New HIPAA audits are focusing on healthcare providers as well as their business associates, according to the U.S. Department of Health and Human Services Office of Civil Rights.

The second round of audits, which began in late March, will include 200 desk and onsite audits, OCR said. The desk audits will focus specifically on policies and procedures relating to security and privacy risk management, breach notification and notice of privacy.

The first phase of the audits was conducted in 2011 and 2012 and focused solely on healthcare providers. In 2014, OCR said the second round of audits would be “rapidly” conducted and likely result in significant enforcement actions.

OCR anticipates the desk audits to be completed by the end of 2016, with the onsite audits beginning later in the year.