I doubt anyone would disagree with you, but despite all of the “paperwork reduction” garbage of the last 20 years, patient charts are still stored on paper in many places. Healthcare workers are some of the most notorious for working around IT security policies, and most healthcare IT shops let it slide; because doctors are the income generators for healthcare organizations, and if they’re inconvenience, they’re often the squeakiest wheels. You just simply don’t tell a doctor “no” without reaping a shitstorm.
Shielding the physician name from public notification supports the failure to protect personal patient info. A HIPAA fine would be appropriate here too. Public shame and pocketbook hit from outside the facility would have more influence. The minimum HIPAA fine is $100 per violation, up to $25,000.