There are always reasons why unauthorized access may be needed (or, to phrase it better: where authorization should be dynamically extended), however. For instance, if a patient arrives in the ED, then a doctor who has never treated them before and normally should not have access to their records, may need to view them. So long as access is audited correctly, then the issues involved are mitigated.

FWIW, "eel case" aside, I know of clinicians being unceremoniously sacked for breaching patient privacy; and I know of NZ hospitals hiring staff to monitor the audit logs on a daily basis. It's a very big deal, and something that a lot of work is put into getting right.