The U.S. Office for Civil Rights HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. The protocol covers Privacy Rule requirements for notice of privacy practices for PHI, rights to request privacy protection for PHI, access of individuals to PHI, administrative requirements, uses and disclosures of PHI, amendment of PHI, accounting of disclosures and requirements for the Breach Notification Rule.