HIPAA Compliance Services

---

A HIPAA Security Risk Assessment is the first step to identify non-compliance issues, vulnerabilities and risks, determine the potential impact, and provide a gap analysis. All assessments will include mitigation action plans to ensure the confidentiality, integrity, and availability of electronic protected health information held by the organization.

Our assessment is formatted to cover all addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule, HITECH, the HIPAA Omnibus Rule and applicable parts of National Institute of Standards and Technology (NIST) SP 800 series requirements.

Our process will determine and document the likelihood that a particular threat will trigger or exploit a particular vulnerability as well as the impact if a vulnerability is triggered or exploited.  An Overall Security Risk is determined for compliance with particular standards and implementation specifications of the Security Rule and serves in part, as the gap analysis.

As part of the assessment process, we evaluate compliance with the Breach Notification Rules along with an InfoSec safeguard assessment.

Once completed, our assessments are easy to understand and show what steps need to be taken to mitigate risk. We assist you with every step in the mitigation process.

Colington Consulting develops and helps your organization implement a risk management plan and a comprehensive HIPAA compliance program. 

The risk plan is an overall policies and procedures manual to address all requirements under the HIPAA Security Rule. 

Our user friendly formats make it easy for workforce members to quickly find a particular section and apply the specific procedure to follow. 

Your completed and customized plan will address all the required topics to include administrative, technical, physical safeguards along with breach notification requirements. The plan will cover all the HIPAA Security Standards and Implementation Specifications as required by the security management process for compliance. 

Included is a social media policy, a facility security plan, a required contingency plan, and HIPAA guidance documents.

We have risk plan versions for Covered Entities, Business Associates, and HIPAA Hybrid Entities. 

Regardless of practice or business size, HIPAA policies and procedures are required. These will be some of the first documents the Office for Civil Rights (OCR) will request as part of a breach investigation of protected health information.

Colington Consulting can develop web-based HIPAA Security Awareness and Privacy training specifically designed for your practice or business office environment. 

Our training will address the HIPAA Security and Privacy Rules, along with the four required implementation specifications: security reminders, protection for malicious software, log-in monitoring, and password management. 

We conduct initial, comprehensive training and offer periodic refreshers.

Please see our HIPAA Training page.

Under the HIPAA Security Standards and Implementation Specifications; Physical Safeguards; Facility Access Controls; CFR §164.310(a)(1); a Facility Security Plan needs to be developed and included as part of your overall security management process.

We will conduct a facility security survey to evaluate access controls measures to include electronic information systems, locks, windows, doors, alarm systems, visitor control,  and how ePHI is being secured onsite.  The survey also looks at positioning of workstations making sure no ePHI can be viewed by those not authorized to see it. Once completed, the survey will provide recommendations to enhance security measures, if required.

The survey then allows us to develop an overall Facility Security Plan for your organization. Regardless of size, facility security must be addressed in writing with policies and procedures to safeguard the office location and equipment from unauthorized physical access, tampering, and theft.

Colington Consulting provides assistance in monitoring your Business Associate vendors.  We conduct third party vendor evaluations to determine if the necessary safeguards are in place to receive, maintain or transmit your organization's ePHI.  We can manage the entire process for your organization by outsourcing this task to us.  

These evaluations can be conducted prior to signing a Business Associate Agreement or at any step along the way. Consider making this an annual requirement for all Business Associates. Let us handle this process for your organization. 

Organizations can also add additional questions to cover topics such as general compliance and cybersecurity.

Contact us for more information on making vendor monitoring part of your overall HIPAA compliance program.

Does your organization constantly have questions about HIPAA privacy and security issues?

Does your organization need assistance implementing a HIPAA compliance program?

Is your business looking to provide services in the healthcare sector and needs to know what HIPAA issues you will face?

Are you a developer considering launching a healthcare app and need to determine how protected health information will be secured, accessed, stored, or transmitted?

These are all circumstances in which Colington Consulting has provided hourly consulting to advise our clients on what the HIPAA requirements call for. 

If your organization is looking for advice regarding best practices, let us provide the expert guidance and resources you need to make sure HIPAA requirements are followed. Our hourly consulting is billed in quarter increments.

A privacy assessment will determine if an organization is meeting requirements of the HIPAA Privacy Rule.  A comprehensive assessment report is provided.  We offer Covered Entity and Business Associate versions for the assessment.  

These assessments can be done as a stand alone project or included in our full package of services.  

Remember, organizations must comply with HIPAA Privacy Rule requirements.

If your practice or business already has documentation in place, Colington Consulting can conduct a review of those documents to ensure all HIPAA Security Standards and Implementation Specifications including breach response are addressed with policy and procedures.

This cost-effective review can determine if all areas for compliance are being properly addressed to avoid risks. Our written and objective analysis of your current HIPAA compliance program can be used for attestation purposes. 

Small to mid-size organizations may not have sufficient internal workforce members to serve as their HIPAA Security and Privacy Officers. HIPAA regulations require all Covered Entities and Business Associates to designate these officers. We can solve this problem by offering your organization a virtual HIPAA Compliance Officer.

The goal is to reduce an organization’s compliance burden by outsourcing HIPAA compliance management tasks. Our company has the resources and expertise to understand regulatory requirements and provide these required positions. Our vHCO will manage your organization’s HIPAA Security and Privacy Rule requirements.

About our service:

• Affordable, flat monthly subscription fee or as hourly only support.
• Our support is customized for each organization’s requirements.
• We utilize a team of experts with vast experience as HIPAA Compliance Officers. Our experts have worked for both large and small organizations. 
• Our vHCO will provide an effective approach, on an objective basis based on regulatory requirements, to help organizations meet HIPAA requirements.

Contact us for more information and to receive a quote.