The audit process will consist of three phases, including a small desk audit and then a more in-depth desk audit. The in-depth desk audit will examine compliance with the various HIPAA security, privacy, and breach notification rules. The final phase will include a more general audit examining broad HIPAA compliance across all aspects of the healthcare organization.