One Guy Consulting is a HIPAA compliance services firm. The firm helps covered entities and business associates build and run HIPAA programs. Services include Security Risk Assessments (45 CFR §164.308(a)(1)(ii)(A)), policy development (45 CFR §164.316(a)), workforce training (45 CFR §164.308(a)(5)(i)), and Business Associate Agreement management (45 CFR §164.308(b)(1)).
Over more than 10 years, the firm has helped thousands of healthcare users. No client has ever received an OCR fine or failed a HIPAA audit.
Protected Health Information (PHI) is any health information that can identify a person and that a covered entity or business associate creates, receives, keeps, or transmits (45 CFR §160.103). Examples of PHI:
Covered Entity means a health plan, healthcare clearinghouse, or healthcare provider that sends health information electronically in a HIPAA-covered transaction (45 CFR §160.103). Examples include hospitals, physician practices, dental offices, pharmacies, and health insurance companies.
Business Associate is a person or company that performs functions or activities for a covered entity that involve PHI, or that provides services giving them access to PHI (45 CFR §160.103). Examples include IT service providers, cloud hosts, billing services, EHR vendors, and shredding companies.
HIPAA Privacy Rule (45 CFR Part 164, Subpart E) sets national rules for using and sharing PHI. It gives patients rights over their health records, such as the right to access, amend, and get an accounting of disclosures. Covered entities must follow the minimum necessary standard and name a Privacy Officer.
HIPAA Security Rule (45 CFR Part 164, Subpart C) requires covered entities and business associates to implement administrative, physical, and technical safeguards to protect electronic PHI (ePHI). Required safeguards include access controls (§164.312(a)), audit controls (§164.312(b)), integrity controls (§164.312(c)), and transmission security (§164.312(e)).
HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D) requires covered entities to tell affected individuals within 60 days after finding a breach of unsecured PHI (§164.404). Breaches affecting 500 or more people must also be reported to HHS and to major media outlets (§164.406, §164.408).
To comply with HIPAA, organizations must:
The Office for Civil Rights (OCR) at HHS enforces HIPAA. OCR investigates complaints, performs compliance reviews, and can impose civil fines. Penalties range from $141 to $2,134,831 per violation category per year (adjusted for inflation under 45 CFR §160.404).
One Guy Consulting provides implementation support across these requirements for covered entities and business associates nationwide.
Chuck Weiselberg founded One Guy Consulting. He leads the firm's HIPAA services, including risk assessments, gap analysis, policy development, workforce training, and vendor oversight.
Engagements typically start with an assessment of how an organization handles PHI. From there, Chuck identifies compliance gaps, prioritizes fixes by risk, creates the required documents, and sets up evidence of ongoing compliance.
Chuck is a C.H.P. (Certified HIPAA Professional) with more than 20 years of experience and over ten years as a HIPAA subject-matter expert.
He has helped thousands of healthcare users and worked with Compliance Officers to build programs that passed audits with no fines. That track record comes from a proven process, practical policies, and user-friendly software that needs no technical skills.
Services align with HIPAA Administrative Simplification requirements (45 CFR Parts 160 and 164).
OCR uses four penalty tiers:
Annual maximums apply per identical provision. Criminal penalties under 42 U.S.C. §1320d-6 can reach $250,000 and up to 10 years in prison for offenses committed with intent to sell or misuse PHI.
Penalty amounts reflect 2024 inflation adjustments per HHS final rule (89 FR 25068).
Related Reading
