One Guy Consulting

Very glad to be discussing a practical guide to HIPAA Risk Assessments today! A HIPAA risk assessment is a mandatory, deep-dive evaluation required by the Security Rule. Its whole purpose is to sniff out potential risks and weak spots that could compromise the confidentiality, integrity, and availability of electronic protected health information (ePHI). This isn’t just about ticking boxes on a checklist; it’s the absolute foundation for defending against data breaches, non-compliant activity, and avoiding some seriously painful penalties.

A Practical Guide for a Bulletproof Risk Assessment

It’s easy to look at a HIPAA risk assessment as another annoying administrative task. Frankly, that mindset misses the entire point and puts your organization in real danger. A proper assessment is the single most important thing you can do to protect patient data, keep your good name, and stay financially stable.

Think of it this way: you wouldn’t build a hospital without checking the land for flood zones or unstable ground first. A HIPAA risk assessment does the exact same thing for your compliance plan’s infrastructure. It systematically finds the cracks in your foundation before someone else does.

Financial Penalties Are No Longer Hypothetical

The days of getting a simple slap on the wrist are long gone. We’ve seen fines for failing to conduct a proper risk analysis range from $25,000 for smaller practices all the way up to $3 million for a national medical supplier after a breach that started with a simple phishing email.

These fines prove a major shift in thinking: nobody is too small to escape scrutiny. You can get more details about recent OCR enforcement trends and see how they are issuing these multillion-dollar HIPAA penalties.

It’s not just the massive data breaches that trigger these fines, either. The OCR has repeatedly fined organizations for one specific failure: not having a thorough and accurate risk assessment in place before something bad happens.

An inadequate risk assessment is often the first domino to fall. It brings to the surface unaddressed vulnerabilities, which pave the way for a breach. The breach which will, in turn trigger an audit that uncovers the initial failure was in performing a proper assessment.

The message from regulators couldn’t be clearer. They expect you to be proactive, not reactive.

More Than Just Fines: A Practical Guide to Corrective Action and Reputational Harm

The financial hit from an OCR fine is just the start of the headache. When a major violation is found, the OCR slaps you with a Corrective Action Plan (CAP). A CAP is a legally binding agreement that puts your organization under a microscope for years. It often requires:

Mandatory oversight: The government tells you exactly how to fix your security program.

Costly reporting: You’ll have to submit regular, detailed reports to prove you’re complying.

Resource drain: Your team’s focus gets pulled away from patient care and operations to satisfying federal monitors.

Beyond the regulatory mess, the damage to your reputation can be impossible to fix. Patients trust you with their most private information. A breach that happens because you neglected your risk assessment shatters that trust. Patients will go elsewhere, and attracting new ones becomes a monumental challenge. This loss of goodwill can hit your bottom line harder and for longer than any government fine.

A thorough HIPAA risk assessment is your first and best line of defense. It gives you the intelligence you need to spend your resources wisely, patch your vulnerabilities, and build a security program that can actually stand up to today’s threats.

For any healthcare organization trying to get this foundational step right, having the right tools and templates is a game-changer. Explore the resources in the One Guy Consulting shop to build an assessment process that protects your patients and your practice.

A Practical Guide to Setting the Stage for an Effective Assessment

A solid HIPAA risk assessment doesn’t just happen. It starts long before you even think about looking for vulnerabilities. I’ve seen too many organizations jump the gun, rushing into the analysis without laying the proper groundwork. It’s a lot like trying to build a house on a shaky foundation, where it’s guaranteed to cause problems down the road.

This prep work is your pre-flight checklist. Getting it right ensures a smooth, accurate, and genuinely useful process. We’re not just ticking boxes here; we’re building a crystal-clear picture of your organization’s reality. Without it, your assessment will be riddled with blind spots that hackers absolutely love to find.

A Practical Guide to Defining the Scope of Your Assessment(s)

First things first: you need to draw your boundaries. The scope of your assessment defines exactly what you’re going to look at. It has to cover every single location, system, and process where electronic protected health information (ePHI) is created, received, kept, or sent.

Think bigger. It’s not just about your main Electronic Health Record (EHR) system. The scope has to include:

All your physical locations: Every single clinic, administrative office, and data center.

All devices: This means servers, workstations, laptops, tablets, and yes, even personal mobile devices used for work under a BYOD policy.

