulting and a leading expert in HIPAA regulatory compliance. Mr. Hodes has over 35 years of combined experience in risk assessments, site security evaluation, policy and procedures assessments, and federal law enforcement management. He is the former Assistant Inspector General for Investigations at the US Department of Health and Human Services, Office of Inspector General (OIG).

Utilizing his expertise in regulatory requirements, inspections and security analysis, Mr. Hodes developed HIPAA compliance services specifically designed for healthcare providers and business associates. Mr. Hodes has been a keynote speaker, providing presentations regarding HIPAA compliance to many professional healthcare organizations.

As an expert in risk assessments, security analysis and regulatory compliance, his background includes:

Publishing over 60 educational articles regarding HIPAA compliance and a guest post in the Electronic Health Reporter
Certification by the New Jersey Board of Dentistry and the Maryland State Board of Dental Examiners to provide continuing education classes in HIPAA compliance
Supervising over 200 special agents and professional support staff responsible for health care fraud investigations and law enforcement efforts throughout the eastern United States
Assembling and leading an OIG cross-component team tasked with congressional inquiries regarding employee whistleblower allegations of IT privacy issues
Regularly evaluating and assessing physical security standards for safeguarding employees, office locations, and sensitive law enforcement equipment
Extensive training from the US Department of Homeland Security, the US Department of State Diplomatic Security Service, and the US General Services Administration
Actively participating as a member of the Health Care Compliance Association, American Institute of Healthcare Compliance; Healthcare Information and Management Systems Society; American Society for Industrial Security; and the Health Technology Forum: DC.

Mr. Hodes has been interviewed and provided comments to Part B News articles, the Report on Patient Privacy, provided a guest post in the Electronic Health Reporter, interviewed and provided comments to Hospital Access Management regarding HIPAA privacy issues resulting from the Orlando mass shooting incident, interviewed four times by Renal & Urology News and the Virtru.com blog regarding HIPAA requirements and safeguards,interviewed by PracticeSuite EMR as part of their Expert Interview Series, and ABC “World News Tonight” and CNBC regarding OIG training standards.

Deborah Ross - Vice President – Policy & Client Management

Deborah has over 30 years of experience in technical writing, editing, software training, and business document production.

Her specialized background includes:

Developing customized policies and procedures for HIPAA Risk Management Plans.
Design, editing, and production of National Baldrige Award applications in the healthcare sector, including the 2011 National Baldrige Award winner.
Technical writer and editor for an online medical information web portal for Washington, DC and Maryland-based clinicians.
Writing and designing training materials for a computer-based clinical information system for MedStar Health.
Writing and designing electronic health record (EHR) tutorials for medical staff and clinicians.

Waseem H. Sheikh - Senior Advisor

MD MHA CHTS
Solution Architect - Healthcare

Dr. Sheikh serves as the senior adviser for health information technology at Colington Consulting. He provides guidance and expertise regarding HIPAA compliance requirements related to technical safeguards for our clients.

Dr. Sheikh is an American Health Information Management Association (AHIMA) certified Health Information Management (HIM) professional whose detailed data mapping ensures unparallel tactical and strategic privacy and security protections that exceed regulatory compliance. Working with the Veteran’s Affairs (VA) and Department of Defense (DoD) Electronic Health Record (EHR) Modernization project, he has the rare ability to collaborate with different stakeholders to reach consensus by re-engineering the clinical workflows and IT infrastructure to offers a solution that not only increases process efficiency and enhances patient satisfaction, but also minimizes or mitigates risk.

Often called upon by healthcare organizations, law firms and emerging technology start-ups to determine project requirements, he can analyze current state tasks and propose future state viable solutions. With a unique internal medicine physician and strong technical background, he can liaison with the clinical practitioners at their level to translate their specific needs for software engineers in the development of mobile applications from concept to delivery. Also, as a Healthcare App Development SME, he can design the front-end User Interface Experience for Clinical Practitioners that is efficiency driven, extremely intuitive and visually appealing while deploying the NIST Cybersecurity framework at the back end to meet integrity, access and encryption standards.