i've heard horror stories
about some of the IT setup in a local hospital. The first thought i had when i heard the behaviour, was that the staff need some sort of physical token as a username, like an id card that they also need to get through doors, to use any form of IT system.
There seemed to be no sort of accountability for anything, people leaving their accounts logged on for other people to use, passwords on post it notes. random people wandering in and copying files onto USB sticks "because they're a doctor, they must know what they are doing!"
Some of the systems seemed completely baffling, like the lack of any sort of consistent identifier for patients, if you can't get that right, you have no business being open!
it's a shame the NPfIT is such a bag of spanners really, as it's desperately needed to for the IT systems to be looked at! I mean properly looked at too, not just buying a commercial system because their reps gave out the nicest freebies!