All software and applications: Think about your EHR, practice management software, billing platforms, patient portals, and any cloud services like Microsoft 365 or Google Workspace that might touch ePHI.

All external connections: Don’t forget about the data flowing to labs, pharmacies, or third-party billing services.

A classic mistake is drawing the scope too narrowly. Forgetting about that old legacy server humming away in a closet or a cloud app used by just one department can leave a massive hole in your security defenses.

Assembling Your Cross-Functional Team

A HIPAA risk assessment should never, ever be a one-person show. It’s especially not just an “IT thing.” Security is a team sport, and you need people with a 360 degree view of your operations to see the whole picture. This is how you avoid the “silo effect,” where one department’s risks are completely invisible to another.

A Practical Guide to Your Dream Team

You should have someone from each of these key areas assisting with your HIPAA risk assessments:

IT and Security Staff: These are your tech experts. They know the network, the software, and the security controls inside and out.

Compliance Officer: This person will lead the charge and make sure everything lines up with the regulations.

Clinical Staff: Your nurses, doctors, and medical assistants have boots-on-the-ground knowledge of patient data workflows. They know how ePHI is actually used every day.

Administrative and Billing Staff: They understand the money side of things and how operational data flows, which often contains a ton of sensitive ePHI.

Bringing these different voices to the table is critical. A clinician might point out an insecure workflow that IT would never catch just by looking at server logs.

A Practical Guide to Gathering Your Foundational Documents

Once your team is in place and you’ve set the scope, it’s time to collect your paperwork. These documents are the raw materials for your assessment, giving you a factual baseline to work from. Trying to do this without them is pure guesswork.

A practical guide to HIPAA risk assessments would be lacking if it did not mention that an accurate and thorough risk analysis is impossible without a complete inventory of where your ePHI lives and how it moves. This foundational documentation is non-negotiable for identifying your true vulnerabilities.

Start by pulling together these essential items:

Asset Inventory: A detailed list of all hardware and software in your scope. This should include device types, operating systems, and physical locations.

Existing Policies and Procedures: Grab all your current documentation on security, privacy, incident response, and acceptable use.

Previous Risk Assessments: If you’ve done this before, those past reports are gold. They can help you spot recurring issues and see how far you’ve come.

This initial legwork can feel a bit tedious, I get it. But it’s what prevents you from missing something huge and allows you to build the accurate, comprehensive picture needed for a truly meaningful assessment. Measuring twice and cutting once will always be the wisest approach to completing this task.

A Practical Guide to Uncovering Your Hidden Threats and Vulnerabilities

Alright, you’ve mapped out where your ePHI lives and got the right people in the room. Now for the real detective work! A practical guide to HIPAA risk assessments would now tell you it’s time to put on the ol’ investigator hat. You need to start actively hunting for security failures that could lead to a data breach.

A Practical Guide to Identifying (Potential) Threats to ePHI

Threats are simply the “what could happen” part of this whole equation. They are potential events that could mess with the confidentiality, integrity, or availability of your electronic protected health information.

You need to think broadly here. Threats pop up from all over the place:

Natural Disasters: Think fires, floods, or a freak power outage that takes out your servers.

Human Errors: This is a big one. An employee accidentally emails a patient list to the wrong person or misconfigures a cloud server, leaving it open to the world.

Malicious Actors: These are the villains of the story. Hackers launching ransomware, cybercriminals trying to steal identities, or even a disgruntled employee deliberately wiping files on their way out.

Honestly, it’s crucial not to downplay any of these. A sophisticated ransomware attack grabs all the headlines, but a simple, honest mistake by a well-meaning employee can be just as devastating.

Pinpointing Specific Vulnerabilities

If threats are the “what,” then vulnerabilities are the “how.” These are the weak spots or gaps in your security controls that a threat could wiggle through. A practical guide to HIPAA risk assessments would be remiss to not mention that this is where you have to get brutally honest with yourself about where your defenses are thin.

Some of the usual suspects I see in healthcare settings include:

Unpatched Software: Not applying security updates to operating systems, apps, or network gear is like leaving the front door wide open with a “welcome” mat out for attackers.

Lack of Encryption: Storing ePHI on unencrypted laptops or sending it over unsecured Wi-Fi is a massive red flag for auditors and a gift to thieves.

