The most common HIPAA violations are not necessarily impermissible disclosures of PHI. Covered entities have had sanctions imposed for failing to conduct a risk analysis, failing to enter into a HIPAA-compliant Business Associate Agreement, and you failing to encrypt ePHI to ensure its integrity..