Chances are it won’t happen—but you'd better be prepared if it does: The feds will be conducting a “small number” of onsite HIPAA audits in 2017, according to an HHS Office for Civil Rights official.

OCR senior adviser Linda Sanches, at the Healthcare Information and Management Systems Society Privacy & Security Forum in Boston this week, explained what healthcare leaders can expect from the process, according to Healthcare IT News.

"We’re looking for evidence that you are implementing the policies and procedures," Sanches told the audience. "Two huge problems we’re seeing are implementation of risk analysis and risk management."

HIPAA privacy audits were put on hold last year as the agency developed its phase 2 policy. This spring, HHS posted a new HIPAA audit protocol.

OCR will look “at risk analyses and risk management, notices of privacy practices and access and response to requests for access, and content timeliness of notifications," OCR Director Jocelyn Samuels said at the time.

Currently, more than 200 desk audits are ongoing—most of them focused on providers, Sanches said, according to Healthcare IT News.