Weak Access Controls: Shared passwords, no real password policies, and failing to immediately cut off access for terminated employees are all recipes for disaster.

Insufficient Training: Your people are your biggest asset, but an untrained workforce that can’t spot a phishing email is also your biggest vulnerability. Period.

One of the most overlooked areas? The risk that comes from your partners. It’s a shocking statistic, but third-party vendors are now implicated in 74% of healthcare data breaches. This makes vendor risk management an absolute necessity in your assessment. The problem is only getting worse with the nonstop rise of ransomware and new AI based cyberattacks designed to sidestep old security tools. It’s a whole new ballgame, and you can learn more about what this means for your HIPAA wake-up call in 2025.

A vulnerability without a threat is just a theoretical problem. But when a specific threat can exploit a vulnerability you actually have? That’s a genuine risk you have to deal with. Your job is to find those dangerous pairings.

A Practical Guide to Connecting Vulnerabilities to Threats

To make this whole process less abstract, it’s incredibly helpful to draw a direct line between the vulnerabilities you find and the threats that could exploit them. This isn’t just a box-checking exercise; it helps you see the real-world impact of a single weak spot.

Here’s a look at some of the common weak points in healthcare IT and the specific cyber threats that love to exploit them.

A Practical Guide to Common Healthcare Vulnerabilities and Associated Threats

VulnerabilityPotential ThreatWhere to LookOutdated Antivirus SoftwareRansomware infection that encrypts your entire EHR system.Check server and workstation update logs and management consoles.No Encryption on LaptopsData breach if a doctor’s laptop is stolen from their car.Review device management policies and perform physical spot-checks.Weak Password PoliciesAn unauthorized user guessing a simple password to gain network access.Audit Active Directory settings and user account configurations.No Vendor Security ReviewA breach at your billing partner that exposes your patient data.Examine vendor contracts and Business Associate Agreements (BAAs).

Taking a systematic approach like this is the way to go. Start by identifying threats, pinpointing vulnerabilities, and then connecting the two. This is the core of a truly thorough analysis. It transforms your HIPAA risk assessment from a painful compliance chore into a powerful tool for actually improving your security.

This kind of detailed detective work can feel complicated, but it’s a mandate for HIPAA compliance. For expert-designed templates that guide you through identifying and documenting these risks, head over to the shop at www.oneguyconsulting.com/shop.

A Practical Guide for Turning Your Findings into an Actionable Plan

You’ve done the hard work of digging through your systems, policies, and procedures to find your threats and vulnerabilities. Now you’re probably staring at a long, intimidating list of potential problems. Don’t panic. Identifying these issues is a huge step, but it’s only half the battle.

The goal now is to turn that raw list of findings into a prioritized roadmap. This analysis is what lets you focus your limited time, budget, and energy on the vulnerabilities that pose the greatest danger to your patients’ data and your organization’s health.

Quantifying Your Risks

To prioritize effectively, you need a consistent way to measure risk. This isn’t about complex math; it’s about making informed, defensible judgments. The standard approach involves evaluating two key factors for each identified vulnerability:

Likelihood: How probable is it that a specific threat will actually exploit this vulnerability?

Impact: If a breach were to happen, how severe would the consequences be for your organization and your patients?

By combining these two factors, you can assign a risk level to every single finding. This process transforms a subjective “that sounds bad” into an objective “this is a high-risk item that needs immediate attention.”

Choosing a Risk Scoring Model

You don’t need a super computer to calculate risk. In my experience, a simple, practical model is often the most effective. The key is to choose a method, document it, and apply it consistently across all your findings.

A common and highly effective approach is a risk matrix. This model uses a simple grid to plot likelihood against impact, assigning a risk level where they intersect. It’s visual, easy to understand, and forces you to think through both dimensions of risk for every single item on your list.

Here’s a simple example you can adapt:Likelihood of OccurrencePotential ImpactLowMediumHighHighMedium RiskHigh RiskHigh RiskMediumLow RiskMedium RiskHigh RiskLowLow RiskLow RiskMedium Risk

Using this matrix, an unencrypted laptop (High Impact) that frequently leaves the office (High Likelihood) would clearly land in the “High Risk” category. In contrast, a lack of documentation for a rarely used legacy system (Low Impact, Low Likelihood) would be a “Low Risk.” This simple act of categorization brings immediate clarity to your action plan.

