Below are links to two articles relating to an ongoing security audit reportedly being performed by the Department of Health and Human Service''s Office of Inspector General (OIG).  The audit involves an Atlanta hospital.  Because the Centers for Medicare and Medicaid Services is charged with enforcing the HIPAA Security Rule, the OIG''s involvement in this particular audit is raising questions.  The second link lists the information supposedly being requested. 

While we have not independently confirmed the information in these articles, the data requested in the audit appears to track many of the Security Rule''s specific requirements. It is our understanding that the Office for Civil Rights issues similar requests when investigating alleged privacy breaches.  The key to being prepared for such an audit is to ensure that entities subject to HIPAA have addressed each and every provision in both the Security Rule and Privacy Rule.  These entities must be able to document compliance through written policies, procedures and similar records.