HIPAA Compliance Consulting

HIPAA Compliance Made Approachable

Work directly with a Certified HIPAA Professional who knows what OCR auditors look for. We close the gaps that lead to fines and make HIPAA compliance approachable for small teams.

Solo providers • small practices • vendors/MSPs • growing teams

Book a Free HIPAA Chat View HIPAA Services
Security Risk Analysis (SRA) Policies and Training Vendor Contracts and Questionnaires
The Process

How It Works

Every engagement follows a repeatable, proven process. It starts with a Security Risk Assessment (SRA) to establish your baseline.

Assess and Analyze Automatically

Select a Compliance Officer. Complete your Security Risk Assessment. Then receive and review both the automated Gap Analysis and automated Remediation Plans.

Adopt and Attest

Review, tailor, and publish your HIPAA policies. Have staff attest to their reading and understanding. Complete HIPAA 101 training and cybersecurity awareness training.

Audit and Execute

Manage Vendors (Third-Parties), sign Business Associate Agreements (BAAs), review vendor risk, and finish your site, device and IT audits.

Anonymous Incident Reporting

Every account includes a way that staff can report unauthorized disclosures of PHI (protected health information). Issues can be submitted anonymously and your Privacy Officer gets clear next steps.

From there, gaps are identified, fixes are prioritized, and policies are written. Staff training and administrative controls are then addressed in accordance with HIPAA's Security Rule, Privacy Rule, and Breach Notification Rule.

Chuck Weiselberg, Founder of One Guy Consulting
NYC-Based • Nationally Available

Meet Chuck Weiselberg

Founder & CEO | Certified HIPAA Professional (CHP)

Since 2015, Chuck has helped organizations build practical HIPAA programs that hold up in the real world. He is based in New York and works with clients around the country. In ten years of consulting on HIPAA no client of his has ever been fined, or failed an audit.

This is because he makes complex rules easier to follow and leads with empathy, clarity, and steady guidance.

Schedule a Call with Chuck
Chuck Weiselberg HIPAA intro video thumbnail
What We Offer

Products

Get the HIPAA help you need in one place. Click any square below to learn more about how our product(s) work.

HIPAA Security Risk Assessment

HIPAA Gap Analysis

HIPAA Remediation Plans

HIPAA Policy Templates

Staff HIPAA Training

Physical Site Audit

Device & IT Audits

Unauthorized Disclosure of PHI (Incidents)

Ready to Protect Your Practice?

Plans starting at $60/month. No long-term commitment required.

View Pricing Plans
Client Reviews

Client Feedback

★★★★★
"One Guy Consulting is super easy to work with. I actually look forward to my implementation meetings for HIPAA."
Samantha M.
★★★★★
"We've been working with One Guy Consulting for years and always been very pleased with the results."
Katie M. — Local Guide
★★★★★
"One Guy Consulting is great at what they do! I was intimidated to start work on this project, but nothing was further from the truth! Chuck was so professional and welcoming. He was always happy to clarify questions I had. They really knew how to put me at ease. Thanks so much, One Guy Consulting! Special shout-out to Chuck for getting me across the finish line."
Jennifer M.
Professional Endorsements

What Colleagues Say

Recommendations from professionals who have worked alongside Chuck.

"Charles is a master of automation, allowing him to operate with the output of a much larger team while working as a department of one."
Omar Barazanji - Machine Learning / MLOps / Agentic AI Engineer
Reference

Key HIPAA Terms

OCR

The Office for Civil Rights is the federal agency within HHS responsible for enforcing HIPAA compliance and investigating breaches.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 establishes national standards for protecting patient health information.

Security Risk Analysis

A federally mandated annual assessment required under 45 CFR §164.308(a)(1)(ii)(A) to evaluate whether current safeguards adequately protect ePHI. Methodology is informed by the NIST SP 800-39 risk management framework.

Security Rule

The HIPAA Security Rule (45 CFR Part 164, Subpart C) establishes national standards for protecting ePHI through administrative safeguards (§164.308), physical safeguards (§164.310), and technical safeguards (§164.312).

Privacy Rule

The HIPAA Privacy Rule (45 CFR Part 164, Subpart E) governs the use and disclosure of Protected Health Information (PHI), establishing patient rights, authorization requirements, and the minimum necessary standard for disclosures.

