The Office for Civil Rights (OCR) has issued its revamped audit protocol for its second phase of auditing covered entities and business associates’ compliance with the HIPAA Privacy, Security and Breach Notification Rules.

The lengthy audit protocol is posted on the OCR website. It provides general instructions, and then cites each statutory section of the