The Office for Civil Rights (OCR) this month is commencing its first round of audits focusing on covered entities' HIPAA security and privacy rule compliance. A pilot audit program running through April 2012 will check compliance at 20 firms to form the basis for auditing procedures in the future.

Eventually, 150 covered entities will be subjected to audits.

“Audits present a new opportunity to examine mechanisms for compliance, identify best practices and discover risks and vulnerabilities that may not have come to light through OCR’s ongoing compliant investigations and compliance reviews,” stated OCR’s Web site dedicated to the program.

Firms to be audited will be given 30- to 90-days' advance notice, and these firms are then given 10 business days to supply any requested information and materials.

HIPAA refers to the Health Insurance Portability and Accountability Act of 1996. The enforcing agency for the law's subsequent privacy and security regulations is the OCR, which is a wing of the Department of Health and Human Services (HHS). Covered entities are generally health care providers, health insurers, and health administrative services that deal with health records.

Employers, if you offer health insurance, it's strongly advised to get a copy of Personnel Concepts' All-On-One HIPAA Information Poster to keep your employees informed about their rights and obligations regarding HIPAA and its security and privacy rules.