I work for a company that produces SW for the health care industry, more specifically nursing homes. We live in the guts of HIPAA compliance. The programmers commonly build in the roles so the nutritionist can see what they need to see, the physical and occupational therapists are limited, the financial people are separated from the clinical.
The setup and assignment of roles are relatively easy and logical.
Then the support people get called to see why data is messed up. I then get to delve into the GUIDs to see who did what. I then find the lowly nutritionist is in a clinical administrator role that should be reserved for the Director of Nursing. The accounting clerk who is in charge of payroll only has a role assigned that allows them to see the resident trust and A/R. They could issue an invoice and divert the funds.
And when you talk to that end-user, you realize they can barely type up a letter in MS Word, let alone actually having been trained to use our SW properly. And on-line training is free. The implementation training is done as a "train the trainer" method.
I will admit that it can vary depending on the size of the facility or chain, but it is too common to be considered our fault.
This is as bad as back in the NT4 and 2000 implementations. You walk into a large company that they invested in IT and you would see laid out groups and users. You walk into a small company and half the user were admins, and didn't even know it. The same thing is happening with the HIPAA standards.
The problem is even worse because most of the medical community doesn't consider computers as their primary tool. It is a bothersome side effect they have to use. Or worse a necessary evil. Add in that a large portion of the jobs in some medical fields, such as transport, minor bedside care, and others are filled with persons that are English as a Second Language (ESL).
We have three separate small companies in a minor metropolitan area that contracted with the same IT contractor. We, on the support team, had to rescue his butt from several issues more than once. It was so bad that he physically sent us a server to recover the data after the facility's server crashed.
"After you've done a thing the same way for two years, look it over carefully. After five years, look at it with suspicion. And after ten years, throw it away and start all over." --Alfred Edward Perlman
But I also do put some of the fault on the SW companies as well. If you can ever get around the desk and see the SW that some of the hospitals are still using -- you will see SW that is based off of Foxpro, VB5, DBase V, VPro5, and other ancient programming technology.
Most of the healthcare SW companies don't have the weight of M$, Oracle, formerly SUN, and the rest. They can't say "We won't support WinXP any longer." If they do then they can lose a 1/4 of their market. The five doctors in a small practice don't consider that the cost of upgrading 15 work stations and a server to Win8/Server2008 worth the money.
So don't necessarily blame the programmers or SW support staff. It is all a compromise between all parties.
A little bit of this and a little byte of that can cause bloatware.