Privacy Policy

Last Updated: January 23, 2026

One Guy Consulting ("we," "our," or "us") helps healthcare teams meet HIPAA rules. We take the privacy of your data seriously — both as a legal duty and as a sign of the standards we help our clients keep. This Privacy Policy explains how we collect, use, and protect your data when you visit oneguyconsulting.com or use our services.

Our Commitment to HIPAA-Aligned Privacy Practices

We offer HIPAA services like risk assessments, gap analysis, BAA management, and staff training. We hold ourselves to the same standards we help our clients reach. Our data practices align with the HIPAA Privacy Rule (45 CFR Part 164, Subpart E) and the Security Rule (45 CFR Part 164, Subpart C).

Key Terms

How HIPAA Applies to Our Services

When One Guy Consulting works with healthcare groups, we may act as a Business Associate under HIPAA. In those cases, we sign a BAA with the client. This limits our access to PHI to only what we need to do the work. We follow the Minimum Necessary Standard on every project and keep admin, technical, and physical safeguards in line with the Security Rule.

Our portal — where clients run risk assessments, manage vendor BAAs, and track training — uses encryption in transit (TLS 1.2+) and at rest, role-based access controls, and audit logging.

Information We Collect

Personal Data You Provide

When you use our contact form, sign up for services, or interact with our compliance portal, you may provide:

Automatically Collected Data

When you visit our website, we automatically collect:

How We Use Your Information

We use the information we collect to:

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share it only in the following situations:

Data Security Safeguards

We use admin, technical, and physical safeguards in line with the HIPAA Security Rule to protect your data. These include:

No data sent online is fully secure, so we cannot promise total safety. But we review and improve our safeguards often to meet current best practices and legal standards.

Breach Notification

If a breach affects your personal data or PHI, we will notify those involved and the proper authorities as required by the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414) and any state breach notice laws that apply. We will send notices without delay and no later than 60 days after finding the breach.

Your Rights

Based on where you live and how you work with us, you may have these rights:

To exercise any of these rights, contact us at hello@oneguyconsulting.com.

Data Retention

We keep personal data as long as we need it to serve the purposes in this policy, meet legal duties, and support active projects. HIPAA says covered entities and business associates must keep certain records for at least six years from the date they were created or last in effect, per 45 CFR § 164.530(j).

Third-Party Links

Our website may link to outside sites, such as HHS.gov and the Code of Federal Regulations. We are not in charge of how those sites handle privacy. We suggest you read their own privacy policies.

Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy when our practices or the rules change. When we do, we will post the new version here and change the "Last Updated" date. Big changes will be sent to active clients by email.

Regulatory References

Contact Us

If you have questions about this Privacy Policy or how we handle your information, contact us: