“For business associates, desk audits will target breach notification and the security rule’s risk analysis and risk management requirements. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) intends for the desk audits to begin any time now and to conclude by the end of the year. Next year, OCR plans to conduct full audits of all the HIPAA requirements of a selected group of both business associates and covered entities.” (Davis Wright Tremaine LLP)