The tech that needs to run on NHS clients can't be that complex, surprised they don't just modify a Linux build or something and put that on. Would be way easier and cheaper and could make it just as intuitive to use as a tablet or something. And it would be a lot easier to roll out in-house patches to security vulnerabilities. Also it should be scaleable (so somewhat future proof) and able to run on low spec PCs.
I think it's complex because there would be a lot of 'bespoke' things they want doing with it. It's easy enough working out how to do it so that it'd work when a handful of computers used by a handful of people would use it but it gets more complicated because of working out every single possible combination of every single use that could possibly be done (for every single layer of permission for each level of staffing).
My company works for a bunch of publishing companies and nobody has a completely robust, foolproof system when the layer of complexity required for them is much less complex.
Another problem for the NHS is that there are a lot of hoops to jump through to tender for a public sector contract, and there are only a handful of companies that are able to even do a job that big - when you have so little choice of suppliers I could appreciate you'd be inclined towards caution about changing things that currently work just fine.