The audit program represents one more avenue by which OCR ensures compliance with HIPAA protections of health information to the benefit of consumers. So,you and your organisation have the responsibility to cooperate during the audit and answering all the questions that are asked of you with regards to the audit. The Department has entered into a contract with the audit contractor to conduct the audits on its behalf. So, you are not responsible for remuneration of the auditing firm. The auditors have the responsibility of keeping to the scope of the audit program not exceeding beyond the Privacy, Security, and Breach Notification Rules.