Interesting. All the clinical applications should be running over SSL/TLS (Encryption protocols that you will use to access your bank accounts over the Internet), and be authenticated via a 2 tier authentication system (via a smart-card i.e.something you have, the card, and something you know a PIN, as well as a username and password). So, even if they are running wireless, you'd need to hack/crack strong encryption protocols or a some bug or bad implementation. Not an easy task. The problem is a lack of understanding: i.e. If you sniffed the traffic with your pocket pc you'd see no clear traffic,it would all be jumpled(encrypted). You most certainly wouldn't be able to access any NPfIT applications. Even if WEP is present, SSL/TLS mitigates the inherent weak implimentation of RC4(The main weakness in the flawed WEP in WiFI) in WEP. Also remember everything is logged, and don't forget, the Computer Misuse Act!, mainly unauthorised access is a criminal offence.