HIPAA's privacy regulations require covered entities to protect the privacy and security of patients' protected health information (PHI). This includes obtaining written authorization from patients before using or disclosing their PHI, with some exceptions. To ensure compliance with HIPAA regulations, covered entities must use standardized forms to obtain authorization from patients.