Law360, New York ( March 29, 2016, 11:08 AM EDT) -- On March 21, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights announced it was beginning its next round of audits of covered entities and business associates for compliance with the Health Insurance Portability and Accountability Act privacy rule, security rule, and breach notification rule (the phase two audits).[1] The phase two audits will consist primarily of desk audits during which OCR will review policies and procedures implemented by covered entities and business associates to comply with HIPAA's requirements, but some on-site audits also will be conducted. Covered entities and business associates should take this opportunity to prepare for potentially being the target of an audit by making sure that their HIPAA compliance programs and associated policies and procedures are fully up-to-date and are being implemented appropriately....