It all depends upon the technology used. We use citrix to access our EPIC EMR from home. Citrix opens a window to the secure server. Nothing is stored on your laptop, everything is behind the firewall. And we use a keygen to generate a random key every minute you need to log in -- so even if someone steals your password, they still can't access. And all work machines have encrypted hard drives, so if someone steals it nothing can be taken, Will all places be this security conscious? Probably not, but you might be surprised.
Honestly, the biggest place you can get into trouble is a research project. In general, nothing from the medical record should be on your computer itself -- everything should be in the cloud. Same is true for your own work files -- you'll usually end up with some sort of server based account to save your documents in, and hence if your computer is stolen / broken / etc, all of your files remain backed up. But often I find residents work on their research projects at home, and then it's easier to keep a local copy of your data. If so, if your data has any PHI in it (and PHI is more than patient names!), you MUST put a password on your Excel file (or whatever else you are using). That way, if the file is lost / stolen, you are not in trouble at all (although getting around Excel's passwords wasn't all that hard awhile ago).