Exactly, barriers to looking up a patient's information can be fatal. I need to give someone medication now to stabilize them. What medications are they on now? Can't look it up? Better give it to them and hope there's no adverse reaction.

Better to avoid that situation and implement auditing while making sure people know the rules are enforced.

"override authentication" -> You have chosen to override the authentication protocol, you are logged in as John Doe, all your actions will be subject to internal affairs review, continue yes / no?

That tends to happen when the user logs in, so they'll probably see it multiple times per day. I think that's pretty standard. The system doesn't have to be the wild west. But if someone can click through an authentication override then it's not really doing anything.