The HHS Office for Civil Rights (OCR) announced on Monday that it has launched the long-awaited Phase 2 of its HIPAA Privacy, Security, and Breach Notification Audit Program.

The purpose of the Audit Program is to assess the compliance of covered entities and business associates with the HIPAA Privacy, Security and Breach Notification Rules. The audits are intended to supplement OCR’s other enforcement tools, such as complaint investigations and compliance reviews.