Breach Notification Rule

The Breach Notification Rule requires covered entities and business associates to provide notification following a breach of unsecured protected health information.

FAQ

Frequently Asked Questions

You need to be HIPAA compliant if creating, receiving, storing, or sharing Protected Health Information (PHI) — any individually identifiable health information such as medical records, billing data, or insurance details, as defined in 45 CFR §160.103. That includes covered entities like healthcare providers and health plans, plus vendors that handle PHI for them as business associates.
A typical HIPAA compliance process takes about 1–2 months. The timeline depends on organization size, number of locations, and how many staff need training.
A Security Risk Assessment (SRA) is a federally mandated annual evaluation required under 45 CFR §164.308(a)(1)(ii)(A). It identifies potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) and forms the foundation of any HIPAA compliance program.
HIPAA violations can result in civil monetary penalties ranging from $141 to $71,162 per violation (adjusted for inflation), up to $2,134,831 annually per violation category, as established by the HHS Office for Civil Rights enforcement framework. Willful neglect violations that are not corrected can result in criminal penalties including fines up to $250,000 and imprisonment.
Yes. HIPAA compliance is ongoing. We help with yearly SRA updates, policy reviews, staff refreshers, and day-to-day questions.
A HIPAA gap analysis compares your current administrative, physical, and technical safeguards against the requirements of the HIPAA Security Rule (45 CFR Part 164, Subpart C) and the Privacy Rule (Subpart E). It identifies partial controls, missing documentation, and procedures not consistently followed.
A HIPAA remediation plan documents identified compliance gaps and assigns specific corrective actions, owners, and deadlines to resolve them. It demonstrates to auditors that an organization has a structured, documented approach to addressing risks identified during a Security Risk Assessment, consistent with the risk management requirement at §164.308(a)(1)(ii)(B).
No, we provide policy templates tuned to HIPAA requirements and help tailor them to your organization.
Each staff member should complete policy attestation, HIPAA 101 training, and cybersecurity awareness training each year.
No. One Guy Consulting is not a law firm and does not give legal advice. You should talk to an attorney before making major legal or business decisions.
Self-Guided is designed for experienced compliance professionals who need a reliable, cloud-based platform to centralize their work.

Full-Scope is designed for small and scaling teams tackling HIPAA compliance for the first time, or transitioning from another platform, who need guided assistance getting their program up and running.
HIPAA compliance costs vary by organization size, number of locations, and scope of services needed. A complete program typically covers risk assessments, gap analysis, policies, training, vendor management, and audits. See our HIPAA compliance cost breakdown for a detailed look at what drives pricing across the industry.
One Guy Consulting does not handle PHI as part of our service, but we are happy to sign a BAA with your organization if you would like one in place.
Step 1: Select a Compliance Officer, complete the Security Risk Assessment, and review the automated gap analysis and remediation plans.

Step 2: Review, tailor, and publish your HIPAA policies. Have staff attest to their understanding, then complete HIPAA 101 and cybersecurity awareness training.

Step 3: Manage vendor relationships, execute Business Associate Agreements, conduct vendor risk analysis, and complete your physical site, device inventory, and IT networking audits.

Step 4: Verify your Incident Management System works by running a test reporting scenario.
Resources

Featured HIPAA Resources

What Is HIPAA? The Complete Beginner’s Guide

Understand what HIPAA requires, who it applies to, and why it matters for your organization.

Read the HIPAA overview

Protected Health Information (PHI): What Counts and What Doesn’t

Learn what qualifies as PHI, the 18 HIPAA identifiers, and how to handle it properly.

Explore the PHI guide

Business Associate vs Covered Entity: Key Differences

Understand role boundaries so contracts, obligations, and audits stay clean.

Read the BAA guide

Patient Rights Under HIPAA: A Provider’s Guide

Understand the access, amendment, and disclosure rights your patients are entitled to.

Read the patient rights guide
Industries Served

Specialties We Serve

Dental Practices Mental Health Providers Medical Clinics Pharmacies IT Vendors & MSPs Healthcare Startups EHR Companies Hospitals Billing Companies Skilled Nursing

And any/all other healthcare providers or business associates that handle PHI.

Discuss your HIPAA requirements

If you are not sure what to tackle first, reach out and we will help you map the next step.

Free HIPAA Triage Call