For Pete's sake
Every cash register in pretty much every pub in the country has a token login based on a physical widget attached to the operator with a bit of string.
It's not a difficult concept.
Make the same widget responsible for opening doors and doctors won't be able to lend theirs to others.
Of *course* doctors aren't going to sit down and remember passwords for a dozen different systems; they're busy doing doctor things. Security per se is something that gets in their way and like any other human they'll do their best to avoid it. But an ID card in a slot not only provides access to systems but provides an automatic logout. Sure, it's not as secure as a widget *and* a password, but how secure is it now? The primary driver here is access to the records of the patient the doctor is treating *now*.