Yesterday, OCR posted the protocal and requirements that it will use to audit covered entities for HIPAA privacy, security and breach notification violations. The protocal can be accessed at: http://ocrnotifications.hhs.gov/hipaa.html