The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) began a pilot program in 2012 to assess the procedures implemented by covered entities to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). OCR evaluated the effectiveness of the pilot program and then announced Phase 2 of the program on March 21, 2016. Phase 2 Audits focus on the policies and procedures adopted by both covered entities and business associates to ensure they meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. Covered entities include health plans, health care clearinghouses, and health care providers; whereas, business associates include anyone handling health information on behalf of a covered entity.