All such devices can access PHI /PI that resides or is stored in clinical information systems, email messages and other types of files. Technically, some of these devices retain a copy of the accessed information or can store a file, as can be done on a laptop or USB drive.
Encryption of laptops and USB drives is mandated by law within the Commonwealth of Massachusetts. All organizations that provide mobile access to confidential information must encrypt laptops and USB drives. This applies to any organization in any industry.
In addition to state law, a student’s educational record is protected under FERPA, a federal law protecting student confidentiality. The student’s educational record consists of assignments, grades, email messages and other information designated by FERPA. Under state law and to be in compliance with FERPA, all devices that are used by faculty, staff, administrators and students for educational or clinical purposes, whether owned by the Institute or by the individual, must be encrypted or password protected.