On March 21, the Department of Health and Human Services ("HHS") Office for Civil Rights ("OCR") announced that Phase 2 of the HIPAA Audit Program is underway. Phase 2, which comes four years after the 2012 pilot testing audit program, will consist of three stages of audits: first, desk audits of covered entities; second, desk audits of business associates; and third, onsite audits to examine a broader scope of requirements. The Audit Program is intended to review both covered entities and their business associates for compliance with the Privacy, Security, and Breach Notification Rules. The audit reports will be used to develop new guidance, technical assistance, and policies to strengthen adherence to HIPAA. The first two stages of audits are expected to be complete by the end of 2016.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.