The hospital can be sued for not complying with HIPAA, but that's got nothing to do with what happened here (nobody's privacy got breached, did it?).
The HIPAA issue deals with private information on an insecure public netork... though it is a seperate issue.

The real issue is why this information was stored in such a bad manner... most likely it was from either the execs trying to cut corners or someone in administration just doing a bad job. In any case, they clearly didn't secure the information according to best practices and are responsible accordingly.

The doctor may have given a standard treatment to the patient who had an exotic allergy. the doctor assumed that no allergy as mentioned in the record, so one must not exist. Since the doctor worked with the information they had and were clearly not just attempting to cut corners the DA wouldn't even attempt to hold them accountable.

cheers,

catch

PS. There is no mention of Administration informing the doctor of the situation.