HIPAA Compliance Consulting

HIPAA Compliance for Small Practices

Q: Who needs to be HIPAA compliant?

Any organization that handles Protected Health Information (PHI) must comply with HIPAA. This includes healthcare providers (doctors, dentists, therapists), health plans, and business associates like IT vendors, billing companies, and cloud service providers.

Q: What is a HIPAA security risk assessment?

An SRA is a federally mandated annual HIPAA audit that identifies potential risks to the confidentiality, integrity, and availability of electronic PHI. It is the foundation of any HIPAA compliance program.

Q: What happens if we are not HIPAA compliant?

Non-compliance can result in significant fines ranging from $100 to $50,000 per HIPAA violation (up to $1.5 million annually), criminal charges in severe cases, reputational damage, and loss of patient trust.

Q: Do you offer ongoing HIPAA compliance support?

Yes. HIPAA compliance is not a one-time event. We offer ongoing support including annual SRA updates, policy reviews, staff training refreshers, and assistance with any compliance questions that arise.

Q: Do I need to write my own HIPAA policies from scratch?

No, One Guy Consulting provides policy templates tuned to HIPAA requirements and helps tailor them to your organization.

You run a small practice. You don't have a compliance department, you have patients and staff. Work directly with a CHP (Certified HIPAA Professional) who knows what auditors from OCR (The Office of Civil Rights) look for, fixes the gaps with you that cause fines, and make HIPAA compliance approachable for your team.

Solo providers • small practices • vendors/MSPs • growing teams

Book a Free HIPAA Chat View HIPAA Services

Security risk analysis Policies and training Vendor Contracts and Questionnaires

The Process

How It Works

The workflow starts with a Security Risk Assessment (SRA). This lets us gain a baseline of your HIPAA compliance status. Then, we move into gap analysis, remediation plans, policy templates, staff training, and vendor management.

Assess and Analyze Automatically

Choose a Privacy Officer. Complete your Security Risk Assessment. Then get your Gap Analysis and Remediation Plan.

Adopt and Attest

Review and publish your policies. Then have staff read them, and sign off on them. Also, complete HIPAA 101 training, and cybersecurity training.

Audit and Execute

Manage Vendors (Third-Parties), sign Business Associate Agreements (BAAs), review vendor risk, and finish your site, device and IT audits.

Anonymous Incident Reporting

Every account includes a way that staff can report unauthorized disclosures of PHI (protected health information). Issues can be submitted anonymously and your Privacy Officer gets clear next steps.

Need Help Applying HIPAA Language?

Tell us what is already in place. We'll tell you the next step.

Book a HIPAA Consult

Chuck Weiselberg, Founder of One Guy Consulting

NYC-Based • Nationally Available

Meet Chuck Weiselberg

Founder & CEO | Certified HIPAA Professional (CHP)

Since 2015, Chuck has helped organizations build practical HIPAA programs that hold up in the real world. He is based in New York and works with clients across the country. See the complete HIPAA compliance guide for a practical overview.

He makes complex rules easier to follow and leads with empathy, clarity, and steady guidance.

Schedule a Call with Chuck

What We Offer

Products

Get the HIPAA help you need in one place, from gap analysis guidance to hands-on support that helps you finish the work.

HIPAA Security Risk Assessment

HIPAA Gap Analysis

HIPAA Remediation Plans

HIPAA Policy Templates

Staff HIPAA Training

Physical Site Audit

Device & IT Audits

Unauthorized Disclosure of PHI Reporting

Client Reviews

Client Feedback

★★★★★

"One Guy Consulting is super easy to work with. I actually look forward to my implementation meetings for HIPAA."

Samantha M.

★★★★★

"We've been working with One Guy Consulting for years and always been very pleased with the results."

Katie M. — Local Guide

★★★★★

"One Guy Consulting is great at what they do! I was intimidated to start work on this project, but nothing was further from the truth! Chuck was so professional and welcoming. He was always happy to clarify questions I had. They really knew how to put me at ease. Thanks so much, One Guy Consulting! Special shout-out to Chuck for getting me across the finish line."

Jennifer M.

Selected client feedback

Professional Endorsements

What Colleagues Say

Recommendations from professionals who have worked alongside Chuck.

"Charles is a master of automation, allowing him to operate with the output of a much larger team while working as a department of one."

Omar Barazanji - Machine Learning / MLOps / Agentic AI Engineer - View on LinkedIn

FAQ

Frequently Asked Questions

How do I know if I need to be HIPAA compliant?

