The phase 1 audits identified high levels of non-compliance in the following areas:
- Risk analysis and risk management
- Content and timelines of breach notifications
- Notice of privacy practices
- Individual access
- Privacy Standards reasonable safeguards requirement
- Training on HIPAA policies and breach notification procedures
- Device/media controls
- Transmission security