How Do I Choose The Right HIPAA Compliance Consultant?

March 15, 2019

by Nick Jaworski, Digital Community Builder of Circle Social, Inc.

three people (a black man, white woman, and black woman) sit on chairs, having a conversation. The white woman has a laptop. Text reads 'How Do I Choose the Right HIPAA Compliance Consultant?'

In 2018 alone, settlements for HIPAA violations totaled over $30 million, and no one is immune to the risk of legal action.

Even the Fortune 500 company Anthem Inc. was faced with a violation case.

It's more important than ever to be in compliance. But not every center can afford to keep a permanent specialist on staff to make sure that every area of operations is practicing compliance.

Sometimes, you need to bring in a consultant.

What Does a HIPAA Compliance Consultant Do?

HIPAA compliance consultants offer different services based on their experience and area of expertise.

Some of the tasks you may need them to form are as follows:

  • Policy audits
  • Recommending specific training for your staff
  • Training your staff
  • Serving as an expert witness after a complaint

Different consultants have different specialities under the large banner of HIPAA requirements.

The first consultants that come to mind are legal experts. They know what all HIPAA covers, can spot violations or areas that might cause one.

They may also be able to serve as an expert witness if a complaint is ever lodged against you.

Some consultants are excellent at health information management (HIM). Usually HIM specialists can help you figure out a standard operating procedure for record keeping transmission.

Other consultants specialize in IT-related aspects on compliance.

This is especially important since enforcement for the HITECH act, requiring health centers to maintain electronic records, ramped up a few years ago.

Choose your consultant primarily based on your biggest need, and find one whose speciality lines up with your need.

How To Know If A Consultant Can Meet Your Needs

Unfortunately, the HIPAA consulting space has an issue with properly communicating what a consultant's specialty is.

In the worst of cases, consultants will even exaggerate their expertise, or claim to be experts in areas that they are not up-to-date in, or even have no experience in at all.

So to make sure you're choosing the right person for your center's needs, there are many ways to confirm their skills.

Some of them are:

  1. Ask for references: It's possible to ask the consultant if any previous clients are willing to serve as a reference for them. Hopefully the references will list the areas that the consultant helped their center with in a specific and detailed manner.
  2. Check their bios: In addition to their resumes or CVs, some consultants have been published in books or reputable articles. Glances through those will give you an idea of the consultants strong suits, as they are most likely to make public statements on the topics they are most knowledgeable of.
  3. Check their status: There may be public information about the consultant you are considering. You can check their licensure status, and see if there are any complaints against them.
  4. Perform an in-depth interview: Once you have done a little background research on your consulting candidates, you still need to make sure your interview covers everything.

Remember, HIPAA compliance can make-or-break a small to medium sized health center.

Interviews should cover the following topics:

  • How long have they been consulting?
  • Are they certified in any specific areas, such as litigation?
  • Have they received any awards for their consulting?
  • Where did they get their HIPAA training?
  • When did they last update their training?

Of course, these questions are just to verify that your consultant is qualified. You still need to confirm their special skills and which parts of HIPAA compliance they can help you with in the interview as well.

What If I Am Still Not Sure A Consultant Is Legitimate?

Even after interviewing, you may be left with some questions.

If you lack legal expertise yourself, you may still be unsure if the qualifications your candidates claim to have are relevant or even real or accurate.

In such a case, there is still recourse. Firstly, you can always see if any of your colleagues or health professionals that you know to be well-informed have a recommended consultant. Also, if your consulting candidate has been a speaker at any seminars, the organization that put on the seminar most likely confirmed the information in that consultant's bio.

The easiest way to lift any doubt about a consultant's legitimacy though, is to start right away with a professional association's list of vetted candidates. The National Behavioral Health Association of Providers is just one example of such an organization.


A national membership association that provides education and advocacy for those in the behavioral health and addiction treatment industries.

We are the leading and unifying voice of addiction-focused treatment programs.

Join Now

Contact Us

Monday - Friday
8:30 am - 4:30 pm Pacific
(closed major holidays)

SUD Treatment Provider Boot Camp Webinar Series