What are the opening hours?

Monday 9am - 5pm Tuesday 9am - 5pm Wednesday 9am - 5pm Thursday 9am - 5pm Friday 9am - 5pm

Colington Consulting

Home
United States
Fairfax County, VA
Colington Consulting

Helping Organizations Achieve HIPAA Compliance™ All assessments will include an action plan to prevent unauthorized access, tampering and theft.

HIPAA RISK ASSESSMENTS
The risk analysis is the first step to identify vulnerabilities and risks; determine the potential impact and provide a gap analysis. Our assessment is formatted to cover all the addressable and required specifications in the Code of Federal Regulations for the HIPAA Security Rule. HIPAA RISK MANAGEMENT PLAN
We develop and help your practice or business implement a Risk Mana

gement Plan. Think of your risk plan as your overall policies and procedures manual on how to make decisions to address security risk and vulnerabilities for HIPAA Security Rule compliance. Your completed plan will address all the required topics to include administrative, technical, and physical safeguards. Regardless of practice or business size, a Risk Management Plan is required. This may be one of the first documents OCR will request if there is a breach of electronic patient records or if a compliance audit is conducted. HIPAA PRIVACY POLICIES AND PROCEDURES MANUAL
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to healthcare providers that conduct certain healthcare related transactions. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without authorization. The best way to ensure your staff is familiar with the appropriate safeguards is by having a HIPAA Privacy Policies and Procedures Manual. We develop and help your practice or business implement a Privacy Manual. HIPAA SECURITY AWARENESS & PRIVACY TRAINING
We can develop security awareness & privacy training specifically for your practice or business office environment. We offer web based HIPAA training available through our website. HIPAA DOCUMENTATION REVIEW
If your practice or business already has documentation in place, we can conduct a review of those documents to ensure you are meeting the current HIPAA Security Rule and HITECH compliance requirements for patient electronic health records. This cost effective review can determine if all high risk areas for compliance are being properly addressed.

05/05/2026

At the recent HIPAA Summit, a number of sessions addressed the use of AI platforms in the GRC space. Do AI platforms work well when it comes to HIPAA compliance as compared to experienced HIPAA consultants? See what we think in our latest blog article.

Why a Full‑Service HIPAA Consultant Is Better Than an AI Compliance Platform

04/14/2026

A few sessions at last week's HIPAA Summit covered Business Associates and the use of Business Associate Agreements (BAA). For those who did not attend, our latest blog post provides a quick summary of the required content of BAA. The post also looks at OCR enforcement and lessons learned.

If your organization is unclear on when a BAA must be executed or the required content, please book a free initial consultation with our company. You can find the link to book on our website home page.

Business Associate Agreements Under HIPAA: Regulatory Necessity and OCR Enforcement Lessons

04/08/2026

Yesterday, Paula Stannard, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services, delivered the keynote address at the 43rd National HIPAA Summit, where she shared insights into OCR’s current enforcement priorities.

OCR’s Risk Analysis Initiative enforcement actions will continue to be a significant priority. Stannard also highlighted an important new focus within the HIPAA Right of Access Initiative: enforcement will now include a parent’s right to access medical records for their minor child when the parent is acting as the child’s personal representative. This appears to align with an increase in related complaints received by OCR.

Regarding proposed modifications to the HIPAA Privacy Rule and Security Rule, Stannard confirmed that both remain under review, with no timelines for rollout announced. While no guidance was given on pre‑adoption of the modifications, other remarks she made underscored OCR’s ongoing attention to cybersecurity risks within the healthcare sector.

03/17/2026

One of the proposed modifications to the HIPAA Security Rule will significantly impact Business Associates. The modification will "Require that business associates verify at least once every 12 months for covered entities (and that business associate contractors verify at least once every 12 months for business associates) that they have deployed technical safeguards required by the Security Rule to protect ePHI through a written analysis of the business associate’s relevant electronic information systems by a subject matter expert and a written certification that the analysis has been performed and is accurate."

For years now, our company has been providing Business Associates an attestation letter once all the requirements under the HIPAA Security Rule are completed. It covers what the new modification proposes.

Need to know if your company can meet this new modification? Book a free, initial consultation with us. Let's have a conversation!!

Use this link to book your time:

03/09/2026

Read our new blog article, "The Hidden Risks in Everyday HIPAA Compliance: What Healthcare Organizations Often Miss."

The Hidden Risks in Everyday HIPAA Compliance: What Healthcare Organizations Often Miss

03/05/2026

OCR announces another settlement in the amount of $10,000 as its 12th enforcement action in their risk analysis initiative. Once again, another organization failed to conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to the ePHI it held.

OCR enforcement continues to be robust. Does your organization need to conduct a HIPAA Security Risk Assessment (SRA) to meet regulatory compliance requirements? Is so, please give our office a call at 844-740-7100 to schedule.

Settlement Marks OCR’s 12th Enforcement Action in OCR’s Risk Analysis Initiative.

02/19/2026

Is HIPAA compliance draining your time—and your team?

You’re not alone. Many small and mid‑size organizations struggle to manage HIPAA Security & Privacy requirements without a dedicated officer on staff.

That’s exactly why we created our Virtual HIPAA Compliance Officer (vHCO) service.

✨ What you get:
• A seasoned team of HIPAA Security & Privacy experts
• Clear, practical, regulation‑driven guidance
• Support customized to your operations
• Affordable monthly subscription or hourly options

✨ What this means for you:
• Less compliance stress
• Fewer internal bottlenecks
• More time to focus on your core healthcare services.
• Confidence that you’re meeting HIPAA requirements

If you're tired of juggling compliance on top of everything else, let’s talk. Compliance can be simpler. We’ll show you how. Reach out at Colington Consulting for details & pricing.

01/28/2026

Read the latest blog article by Jay Hodes, President - Colington Consulting. In the post, Jay addresses what the value proposition is to use a HIPAA consulting company. He lists 6 specific areas where an experienced consultant can reduce risk for an organization.

By Jay Hodes, President, Colington Consulting

01/08/2026

Every year around this time we post our annual blog article regarding New Year's resolutions and HIPAA compliance. Check out this year's blog post.

A New Year’s Resolution Worth Keeping: Make HIPAA Compliance a Priority

12/16/2025

With the government shutdown well behind us, it did not take long for OCR to announce another HIPAA violation settlement. In OCR's 54th enforcement action under its Right of Access Enforcement Initiative, Concentra, Inc., an occupational health services provider, settled the case for $112, 500.

HIPAA enforcement does not take time off during the holiday season. Is your organization following all HIPAA Privacy Rule requirements? In as little as 15 minutes, our HIPAA compliance experts will evaluate your current compliance program to determine if all mandatory privacy safeguards are in place to meet government regulations. Contact us today to schedule a free, initial consultation.

Secure .gov websites use HTTPS A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

12/16/2025

Transforming the compliance journey is essential for every healthcare organization. Visit cchipaa.com to learn how to streamline your processes and ensure regulatory adherence effectively.

http://cchipaa.com

Address

Fairfax County, VA
22009

Opening Hours

Monday	9am - 5pm
Tuesday	9am - 5pm
Wednesday	9am - 5pm
Thursday	9am - 5pm
Friday	9am - 5pm

Telephone

+18447407100

Website

https://cchipaa.com/

Alerts

Be the first to know and let us send you an email when Colington Consulting posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Want your business to be the top-listed Law Practice in Fairfax County?