A HIPAA Security Risk Assessment is the first step to identify vulnerabilities and risks, determine the potential impact, and provide a gap analysis. All assessments will include remediation action plans for the confidentiality, integrity, and availability of electronic protected health information held by the organization.
Our assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule, HITECH, the HIPAA Omnibus Rule and applicable parts of National Institute of Standards and Technology (NIST) SP 800 series requirements.
Our process will determine and document the likelihood that a particular threat will trigger or exploit a particular vulnerability as well as the impact if a vulnerability is triggered or exploited. An Overall Security Risk is determined for compliance with particular standards and implementation specifications of the Security Rule and serves in part, as the gap analysis.
Once completed, our assessments are easy to understand and show what steps need to be taken to mitigate risk. We assist you with every step in the process.
Colington Consulting develops and helps your organization implement a risk management plan and a comprehensive HIPAA compliance program.
Your risk plan is an overall policies and procedures manual to address critical requirements under the HIPAA Security Rule.
Our user friendly formats make it easy for workforce members to quickly find a particular section and apply the specific procedure to follow.
Your completed and customized plan will address all the required topics to include administrative, technical, physical safeguards along with breach notification requirements. The plan will cover all the HIPAA Security Standards and Implementation Specifications as required by the security management process for compliance.
Included is a social media policy, a facility security plan, and a required contingency plan plus HIPAA guidance documents.
We have risk plan versions for Covered Entities, Business Associates, and HIPAA Hybrid Entities.
Regardless of practice or business size, HIPAA policies and procedures are required. These will be some of the first documents the Office for Civil Rights (OCR) will request as part of a breach investigation of protected health information.
As HIPAA compliance experts and former criminal investigators, our team can rapidly respond on-site to assist your organization in conducting a HIPAA breach investigation. Our investigative process is a systematic approach to determine how the breach was caused.
Our assistance will:
Our assistance may include conducting an IT forensics assessment; IT systems penetration testing, and accurately determining all IT assets that access ePHI.
Colington Consulting can develop web-based HIPAA Security Awareness and Privacy training specifically designed for your practice or business office environment.
Our training will address the HIPAA Security and Privacy Rules, along with the four required implementation specifications: security reminders, protection for malicious software, log-in monitoring, and password management.
We conduct initial, comprehensive training and offer periodic refreshers.
Please see our HIPAA Training page.
Under the HIPAA Security Standards and Implementation Specifications; Physical Safeguards; Facility Access Controls; CFR §164.310(a)(1); a Facility Security Plan needs to be developed and included as part of your overall security management process.
We will conduct a facility security survey to evaluate access controls measures to include electronic information systems, locks, windows, doors, alarm systems, visitor control, and how ePHI is being secured onsite. The survey also looks at positioning of workstations making sure no ePHI can be viewed by those not authorized to see it. Once completed, the survey will provide recommendations to enhance security measures, if required.
The survey then allows us to develop an overall Facility Security Plan for your organization. Regardless of size, facility security must be addressed in writing with policies and procedures to safeguard the office location and the equipment from unauthorized physical access, tampering, and theft.
Colington Consulting provides assistance in monitoring your Business Associate vendors. We conduct third party vendor evaluations to determine if the necessary safeguards are in place to receive, maintain or transmit your organization's ePHI. We can manage the entire process for your organization by outsourcing this task to us.
These evaluations can be conducted prior to signing a Business Associate Agreement or at any step along the way including being done on an annual basis for current Business Associates. Let us handle this process for your organization.
Organizations can also add additional questions to cover topics such as general compliance and cybersecurity.
Contact us for more information on making vendor monitoring part of your overall HIPAA compliance program.
Does your organization constantly have questions about HIPAA privacy and security issues?
Is your business looking to provide services in the healthcare sector and needs to know what HIPAA issues you will face?
Are you a developer considering launching a healthcare app and need a data flow analysis to determine how protected health information will be accessed, stored, or transmitted?
These are all circumstances in which Colington Consulting has provided hourly consulting to advise our clients on what the HIPAA requirements call for.
If your organization is looking for advice regarding best practices, let us provide the expert guidance and resources you need to make sure HIPAA requirements are followed. Our hourly consulting is billed in quarter increments.
A privacy assessment will determine if an organization is meeting requirements of the HIPAA Privacy Rule. A comprehensive assessment report is provided. We offer Covered Entity and Business Associate versions for the assessment.
If your practice or business already has documentation in place, Colington Consulting can conduct a review of those documents to ensure you are addressing all the HIPAA Security Standards and Implementation Specifications including breach response.
This cost-effective review can determine if all high-risk areas for compliance are being properly addressed. Our written and objective analysis of your current HIPAA compliance program can be used for attestation purposes.