Your risk analysis isn’t just about finding problems; it’s about proving you have a logical process for evaluating and prioritizing them. A documented scoring model is your proof.

From Analysis to Prioritization

Once every vulnerability has a risk score prioritization becomes pretty straightforward. You now have a clear, defensible list of what to tackle first. Your high-risk items are your immediate priorities, the things that require resources and attention right now.

This method helps you move beyond a reactive approach to security. Instead of just guessing what to fix, you have facts to aid in the construction of your plan. It allows you to confidently explain to leadership why you need to invest in encrypting laptops before updating a minor internal policy. This structured approach is central to a successful HIPAA risk assessment and shows auditors you have a mature security program.

Transforming your findings into a coherent plan is where the real value of your assessment emerges. Getting this right is crucial, and having a structured way to evaluate and document these risks can save countless hours.

Documenting and Remediating Like a Pro

An undocumented HIPAA risk assessment is, for all intents and purposes, an incomplete one. If you can’t show an auditor your work, you haven’t met the requirement. Simple as that.

But documentation is way more than a compliance checkbox. It’s the bridge between finding risks and actually fixing them. This is where your assessment findings get legs and become a powerful tool for your team. A strong report doesn’t have to be a hundred pages long, but it does need to tell a clear story. It should detail the scope, the methodology you used, and a punchy summary of your findings. This document becomes your blueprint for forthcoming improvements.

From Static Report to Living Document

Your risk assessment should be a living, breathing process, not a one and done snapshot. It’s a continuous cycle of identification, evaluation, and remediation. I’ll be honest, this is a significant challenge for a lot of organizations I work with.

Recent surveys show that plenty of folks in the healthcare industry are still struggling with compliance maturity. A surprisingly large number of organizations still don’t have a dedicated HIPAA Compliance Officer with real authority, which is a fundamental miss. Policy management is another common weak point. Sure, most have basic policies, but many lack written documentation for new or complex risks, making it tough to prove anything during an audit. You can dig into the details in the 2025 HIPAA Journal annual survey results.

A great risk assessment doesn’t just list what’s wrong. It creates a clear, prioritized path forward and holds the organization accountable for walking it. It’s your evidence of due diligence and your roadmap for improvement.

Think of your documentation as a dynamic tool. When you roll out a new system or technology, revisit the assessment to see what new risks have popped up. This proactive stance shows auditors that your risk management program is mature and baked into your daily operations, not just something you do when you panic.

Ultimately, proper documentation turns your HIPAA risk assessment from a painful requirement into a strategic asset. It gives your team clarity, provides regulators with proof of due diligence, and offers a tangible plan for getting stronger over time.

For healthcare providers and business associates looking to build this kind of robust, audit ready documentation, using a proven framework is a no-brainer. The professional templates and tools available at www.oneguyconsulting.com/shop can help you shore up deficiencies, keeping your organization safe in the long run.

Your HIPAA Risk Assessment Questions Answered

Even with a perfect roadmap, running a HIPAA risk assessment is going to bring up questions. It’s only natural. When you’re digging into something this critical and detailed, you’re bound to hit a few points that need clarification.

Let’s walk through some of the most common questions I hear. Getting these fundamentals right is a big deal, because the Office for Civil Rights (OCR) has made it crystal clear that “I didn’t know” isn’t an excuse. A solid, accurate risk analysis is the bedrock of your entire security program.

How Often Should We Conduct a HIPAA Risk Assessment?

This is probably the number one question, and the answer isn’t a simple date on the calendar. While HIPAA itself says to conduct assessment ‘regularly’, the industry best practice is to perform a full-blown assessment at least once a year.

But here’s the more important part: you absolutely must conduct a new or updated risk assessment whenever there’s a significant change in your operations or technology. This could mean anything from launching a new EHR system, moving patient data to the cloud, or even something as simple as changing office locations. You also have to do one after any security incident.

Treat your risk assessment like a living, breathing process, not a checkbox task you do once a year. Your security posture is always changing, and your assessment needs to keep up.

Can We Use a Template or Software for Our Risk Assessment?

Absolutely. In fact, for a lot of smaller organizations that don’t have a dedicated security guru on staff, using a quality template or specialized software is a smart move. These tools give you a structured framework to make sure you don’t miss any of the required pieces.

