On March 21, the Department of Health and Human Services' Office for Civil Rights ("OCR"), the body responsible for enforcing HIPAA, announced that it would begin planning its second phase of audits of covered entities and their business associates. In this phase of audits, the OCR will review policies and procedures that are required by HIPAA to be adopted and followed with respect to HIPAA's Privacy, Security, and Breach Notification Rules.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.