844-740-7100

844-740-7100

  • Home
  • Services
  • Security Risk Assessments
  • Risk Management Plans
  • Training
  • Blog
  • About Us
  • Contact Us
  • Partners
  • FAQs & Privacy Policy
  • More
    • Home
    • Services
    • Security Risk Assessments
    • Risk Management Plans
    • Training
    • Blog
    • About Us
    • Contact Us
    • Partners
    • FAQs & Privacy Policy
  • Home
  • Services
  • Security Risk Assessments
  • Risk Management Plans
  • Training
  • Blog
  • About Us
  • Contact Us
  • Partners
  • FAQs & Privacy Policy
Colington Consulting

Helping Organizations Achieve HIPAA Complia

HIPAA FAQs

How Does an Organization Demonstrate HIPAA Compliance?

To demonstrate compliance if audited or the subject of a breach investigation, an organization must:

  • Have written and up-to-date policies and procedures (HIPAA risk management plan)
  • Show how they maintain compliance with those policies and procedures
  • Have conducted a HIPAA risk assessment
  • Provide annual HIPAA security awareness training for the entire workforce

Regardless of size, an organization must have a HIPAA security and privacy official who manages the compliance program.

How Much Do HIPAA Compliance Services Cost?

Costs for HIPAA compliance packages will vary for each organization and the types of services required to meet regulatory requirements.  In order for us to provide a quote, we typically send out a questionnaire to see what compliance metrics are currently in place for the organization.  This helps us determine what the organization will need to have in place and the associated costs. 


We also offer a basic package of HIPAA services starting at $1850 that include policy and procedure templates, conducting a security risk assessment, and access to web-based HIPAA training.  


For a free, initial consultation, please contact us today. 

What Are HIPAA Requirements for Dental Practices?

Regardless of the size of the practice, dental offices are required to follow all HIPAA Security and Privacy Rule requirements.  This includes:

  • Conducting risk assessments to identify potential vulnerabilities and risks to protected health information maintained by the organization.
  • Developing and implementing HIPAA policies and procedures as part of a risk management plan.
  • Conducting annual HIPAA Security Awareness and Privacy Training for all members of the workforce including dentists.
  • Making sure there are signed Business Associate Agreements in place for all vendors (Business Associates) that will have any access to any patient health information and records.

What is HITECH?

HITECH is the acronym for the Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, which was signed into law in February 2009. It promotes the adoption and meaningful use of health information technology.


The HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, partly through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

What is the HIPAA Omnibus Rule?

The final HIPAA Omnibus Rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.

  • Patients can ask for a copy of their electronic medical record in an electronic form.
  • When individuals pay by cash for healthcare services, they can instruct their provider not to share information about their treatment with their health plan.
  • The rule sets new limits on how information is used and disclosed for marketing and fundraising purposes and prohibits the sale of an individuals’ health information without their permission.

What is a Covered Entity?

A covered entity is any provider of medical, dental, or other healthcare services or supplies that transmits any protected health information in electronic form. This includes pharmacies, health plans, and healthcare clearinghouses that perform electronic health care billing functions.


If your organization files any insurance claims electronically, including reimbursement from CMS for Medicare and Medicaid services, you are considered a covered entity.

What is a Business Associate?

With certain exceptions, a business associate is a person or business that creates, receives, maintains, stores, or transmits PHI for a function or activity for a covered entity.


Examples of business associates are: IT services; billing and coding companies; cloud storage providers; web site hosting companies that maintain any patient health questionnaires; and legal, actuarial, accounting, consulting, data collection and analysis, management, administrative, accreditation, or financial services.

What is a Business Associate Agreement?

Under HIPAA, a Business Associate Agreement, commonly known as “BAA,” is a contract between a covered entity and a designated business associate. The agreement requires that any protected health information maintained by the business associate must be in accordance with HIPAA regulations.


A BAA must explicitly define how a business associate will report and respond to a data breach, including breaches that are caused by a business associate's subcontractors.