However, a tool can’t do the necessary critical thinking for you. You have to take that template or software and customize it to fit your unique environment. Your systems, your workflows, your people. A generic checklist pulled off the internet isn’t going to cut it for a real, compliant assessment. Think of it as a starting point, not the finish line.

What Is the Difference Between a Risk Assessment and a Gap Analysis?

They’re related, but they do two very different jobs. I like to use a doctor visit analogy.

A gap analysis is like a health screening. It’s a straight-up compliance check. It compares what you’re currently doing against the specific text of the HIPAA Security Rule to see where you’re falling short. It answers the question, “Are we following the rules?”

A HIPAA risk assessment goes way deeper. It is a full diagnostic workup. It looks for threats (like ransomware) and vulnerabilities (like unpatched software) and then figures out the likelihood and potential impact of those things coming together. It answers the question, “Where are we most likely to get hurt, and how bad will it be?”

Simply put, a gap analysis finds where you’re breaking the rules. A risk assessment finds your actual, real world exposure to harm. You need both, but the risk assessment is the more foundational piece of the puzzle.

We Are a Small Practice. Do We Still Need to Do This?

Yes. One hundred percent. There are no exceptions. The HIPAA Security Rule applies to every single covered entity and their business associates, no matter how small. The OCR has a long, public history of bringing enforcement actions against small practices, sometimes with painful financial penalties.

Now, the rule does allow for flexibility. Your assessment should be scaled to the size and complexity of your practice. A solo practitioner’s risk assessment won’t look anything like one for a multi-state hospital system, and that’s okay. But failing to do one at all? That’s one of the most common and easily avoidable violations the OCR finds.

Navigating these details is a huge part of building a compliance program that actually works. If you’re looking for a solid framework to guide you, the professional templates and resources at www.oneguyconsulting.com/shop can give you the structure you need to get it done right.

Don’t Just Check a Box. Master Your HIPAA Compliance!

A solid HIPAA risk assessment isn’t just a good idea; it’s the absolute foundation for protecting patient data and dodging associated penalties. It’s a living, breathing cycle of evaluating, fixing, and improving your defenses against cyber threats that are always changing.

When you shift from simple compliance checks to a genuine, risk-based security mindset, you’re doing more than just following the rules. You’re actively building integrity into your organization.

This approach turns your assessment from a chore into a strategic tool. It shines a light on exactly where you need to invest your security resources for the biggest bang for your buck, helping you plug real world vulnerabilities before someone else finds them. That ongoing commitment is what separates a merely compliant organization from a truly secure one. It’s how you safeguard both patient trust and your hard-earned reputation.

One Guy Consulting is not just dedicated to HIPAA compliance, since we love to TEACH HIPAA compliance! That means there’s never a shortage of great questions for me to answer from you, so let’s dive into the first of 13 of the most common HIPAA questions:

Who does compliance responsibility lie with?

This question has a few correct answers.

I’ll be happy to explain!

HIPAA compliance responsibility is that of every staff member who works with PHI (Protected Health Information) on any sort of consistent basis. Everyone must work diligently to avoid unauthorized disclosures of PHI.

If the question is inquiring about who should take responsibility as a compliance officer, I always say it is someone with some “oomf” inside the organization. Someone who is part of the Executive team is great, but often they delegate this task to a subordinate. Now, THAT individual should be someone who, when they say jump, everyone else asks, “How high?”

Why perform regular compliance training?

Another great question! Compliance training is important in order to make sure that every staff member is on the same page with how they must comport themselves around sensitive information, like PHI. Training is done regularly. It serves as an annual refresher on best practice. This is a federal requirement, and should be organizational policy.

Why does HIPAA compliance matter?

HIPAA compliance matters in healthcare because the information we are safeguarding is sensitive, important, and valuable to criminals in a monetary sense. By making sure every staff member follows the same standards, we can coach away human error to a fair extent.

Who needs a compliance certificate?

The technical and correct answer is no one. There’s no official body that certifies HIPAA compliance.

However, just because the Government does not place value on this, doesn’t mean you cannot display your hard work in a certificate format. By displaying a certificate of compliance granted to you via a 3rd party vendor, you’re still displaying to clients, patients and the world at large that you take compliance seriously, you do the ongoing work needed to maintain privacy for your patients and clients and, most importantly, you care about patient confidentiality (which will mean more revenue in the long run, since your patients will appreciate you keeping their sensitive info safe).

