OP,
You sound some what security conscious so I would ask you the question: Would you let the IT guy plug a small server into your home network. Would you let IT guy plug the server into your home network if he gives you a regular user account on the machine? Would you let IT guy plug the server into your home network if he gives you a root account on the machine? If you are actually security conscious I assume that you would answer no to all 3 questions. A better solution would be: why not plug your little server into your home network and punch open the hole in your own firewall. You would have full control, and would never have to give IT guy an account. In the mean time you can keep pushing them to set up the service on an official hospital machine.