I'm with you on being surprised that personal equipment is allowed to connect to a hospital internal network, even more so if it's carrying patient info. Many hospitals, however, do provide public wifi networks for their patient's and guest's convenience (as well as secure wifi for portable equipment).
As someone who both wrote hospital apps as well as ran the hospital IT department, I'll say that people employed for longer than 10 years in the hybrid of healthcare and IT will tell you that way back in the dark ages of the mid-90s, before HIPAA: the Health Insurance Portability & Accountability Act, there was HIPPA: Health Information Privacy Protection Act. HIPPA was finally discussed in House hearings in 1996. The transcript is online. It was the subject of much discussion in '93 - '95 among the Medical Records and Hospital IT groups.
HIPPA (PL 104-191) was an umbrella act to amend the IRS code "to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes." Some, but not all of the privacy protections in HIPPA made their way into HIPAA.
EPIC has a good Bibliography on the Confidentiality of Health Information.