HIPAA privacy: the compliance challenges ahead.

This Article reviews the HIPAA Privacy Standards' impact on healthcare organizations. It discusses whether a healthcare organization is a "Covered Entity" under the regulations, what information the Privacy Standards protect, what restrictions the regulations place on the use and disclosure of protected health information, what individual rights the Privacy Standards create, and what agreements they require between healthcare organizations and their business associates. The author provides relatively extensive guidance to organizations that are embarking upon their voyage of compliance with these broadly applicable regulations, but notes that the full extent of necessary compliance remains unclear, pending DHHS issuance of the next iteration of the rulemaking in this area. The Article was finalized in January 2002, before HHS issued any modifications to the Privacy Standards.