Comment USA has HIPAA Privacy Laws (Score 1) 1307
In the United States, the hospital as a whole is legally responsible for maintaining the privacy of all patient records. You are asking to open a port that has a very high probability of transmitting patient records (for example patient names, appointment schedule time and exam type) to hand-held devices that are taken off hospital premises and frequently lost, stolen or casually discarded when upgraded. iPhones do not have passwords or encryption turned on by default. Calendars are frequently shared between multiple calendar services like Google and Yahoo.
I think it is completely inappropriate for you to provide this service outside of the enterprise environment in the first place. I believe that your IT group is being excessively lenient allowing you to do it at all.