Jocelyn Samuels, the top Federal official in charge of HIPAA enforcement, Jocelyn Samuels, just said the one critical thing covered entities and business associates must do to ensure compliance with HIPAA's Privacy, Breach, and Security Rules is a HIPAA Risk Analysis - "... a comprehensive and thorough approach to assessing and addressing the risks to all of the protected health information (PHI) they maintain." Risk Analysis is mandatory, however, 2012 audits found 80% of health care providers failed to comply wth this mandatory requirement. Covered Entites and Business Associates are under intense pressure to do a HIPAA Risk Analysis of all PHI they maintain - and have been left on their own to do it. No wonder HHS found 80% of health care providers failed to do the Risk Analysis. HIPAA violations are increasing dramatically. 2015 was the "Year of the Breach". Expect both increased government enforcement and private lawsuits.