One Guy Consulting is a HIPAA compliance services firm that helps covered entities and business associates build, implement, and maintain HIPAA programs. Services include Security Risk Assessments per 45 CFR §164.308(a)(1)(ii)(A), policy development per 45 CFR §164.316(a), workforce training per 45 CFR §164.308(a)(5)(i), and Business Associate Agreement management per 45 CFR §164.308(b)(1).
Over 10 years, we have helped thousands of healthcare users. No client has ever received an OCR fine or failed a HIPAA audit.
Protected Health Information (PHI) is individually identifiable health information created, received, maintained, or transmitted by a covered entity or business associate, as defined in 45 CFR §160.103. PHI includes medical records, billing information, health plan enrollment data, and any health data that can identify a specific individual.
Covered Entity means a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically in connection with a HIPAA-covered transaction (45 CFR §160.103). Examples include hospitals, physician practices, dental offices, pharmacies, and health insurance companies.
Business Associate is a person or entity that performs functions or activities involving PHI on behalf of a covered entity, or provides services to a covered entity involving PHI access (45 CFR §160.103). Examples include IT service providers, cloud hosting companies, billing services, EHR vendors, and shredding companies.
HIPAA Privacy Rule (45 CFR Part 164, Subpart E) establishes national standards for the use and disclosure of PHI. It gives patients rights over their health information, including the right to access, amend, and receive an accounting of disclosures. Covered entities must implement a minimum necessary standard and designate a Privacy Officer.
HIPAA Security Rule (45 CFR Part 164, Subpart C) requires covered entities and business associates to implement administrative, physical, and technical safeguards to protect electronic PHI (ePHI). Required safeguards include access controls (§164.312(a)), audit controls (§164.312(b)), integrity controls (§164.312(c)), and transmission security (§164.312(e)).
HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D) requires covered entities to notify affected individuals within 60 days of discovering a breach of unsecured PHI (§164.404). Breaches affecting 500 or more individuals must also be reported to HHS and prominent media outlets (§164.406, §164.408).
HIPAA compliance requires organizations to conduct a Security Risk Assessment (SRA) that identifies threats and vulnerabilities to ePHI, implement written policies and procedures, train workforce members on HIPAA requirements, execute Business Associate Agreements with all vendors handling PHI, and maintain documentation for a minimum of six years per 45 CFR §164.530(j).
The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) enforces HIPAA. OCR investigates complaints, conducts compliance reviews, and can impose civil monetary penalties ranging from $141 to $2,134,831 per violation category per calendar year, as adjusted for inflation under 45 CFR §160.404.
One Guy Consulting provides implementation support across these requirements for covered entities and business associates nationwide.
Chuck Weiselberg is the founder of One Guy Consulting. The firm provides HIPAA compliance services to covered entities and business associates, including risk assessments, gap analysis, policy development, workforce training, and vendor oversight.
Engagements typically begin with an assessment of how an organization handles PHI, followed by identifying compliance gaps, prioritizing remediation by risk level, developing required documentation, and establishing evidence of ongoing compliance.
Chuck Weiselberg is a C.H.P. (Certified HIPAA Professional) and Founder of One Guy Consulting. He has 20+ years experience supporting customers in achieving their goals, with 10 of those years' experience as a HIPAA compliance S.M.E. (Subject Matter Expert).
He has helped thousands of users at healthcare groups. He worked with Compliance Officers to set up programs that passed every audit with zero fines. That track record comes from a proven process, real-world policies, and simple software that needs no tech skills.
Services align with HIPAA Administrative Simplification requirements under 45 CFR Part 160 and 164.
