A HIPAA Security Risk Assessment is the first step to identify vulnerabilities and risks, determine the potential impact, and provide a gap analysis. All assessments will include remediation action plans for the confidentiality, integrity, and availability of electronic protected health information held by the organization.
Colington Consulting develops and helps your organization implement a risk management plan and a comprehensive HIPAA compliance program.
As HIPAA compliance experts and former criminal investigators, our team can rapidly respond on-site to assist your organization in conducting a HIPAA breach investigation. Our investigative process is a systematic approach to determine how the breach was caused.
Our assistance will:
Our assistance may include conducting an IT forensics assessment; IT systems penetration testing, and accurately determining all IT assets that access ePHI.
Colington Consulting can develop web-based HIPAA Security Awareness and Privacy training specifically designed for your practice or business office environment.
Our training will address the HIPAA Security and Privacy Rules, along with the four required implementation specifications: security reminders, protection for malicious software, log-in monitoring, and password management.
We conduct initial, comprehensive training and offer periodic refreshers.
Please see our HIPAA Training page.
Under the HIPAA Security Standards and Implementation Specifications; Physical Safeguards; Facility Access Controls; CFR §164.310(a)(1); a Facility Security Plan needs to be developed and included as part of your overall security management process.
We will conduct a facility security survey to evaluate access controls measures to include electronic information systems, locks, windows, doors, alarm systems, visitor control, and how ePHI is being secured onsite. The survey also looks at positioning of workstations making sure no ePHI can be viewed by those not authorized to see it. Once completed, the survey will provide recommendations to enhance security measures, if required.
The survey then allows us to develop an overall Facility Security Plan for your organization. Regardless of size, facility security must be addressed in writing with policies and procedures to safeguard the office location and the equipment from unauthorized physical access, tampering, and theft.
Colington Consulting provides assistance in monitoring your Business Associate vendors. We conduct third party vendor evaluations to determine if the necessary safeguards are in place to receive, maintain or transmit your organization's ePHI. We can manage the entire process for your organization by outsourcing this task to us.
These evaluations can be conducted prior to signing a Business Associate Agreement or at any step along the way including being done on an annual basis for current Business Associates. Let us handle this process for your organization.
Organizations can also add additional questions to cover topics such as general compliance and cybersecurity.
Contact us for more information on making vendor monitoring part of your overall HIPAA compliance program.
Does your organization constantly have questions about HIPAA privacy and security issues?
Is your business looking to provide services in the healthcare sector and needs to know what HIPAA issues you will face?
Are you a developer considering launching a healthcare app and need a data flow analysis to determine how protected health information will be accessed, stored, or transmitted?
These are all circumstances in which Colington Consulting has provided hourly consulting to advise our clients on what the HIPAA requirements call for.
If your organization is looking for advice regarding best practices, let us provide the expert guidance and resources you need to make sure HIPAA requirements are followed. Our hourly consulting is billed in quarter increments.
A privacy assessment will determine if an organization is meeting requirements of the HIPAA Privacy Rule. A comprehensive assessment report is provided. We offer Covered Entity and Business Associate versions for the assessment.
If your practice or business already has documentation in place, Colington Consulting can conduct a review of those documents to ensure you are addressing all the HIPAA Security Standards and Implementation Specifications including breach response.
This cost-effective review can determine if all high-risk areas for compliance are being properly addressed. Our written and objective analysis of your current HIPAA compliance program can be used for attestation purposes.