Comment Just a little overboard... (Score 1) 555
I do home tech support for someone who works at what I assume is the same northeast hospital & was asked about this.
Requiring full disk encryption or anything that's on or connecting directly to the network seems reasonable for all the reasons stated above; it's their network, they have compliance obligations to meet & systems to protect, etc.
The part that gets me is the request to encrypt or install stuff on any machine connecting to webmail - seems to be a reaching a bit. If said hospital wants to provide webmail it's their choice, fair to assume they do it for their own goals of getting more out of their employees. If they're willing to lose the productivity... turn it off. Attempting to impose security requirements on end user machines for a web application is a fool's errand, you'll never get 100% absolute perfect security & you're gonna piss a lot of people off trying. Secure the web app as much as you want, but that's where your control ends.
-j