Mark Smith
Colington Consulting was established in 2013 and helps organizations achieve HIPAA compliance and ensures clients stay current with the latest enforcement trends. We provide a full range of HIPAA compliance services and consulting. What separates us from our competitors is our knowledge of HIPAA compliance regulations and how they are applied to each of our client’s particular scenarios and required services.
Tell us about yourself?
I am the the President of the Burke, Virginia, based company, Colington Consulting, that helps organizations implement and maintain HIPAA compliance. Having served as the HIPAA Compliance Officer for Fairfax County, Virginia, and as an Assistant Inspector General for Investigations at HHS, I bring a unique operational and regulatory perspective to HIPAA compliance requirements.
I wanted to be able to utilize my expertise to help organizations when trying to understand the complexities of HIPAA compliance regulations. Having exposure in dealing with Federal codes at my time with HHS, a lot of what I do for clients is to interrupt the HIPAA codes when it comes to implementing and maintaining a compliance program. Having a diverse portfolio of clients across the spectrum of healthcare definitely helps in terms of a one size does not fit all.
If you could go back in time a year or two, what piece of advice would you give yourself?
I always try to simplify the message when it comes to understanding the complex topic of regulatory compliance. I take pride in being an educator first in helping others to these complexities and never want a potential client not knowing what the rules call for.
What problem does your business solve?
We provide HIPAA compliance services so organizations can implement and maintain what the Federal requirements call for.
What is the inspiration behind your business?
When I first looked into starting my company, I did not see a lot of companies providing the type customer service approach I wanted to bring to our way of doing business. I also wanted to take advantage of my background and time working at HHS.
What is your magic sauce?
I view each client relationship as a partnership and want to build that rapport. We are the experts and the reason organizations choose to work with us. I want that comfort level to interact with every client.
Unlike other compliance companies that use self-audit web-based tools or programs and expect you to answer a series of questions that you may not understand, our staff always conducts the assessments, values the client’s input, tries to maximize their time, and we try to uses a common-sense approach to HIPAA compliance.
What is the plan for the next 5 years? What do you want to achieve?
Our vision is to continue to help more clients. We may not be the biggest HIPAA compliance company out there, but our goal is to help as many organizations as we can with, as described in the previous question, our magic sauce.
What is the biggest challenge you’ve faced so far?
The biggest challenge we have faced so far, like so many other companies, was operating during the height of COVID and the declared public health emergency in 2020. One prominent issue during this time is when the HHS Office for Civil Rights (OCR), the office that enforces HIPAA compliance, announced that it will exercise its enforcement discretion. A lot of organizations thought this meant the HIPAA Rules we no longer is place. I provided much education in telling organizations they were still required to have and maintain a HIPAA compliance program. The rules were still the rules and enforcement discretion was very narrow and limited in scope.
How do people get involved/buy into your vision?
It’s not that organizations do not want to be HIPAA compliant, it’s that they sometimes do not understand the requirements and know what needs to be in place. We handle that burden of responsibility and take that issue off the plate, especially for small to mid-size organizations. Our goal is always tp prevent HIPAA breaches from occurring. And if they do, helping organizations to mitigate.
