Re: How many more ...
You overestimate how well connected healthcare systems are. There is very little way for a system to know if a user has a link to the record being accessed.
Doctors work bizarre shifts, cross-cover numerous teams, may have to emergency cross-team outside of normal processes, staff may have to be brought in a few hours notice, one doctor may informally ask for advice or 2nd opinion from a colleague that isn't on call or dealing with the patient. It's a similar thing with nurses, there may be emergency cross-cover or deployment to one or multiple wards or multiple care teams. You couldn't possibly flag every access where there isn't an obvious link. On top of that, data quality in the NHS is notoriously poor, with incorrect team assignments, etc. rampant.
You are limited to very broad brush limits - such as reception staff should have access to the appointment list, but little else. Lab technical staff should have access to laboratory systems, but limited access to other systems.
There is another issue about what you do with "VIPs" - not necessarily celebrities, but people who might pique the interest of certain staff members (sports personalities, politicians, etc.). As an example of how this can go wrong, the admin of a EHR, set his record to "VIP" to stop prying eyes. Except when he ended up ill in A&E in the milddle of the night, no one could access his record to order an X-ray, or order blood tests, or even log in the attendance. Never mind not being able to access the prior records - there was no access to anything, he didn't exist, unless you were logged in as sysadmin. So, the only way to get this sorted, was for him to log in as admin, and clear the VIP flag, before any of the medical staff could get access.
The VIP issue has been partially solved with a "special search" or "break glass" function. VIP access is suppressed, unless the user opts to perform a "VIP search" which requires them to log in again, and provide a written reason why they are performing a VIP search, which is then logged and flagged for a manager to audit at a later date.
Biting the hand that feeds IT