HIPAA compliance is not just about policies, and training and bla bla bla. HIPAA compliance will instill trust within the local community, as your reputation grows but your encounters with the Government never seems to go up with it.

Why is HIPAA compliance necessary?

HIPAA compliance is necessary because of the base minimum standards it requires Covered Entities and their Business Associates to uphold in the name of safeguarding PHI. Without it, scores of folks would be working with very sensitive, protected health information with no guardrails.

This isn’t to say people would break bad and start selling phi like they were Walter White everywhere. It might prevent a few outlandish scenarios, but the majority of well intentioned folks will manage themselves just fine if there’s a set of rules to follow and a compliance officer to pose a question to, if confused.

Who qualifies as a compliance officer, aside from someone with organizational “oomf”?

A compliance officer does not necessarily need any special training or skills to serve in the role. This was discussed in FAQ 1 at the top of this article.

The only skill required of the compliance officer is the ability to make sure everyone gets their training done and understands what they were taught.

Where do compliance officers work?

Compliance officers are part of various industries. To maintain the scope of healthcare for answering this, you’ll find compliance officers work in any organization who feels they need someone assigned to that responsibility every day, all day. It’s not a requirement that this happen this way, but, depending on your business and how you operate, it may make sense for you to take on a full time compliance officer.

What HIPAA compliance violations are reported?

In short, all. All HIPAA compliance violations means an unauthorized disclosure of someone’s phi occurred. At minimum, the effected person shall be made aware when an incident happens. The law states that all affected parties must be notified when the incident results in an unauthorized disclosure.

Sometimes attempts to make people aware that an incident happened is a somewhat larger affair. If 500 or more records are exposed, you are be required to take an ad out on TV, or in a local paper. This is because you can’t be sure how many people this incident affected but you still have to notify those folks, or try to, to the best of your ability.

It’s worth mentioning that you will want to report all incidents which occurred in the past year to the Office of Civil Rights come January first. This is something everyone has to do, so don’t feel like you are exposing yourself. Quite the opposite actually!

If everyone else has incidents but you don’t, it seems weird to be squeaky clean. It’s better to be honest in this reporting and that is what will actually keep you off the governments radar.

What compliance training’s are required by law?

Great question!

As of this writing (October 2025), there are 2 explicitly named trainings (aside from policy attestation) in the law that need to be completed. They need to be completed annually to satisfy Federal compliance requirements.

HIPAA 101 training: Educates healthcare workers and business associates about the basics of their requirements under the law. This is done to ensure phi is kept private and secure.

CyberSecurity Awareness Training: Added in 2013 as part of the OMNIBUS rule. This training is a requirement. It teaches staff members how to safeguard PHI. Is does so by educating them on basic computer literacy,

How does HIPAA compliance help a company?

Having a formal HIPAA compliance plan in place helps a company for various reasons.

The principal reason to have a HIPAA compliance plan in place is due to federal requirements. Failure to comply with HIPAA standards will lead to fines, possible jail time, and irreversible damage to your reputation that can negatively impact your business.

Another reason to have a HIPAA compliance plan is to standardize the way in which staff interact with PHI. Written policies and procedures will explain appropriate actions for particular situations.

Last, being HIPAA compliant will lead to more business. It will provide you the ability to show people you take their privacy seriously, and aren’t fooling around with their PHI in any way.

Non compliance leads to?

Less business and possibly fines, ’nuff said!

Are compliance officers lawyers?

They can be. This is not an outlandish connection to draw. Compliance officers do not have to be, attorneys, though. HIPAA compliance officers do need to know the law, despite not being an attorney.

The last of the 13 of the most common HIPAA questions is ….

Are HIPAA compliance checks random?

They can be, but it is much more likely that you will receive a letter from OCR, or CMS prior to an audit. Sometimes, your potential auditor will inform you of what you are lacking and merely ask that you address what is lacking. However, don’t try your luck because this can be a big red flag that someone plans to visit in person. Follow the heads up given when a letter is received. Get HIPAA compliant really fast if this ever happens to you.

One Guy Consulting is here to answer 13 of your most common HIPAA questions!

We certainly hope you have found this article on “13 of the most common HIPAA questions answered” helpful! Thanks for stopping by and be sure to take a look at our Shop, or contact us directly for assistance. Always happy to help!

One Guy Consulting