Encryption Information


The MGH Institute of Health Professions requires that all portable devices, connecting to the Institute's secure network, be encrypted and password protected:

Portable Devices:

  • Laptop
  • Tablet
  • Smartphone
  • Thumb Drive

Review the laptop requirements to view what encryption would be most appropriate for your portable device.


Why are we required to encrypt or password protect laptops, USB drives and other mobile devices?

All such devices can access PHI /PI  that resides or is stored in clinical information systems, email messages and other types of files. Technically, some of these devices retain a copy of the accessed information or can store a file, as can be done on a laptop or USB drive.

Encryption of laptops and USB drives is mandated by law within the Commonwealth of Massachusetts. All organizations that provide mobile access to confidential information must encrypt laptops and USB drives. This applies to any organization in any industry.

In addition to state law, a student’s educational record is protected under FERPA, a federal law protecting student confidentiality. The student’s educational record consists of assignments, grades, email messages and other information designated by FERPA. Under state law and to be in compliance with FERPA, all devices that are used by faculty, staff, administrators and students for educational or clinical purposes, whether owned by the Institute or by the individual, must be encrypted or password protected.

What is the difference between encryption and password protection?

When a laptop or USB drive is encrypted the contents are translated into an unreadable format. When you create and eventually enter your password on an encrypted laptop or USB drive you are able to read the contents of the device. Password protection on its own does not translated and encrypt the contents of a device.

Are there added benefits and a best practice to encrypt personal laptops and USB drives?

Yes, If one of your personally owned devices is lost or stolen, the information on this device cannot be accessed if it is encrypted. If you pay bills or shop online, or store usernames and passwords on these devices, this information can assist a thief to access these accounts and potentially steal your identity. In order for a thief to use a stolen laptop which is encrypted, they must remove and throw away the disk drive and install a new drive and install new software.

Encryption is a best practice to protect your personal information!

If you need assistance with accessing HealthStream contact the Institute Help Desk.

Back to Top