HIPAA policies outline the lawful use and disclosure of protected health information (PHI). The Privacy Rule establishes national standards for the protection of individuals’ medical records and other personal health information. The Security Rule establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. It is recommended for organizations to perform a periodic, technical and non-technical, evaluation to determine whether or not your policies and procedures meet stated requirements.