In 2012, the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS) conducted 115 audits of companies' compliance with the security and privacy rules of the Health Insurance Portability and Accountability Act (HIPAA), but the program is being delayed while companies adapt to the HIPAA Omnibus Final Rule, which takes effect March 26.

"Right now, we're going to be concentrating on the implementation of the HIPAA Omnibus Rule and then looking to pick up with audits after the end of this fiscal year," OCR's Deputy Director Susan McAndrew says. The federal fiscal year ends Sept. 30.

Meanwhile, OCR is using the results of the initial 115 audits to guide its efforts in the future. In tight budgetary times, OCR is relying on funds from monetary fines levied during routine enforcement efforts to pay for the audits.