If you need HIPAA, your IT lead would research what has this before buying. After the fact, not going to end well and some may yelp.
But given what we know about smart phones, did you really think it's secure? Apple may have the better idea on this.
Does Nougat allow for entire partition or device encryption?
My Samsung S8+ phone appears to have no settings which would enable encryption, but after a recent update one message on the screen told me I'd have to re-login because the phone was encrypted. A Samsung customer service rep said that the phone is not encrypted and that DirectBoot is the only option, unless there are 3rd party apps. I've not found any such apps.
Encryption of sensitive data is important requirement for professionals who are subject to HIPAA regulations. Of course, it's important for clients, too!
A number of articles recommend using Nougat's file encryption using DirectBoot for file or directory-level encryption. Unfortunately, contacts and the messaging app can't be placed in the encrypted area, which means that protected information (e.g., client names and contact information) would be exposed.
Prior versions of the Android OS allowed entire partition or device encryption. Perhaps the customer service rep was misinformed. Does Nougat on the Samsung S8+ still have entire device or partition encryption?
If not, are there apps or other options for protecting names and contact information?