So a dilemma.
The IT people are trying to avoid violating patient confidentiality laws. Furthermore, they're also trying to avoid getting critical medical equipment hacked, which means for them lives are at stake.
But at the same time, actual medical personnel need to be able to call up critical information on a moment's notice, especially in Emergency Room situations, which means for them lives are at stake.
So security is running smack into ease of use, and this time BOTH have a legitimate, "lives are at stake" justification, so a compromise is not acceptable. What's needed is a spectrum-breaker: something that is actually BOTH very secure AND dead easy to use at the same time.