I was recently involved in adding network connectivity to a CE marked automated PCR analysis IVD in order to integrate it with hospital patient management systems. The partner companies to which we went who are widely used to provide middleware to integrate devices with NHS IT systems were very surprised when we showed them our implementation that used Atom feeds over HTTPS requiring client & server certificates.
It seems that most of the other devices they'd integrated use unencrypted transfers over the hospital LAN with little or no access control.
I've also been in many a hospital where unprotected Ethernet ports are dotted around everywhere including in waiting rooms.
I'm never going to agree to let the NHS centralize my medical records.