What is a HIPAA Breach?

With certain exceptions, a data breach is the acquisition, access, use, or disclosure of electronic PHI in a manner not permitted under the Security Rule, which compromises the security or privacy of the PHI.


A data breach is a release of unsecured PHI/PII to an unauthorized entity or in an insecure environment, whether intentional or unintentional. 

This includes attempted or successful or improper instance of unauthorized access to, or use of information, or misuse of information, disclosure, modification, or destruction of information or interference with system operations in an information system.

What is PHI?

Protected health information (PHI) is individually identifiable health information that is:

  • Transmitted by electronic media
  • Maintained in any electronic medium
  • Transmitted or maintained in any other form (paper records or charts)

There are 18 specific types of protected health information, including patient names, addresses, Social Security numbers, email addresses, fingerprints, or photographic images.  

What is ePHI?

 Electronic protected health information (ePHI) refers to any protected health information (PHI) that is covered under HIPAA privacy and security regulations and is produced, saved, transferred, or received in an electronic form. 

What are the Security Standards for HIPAA Compliance?

The HIPAA Security Rule requires covered entities and business associates to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting ePHI.


Specifically:


  • Ensure the confidentiality, integrity, and availability of all ePHI they create, receive, maintain or transmit;
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  • Protect against reasonably anticipated, impermissible uses or disclosures; and
  • Ensure compliance by their workforce.

Privacy Policy

Privacy Policy of Colington Consulting

Colington Consulting operates the website name cchipaa.com, which provides HIPAA compliance services. This page is used to inform website visitors regarding our policies with the collection, use, and disclosure of personal information. If you choose to visit our website, then you agree to the collection and use of information in relation with this policy.  Some of the personal information that we collect is used when submitting a contact form. Based on the confidential nature of providing HIPAA compliance services, we will not use or share your information with anyone.


Information Collection and Use

When completing a contact form, we may require you to provide us with certain personally identifiable information, that includes your name, email address, and a message regarding potential compliance services. The information that we collect will be used to contact you and respond to your inquiry for services.


Log Data

We want to inform you that whenever you visit our website, we collect information that your browser sends to us that is called Log Data. This Log Data may include information such as your computer's Internet Protocol (“IP”) address, browser version, pages of our website that you visit, the time and date of your visit, the time spent on those pages, and other statistics.


Cookies

Cookies are files with small amount of data that is commonly used an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer's hard drive.

Our website uses these “cookies” to collection information and to improve our Service. You have the option to either accept or refuse these cookies, and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.


Service Providers

We may employ third-party companies and individuals due to the following reasons:


  • To facilitate our website;
  • To provide search engine optimization on our behalf;
  • To perform website-related services; or
  • To assist us in analyzing how our website is used.


We want to inform our website visitors that these third parties may have access to your personal information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.


Security

We value your trust in providing us your personal information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.


Links to Other Sites

Our website may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.


Children's Privacy

Based on the nature of compliance services we provide; our website does not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.


Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page.


Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us.


  • Home
  • Services
  • Security Risk Assessments
  • Risk Management Plans
  • Training
  • Blog
  • About Us
  • Contact Us
  • Partners
  • FAQs & Privacy Policy

Colington Consulting

844-740-7100

Copyright © 2025 Colington Consulting - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept

Upcoming Free Webinar

HIPAA Compliance: Recent Enforcement Actions & Proposed Rule Changes - May 20

1 PM EDT

  

Despite what some may think, HIPAA compliance regulations are not getting rolled back. As a matter of fact, there have been 7 recent HIPAA violation enforcement actions under the Trump administration and the U.S. Department of Health and Human Services (HHS). There has been over $145 million in HIPAA fines and penalties imposed since HIPAA started being enforced. 


The first 5 attendees to enroll will receive a $25 Amazon gift card upon completion of the webinar. 


For more details, click Enroll Now. 

Enroll Now