HIPAA violations cost U.S. healthcare organizations over $13 billion in fines and settlements since the rule was enacted — and enforcement is accelerating. Whether you're a medical practice, billing company, or business associate in New Jersey, this checklist will help you identify gaps before the auditors do.

Physical Safeguards

  • Workstations in clinical areas have screen privacy filters and auto-lock after 5 minutes of inactivity
  • Server rooms and network closets are locked and access is logged
  • Printed PHI is disposed of via cross-cut shredding, not general recycling
  • Visitor access to areas with ePHI is controlled and logged
  • Decommissioned devices (laptops, hard drives) are wiped or physically destroyed before disposal

Technical Safeguards

  • All ePHI is encrypted at rest (AES-256 minimum) and in transit (TLS 1.2+)
  • Multi-factor authentication (MFA) is enforced for all systems that access ePHI
  • Unique user IDs are assigned — no shared logins
  • Automatic logoff is configured on all systems accessing ePHI
  • Audit logs are enabled and reviewed regularly for unauthorized access
  • Emergency access procedures are documented and tested

Administrative Safeguards

  • A Security Officer is designated and their responsibilities are documented
  • Risk assessment has been conducted within the past 12 months
  • All workforce members have completed HIPAA training (documented)
  • Business Associate Agreements (BAAs) are in place with all vendors who handle ePHI
  • An incident response plan exists and has been tested
  • Policies and procedures are documented, reviewed annually, and accessible to staff

What Happens If You Fail a HIPAA Audit?

Penalties range from $100 per violation (unknowing) to $50,000 per violation (willful neglect), with an annual cap of $1.9 million per violation category. Beyond fines, a breach can trigger state attorney general investigations and class-action lawsuits. In New Jersey, the Division of Consumer Affairs actively investigates healthcare data incidents.

How Teconnected Can Help

Our compliance team conducts comprehensive HIPAA gap assessments for healthcare organizations across New Jersey. We identify deficiencies, implement technical controls, develop policies, and prepare your documentation for audit readiness — so compliance becomes an ongoing practice, not a last-minute scramble.