The HHS Office for Civil Rights (“OCR”) recently published an announcement describing the next phase of HIPAA audits of covered entities and business associates. As part of this second phase of the audit program, OCR will be reviewing policies and procedures of covered entities and business associates to determine whether they meet the standards and specifications provided for under HIPAA. Initially, OCR will seek to verify an entity’s address and contact information through email correspondence. Based on data collected during this information gathering stage potential audit pools will be identified and subsequent audits will be performed. This announcement by OCR provides yet another reminder of the importance of assuring that covered entities and business associates have adequate policies and procedures in place to satisfy their respective HIPAA compliance obligations.