The MGH Institute of Health Professions requires that all portable devices, connecting to the secure network, be encrypted or password protected:
- Partners Healthcare Policy, please review the policy by clicking on the link.
- Massachusetts State Law, please review the law, in its entity by click on the link.
- Thumb Drive
Review the laptop requirements to view what encryption would be most appropriate for your portable device.
All such devices can access PHI /PI that resides or is stored in clinical information systems, email messages and other types of files. Technically, some of these devices retain a copy of the accessed information or can store a file, as can be done on a laptop or USB drive.
Encryption of laptops and USB drives is mandated by law within the Commonwealth of Massachusetts. All organizations that provide mobile access to confidential information must encrypt laptops and USB drives. This applies to any organization in any industry.
In addition to state law, a student’s educational record is protected under FERPA, a federal law protecting student confidentiality. The student’s educational record consists of assignments, grades, email messages and other information designated by FERPA. Under state law and to be in compliance with FERPA, all devices that are used by faculty, staff, administrators and students for educational or clinical purposes, whether owned by the Institute or by the individual, must be encrypted or password protected.
When a laptop or USB drive is encrypted the contents are translated into an unreadable format. When you create and eventually enter your password on an encrypted laptop or USB drive you are able to read the contents of the device.
Cell phones, iPads and other such mobile devices are password protected as a layer of protection. There is currently no encryption method available to implement on these mobile devices.
Yes, most definitely. If one of your personally owned devices is lost or stolen, the information on this device cannot be accessed if it is encrypted. If you pay bills or shop online, or store usernames and passwords on these devices, this information can assist a thief to access these accounts and potentially steal your identity. In order for a thief to use a stolen laptop which is encrypted, they must remove and throw away the disk drive and install a new drive and install new software.
Encryption is a best practice to protect your personal information!
If you need assistance with accessing HealthStream contact the Institute Help Desk.