Any (half) decent "secure" OS has the option to audit. On NT and higher (2K, XP, 2K3, Vista) there's an option to audit the reading (or writing) of files. It would have to be turned on but could be used to trace who read the files and when. But as I said, if the culprits used some livecd it would bypass this.

But ofcource, a lot of people tend to write down their passwords. Perhaps the appointment book could contain a password for some (other; external) system? Then the culprits would login that system (using the stolen password) and access the data? At least that's something that could show up in all sorts of logs (accesslogs, audit trails, etc.) and could be traced.