You’re three hours into a five-hour drive to St. George with your kids in the back seat. Your 10-year-old asks, “Can I play Roblox on your laptop?” Your work laptop. The one with patient records, billing software, remote access to your EMR, and your practice’s entire network.
You’re tired. Distracted. And honestly, giving in would buy you some peace and quiet.
But here’s what I want every healthcare provider in Salt Lake City to hear: Holiday travel opens doors to cybersecurity vulnerabilities you don’t face during your normal office routine. From public WiFi risks to shared family devices, the opportunities for a HIPAA violation or ransomware breach multiply fast.
So, if you own or manage a medical practice in Utah, this guide will help you travel smart, protect your data, and still enjoy your holiday without dragging along IT stress. These are the same tips our team at Qual IT gives to clinics we support year-round.
Before You Leave: A 15-Minute Cyber Checkup
This quick checklist sets you up for safe travel:
Device Hardening (for laptops, phones, tablets):
- Run all OS and software updates (especially your EMR, VPN, and antivirus)
- Back up critical data to a HIPAA-compliant cloud
- Set automatic screen locking (2-minute timeout max)
- Enable remote wipe and tracking
- Charge a power bank (and don’t forget your own charging cords)
Family Device Policy:
- Set boundaries: "This device is for work only."
- Prepare a separate tablet or laptop for the kids (with restrictions enabled)
- If you must share a work device, create a separate, non-admin user profile
Pro tip from a Salt Lake IT provider: A $150 tablet is cheaper than a ransomware attack, breach notification, or audit fine.
Hotel WiFi Is Not Secure (No Matter What They Say)
Medical professionals love efficiency, but fast hotel WiFi isn’t worth the risk. Here’s why:
- Most hotel networks are open or minimally protected
- Rogue access points are easy to set up by attackers
- Your EMR login, ePHI, and admin credentials could be intercepted in minutes
Stay safe by:
- Verifying the exact network name with the front desk
- Using a VPN for any connection to billing, records, or patient messaging systems
- Relying on your phone’s hotspot for secure access to sensitive systems
- Keeping business and entertainment separate (kids stream cartoons, you hotspot into your EMR)
The "Can I Use Your Laptop?" Trap
Let’s be real: kids click things. Pop-ups, ads, random downloads. None of it is malicious, but on your work computer? It’s a compliance nightmare.
Best practice: Don’t share your practice device.
If it’s absolutely necessary:
- Use a guest account with no install permissions
- Supervise usage and restrict web access
- Never save their passwords or enable autofill
- Clear browser history and cache after use
Better yet? Bring an old Chromebook just for the kids.
Streaming On Hotel TVs: The Forgotten Logout
Whether it’s Netflix or YouTube, logging in on a smart hotel TV opens up another risk: leftover logins that stay after checkout.
Security reminders:
- Never log into work accounts (EMR, billing, portals) on hotel TVs
- If you use personal apps, set a reminder to log out before checkout
- Cast from your own device when possible or download content in advance
Lost Device? Here’s What To Do Immediately
If your laptop, tablet, or phone gets left at a rest stop or lifted from a hotel room:
Within the first hour:
- Use “Find My Device” to locate it
- If unrecoverable, lock and wipe it remotely
- Change passwords for any connected systems or logins
- Alert your internal IT manager or your MSP (like Qual IT) to revoke access
Before you travel, your devices should have:
- Full disk encryption (BitLocker or FileVault)
- Strong passwords (no birthdays)
- Remote wipe and tracking enabled
If a family member loses a device with shared logins, treat it like your own. Reset passwords and deauthorize connections.
Rental Car Bluetooth: The Surprise Risk
Most rental vehicles store call logs, contacts, even app data. If you pair your phone to play music or use GPS, that data often stays behind.
Quick fix before returning your car:
- Clear the device from Bluetooth settings
- Wipe recent destinations from the GPS
- Avoid pairing at all if you can use an AUX cable
The Working Vacation Boundary Problem
Many practice owners can’t fully unplug. But mixing EMR tasks with poolside distractions creates opportunities for mistakes.
Here’s how to stay sharp:
- Set designated times to check work email or messages (and stick to them)
- Use only your hotspot for work
- Step away from family areas when working (private room, not poolside)
- Never log into ePHI portals in public areas
Your team can hold the fort for a few days. Your family deserves your full attention. And your practice deserves your full focus when you're back.
A Holiday Without HIPAA Headaches
Traveling as a practice owner or clinician doesn’t mean you have to expose your systems to risk. With the right preparation and mindset, you can:
- Stay compliant
- Protect your EMR access
- Prevent ransomware and phishing attacks
- Enjoy your holiday without dreading what’s happening back at the office
Need help setting up your practice for secure travel?
Click here to book your free network assessment
At Qual IT, we provide Managed IT Services for Salt Lake City medical practices who are ready to simplify compliance, strengthen security, and finally t
