Guidance on the HIPAA Privacy, Security, and Breach Notification Audit Program
Overview and details for 2016 provided by the Office for Civil Rights
From the OCR website:
The audit program is an important part of OCR’s overall health information privacy, security, and breach notification compliance activities. OCR uses the audit program to assess the HIPAA compliance efforts of a range of entities covered by HIPAA regulations. The audits present an opportunity to examine mechanisms for compliance, identify best practices, discover risks and vulnerabilities that may not have come to light through OCR’s ongoing complaint investigations and compliance reviews, and enable us to get out in front of problems before they result in breaches. OCR will broadly identify best practices gleaned through the audit process and will provide guidance targeted to identified compliance challenges.