Some questions not answered:
Did the OP ask the IT department what sort of services they are capable of providing? Hospital IT departments are usually in the habit of trying to provide departments with what they need, as department heads and doctors generally win the battle for "I want ________" when it goes up the chain.
Did he inform IT of his plans prior to executing it, or just bring in a server and set it up, then start asking for access? If he did the former, they might have worked with him, providing him with rackspace, security, and expert administration so that his workload was limited to application administration. if he did the latter, he's lucky they haven't made an issue out of it and gotten him written up.
Did he make sure he's not violating any federal regulations regarding patient data security? A rogue server on the network is a MAJOR security threat, no matter how competent the administrator is (or believes himself to be).
Did he think about the precedent this sets? If every department decides to go running their own servers on their own terms, IT can't support them and the whole hospital steps back about 20 years in how their network functions.
Did he consider the idea that maybe the service he's setting up for his own department might be useful to scale to the entire hospital at a later date? it sounds like he's found a service he considers worth putting a lot of effort into providing...for just his department. If it's good for radiology, it's likely good for lots of others. But HIS server probably can't accommodate that scale. HIS server isn't centralized. HIS server...well, is his.