You likely need to follow HIPAA if you create, receive, store, or share Protected Health Information (PHI). That includes covered entities like healthcare providers and health plans, plus vendors that handle PHI for them as business associates. If you are a vendor, a Business Associate Agreement (BAA) should be in place before PHI is shared.

Who needs to be HIPAA compliant?

Any group that handles Protected Health Information (PHI) must follow HIPAA. That includes providers, health plans, and business associates like IT vendors, billing companies, and cloud providers.

How long does your HIPAA compliance process take?

Our HIPAA compliance process takes about 1–2 months. We work at your pace to ensure nothing is rushed or overlooked.

What is a HIPAA security risk assessment?

An SRA is a yearly HIPAA risk review. It finds risks to electronic PHI and helps you decide what to fix first.

What happens if we are not HIPAA compliant?

HIPAA violations can lead to fines from $100 to $50,000 per violation, up to $1.5 million per year. In serious cases, they can also lead to criminal charges and loss of trust.

Do you offer ongoing HIPAA compliance support?

Yes. HIPAA compliance is ongoing. We help with yearly SRA updates, policy reviews, staff refreshers, and day-to-day questions.

What is a HIPAA gap analysis?

A HIPAA gap analysis shows where you do not yet meet the rule.

What is a HIPAA remediation plan?

A HIPAA remediation plan shows what needs to be fixed and the steps to fix it.

Do I need to write my own HIPAA policies from scratch?

No, we provide policy templates tuned to HIPAA requirements and help tailor them to your organization.

How do I ensure HIPAA training for employees goes smoothly?

Each staff member should complete policy attestation, HIPAA 101 training, and cybersecurity awareness training each year.

Is One Guy Consulting an attorney?

No. One Guy Consulting is not a law firm and does not give legal advice. You should talk to an attorney before making major legal or business decisions.

What is the difference between Self-Guided and Full-Scope?

Self-Guided is a plan for experienced compliance professionals who need a reliable, cloud-based platform to serve as their source of truth and centralize their work within one solution. The Full-Scope is a plan for small and scaling teams who are tackling HIPAA compliance for the first time, or coming from another HIPAA compliance platform, and need assistance within this entirely new GUI to get their plan up and running.

How much does HIPAA compliance cost?

Cost depends on organization size, complexity, and how much support you need. Our Self-Guided plan starts at $199/month and Full-Scope starts at $399/month. Both include the full platform — risk assessments, gap analysis, policies, training, vendor management, and audits. See our HIPAA compliance cost breakdown for a detailed look at what drives pricing across the industry.

Does One Guy Consulting sign a Business Associate Agreement (BAA)?

One Guy Consulting does not handle PHI as part of our service, but we are happy to sign a BAA with your organization if you would like one in place.

What does the onboarding process look like?

Onboarding follows four steps: (1) Choose a Privacy Officer and complete your Security Risk Assessment to get your Gap Analysis and Remediation Plan, (2) Review and publish your policies, then have staff complete attestation, HIPAA 101 training, and cybersecurity training, (3) Manage vendors, sign Business Associate Agreements, review vendor risk, and finish your site, device, and IT audits, (4) Set up anonymous incident reporting so staff can report PHI issues and your Privacy Officer gets clear next steps. Most organizations complete the process in 1–2 months.

Resources

Featured HIPAA Resources

HIPAA Compliance Essentials for 2026

Use this as a practical roadmap for building a complete compliance program.

Read the 2026 compliance guide

What Is HIPAA? The Complete Beginner’s Guide

Understand what HIPAA requires, who it applies to, and why it matters for your organization.

Read the HIPAA overview

Protected Health Information (PHI): What Counts and What Doesn’t

Learn what qualifies as PHI, the 18 HIPAA identifiers, and how to handle it properly.

Explore the PHI guide

HIPAA Breach Notification Rule: Compliance Requirements

Know your obligations when a breach occurs—timelines, reporting steps, and penalty risks.

Review breach notification requirements

Business Associate vs Covered Entity: Key Differences

Understand role boundaries so contracts, obligations, and audits stay clean.

Read the BAA guide

Patient Rights Under HIPAA: A Provider’s Guide

Understand the access, amendment, and disclosure rights your patients are entitled to.

Read the patient rights guide

Industries Served

Specialties We Serve

Dental Practices Mental Health Providers Medical Clinics Pharmacies IT Vendors & MSPs Healthcare Startups EHR Companies Hospitals Billing Companies Skilled Nursing

And any/all other healthcare providers or business associates that handle PHI.

Discuss your HIPAA requirements

If you are not sure what to tackle first, reach out and we will help you map the next step.