The health data base is very well protected from what I know. And access is strictly monitored. If patient notes are viewed by someone who does not need to view them, they face harsh discipline. I recall a case from when I used this database a long time ago. In terms of high profile issues with it, the current eel-in-arse story is going to result in action and this is being done via the systems user tracking.
http://m.nzherald.co.nz/nz/news/article.cfm?c_id=1&objec...
If they are monitored and if unauthorized access is prevented by "harsh discipline". then they are not protected. Protection is proactive not reactive.
There are always reasons why unauthorized access may be needed (or, to phrase it better: where authorization should be dynamically extended), however. For instance, if a patient arrives in the ED, then a doctor who has never treated them before and normally should not have access to their records, may need to view them. So long as access is audited correctly, then the issues involved are mitigated.
FWIW, "eel case" aside, I know of clinicians being unceremoniously sacked for breaching patient privacy; and I know of NZ hospitals hiring staff to monitor the audit logs on a daily basis. It's a very big deal, and something that a lot of work is put into getting right.
Edited for spelling