The Office for Civil Rights in the U.S. Dept. of Health and Human Services has launched a pilot program for up to 150 audits to assess privacy and security compliance of covered entities and business associates with the Health Insurance Portability and Accountability Act’s Privacy and Security Rules and Breach Notification standards.

Audits conducted during the pilot phase began November 2011 and will conclude by December 2012, according to OCR.

OCR says selections in the initial round of audits will be designed to provide “a broad assessment of a complex and diverse health care industry,” including covered individual and organizational providers of health services, health plans of all sizes and functions, and health care clearinghouses. “We expect covered entities to provide the auditors their full cooperation and support and remind them of their cooperation obligations under the HIPAA Enforcement Rule,” OCR says.

The audit program will examine mechanisms for compliance, identify best practices and discover risks and vulnerabilities that may not have come to light through OCR’s ongoing complaint investigations and compliance reviews, the agency says.