The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for privacy and security enforcement under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. The OCR is piloting a program to perform up to 150 audits of covered entities to assess privacy and security compliance. Audits are to conclude by December 2012.