Have you heard about the federal privacy and security compliance audit pilot program?  The Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of the 2009 stimulus package, requires the Department of Health and Human Services (HHS) to conduct periodic audits to ensure covered entities and business associates are complying with the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules and Breach Notification standards.  To implement this mandate, the HHS Office of Civil Rights (OCR) is piloting a program to perform up to 150 audits of covered entities to assess privacy and security compliance. The pilot phase began in November 2011 and will conclude by December 2012. The HITECH Act enhances HIPAA’s privacy and security provisions by requiring “covered entities” such as physicians and their business associates to provide for notification in the case of breaches of unsecured protected health information (PHI).  The breach...