The HHS Office for Civil Rights (OCR) began the latest phase of audits of covered entities and their business associates in July 2016. The 2016 Phase 2 HIPAA Audit Program reviews the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security and Breach Notification Rules. The audit protocol provides a roadmap for provider compliance teams to review potential areas of opportunity in the facility HIPAA privacy, security and breach notification program. An extensive inquiry guide and documentation request list has been posted.
See the full announcement at: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/