The OCR HIPAA Audit program is designed to analyze processes, controls, and policies of selected covered entities and business associates. The OCR has established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits.