I've never heard of stolen a patient's data, but what's the point? The data is always in the hospital, in any case, if someone wants to know something about another person, then this can be done in any case. There who are going to invest in the project?
Imagine you are in General hospital and you are getting a heart attack... they you are transported by emergency to specialized hospital for special treatment.
What would you prefer - the guys from your new hospital to call/email your current for all of your data or have it by a click on a global chain?