In the short time since it became effective for health care organizations, a privacy regulation issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has had a significant adverse impact on the conduct of clinical research in the United States, without a substantial corresponding increase in privacy protection for research participants. Some of the problems associated with HIPAA have been resolved through revisions since the regulation's initial promulgation in December 2000, and other problems can be addressed by better educating health care providers and researchers about its requirements and available alternatives for compliance; however, considerable structural challenges remain. These constitute substantial barriers to research and resulting medical advances. Additional revisions to HIPAA based on the principles and trade-offs reflected in the Common Rule-which responsibly balances an individual's interest in privacy protection with the public interest in gaining knowledge through biomedical research-can go a long way to remedying remaining flaws in the system.