My first reply was probably a bit vague but it's not clear exactly what you're planning to do.
Anyhow first off, remember this is simply a user to user forum and is not an Apple staffed technical advice area so no one here can accept any responsibility for the implementation you attempt.
If you intend to do anything that could potentially compromise patient confidentiality you must get appropriate advice from suitable agencies including your IT dept and probably Apple itself. Depending which country you are in you will be subject to local healthcare laws aimed at protecting patient confidentiality.
As users we know next to nothing about AppleTV under the hood security.
AppleTV runs a version of iOS just like iPhones and iPads.
There is no antivirus/firewall software for iOS as it's already pretty locked down.
That does not mean it is 100% secure as nothing is, and all these devices can potentially be hacked.
AppleTV itself does not store any content permanently, losing data when it's unplugged, so that is probably not an issue unless someone was going to attempt a forensic style data rescue from the internal components.
If your IT dept allows iPhones or iPads on the network then in principle it's the same, and in many ways less of an issue as it doesn't support 3rd party apps, only a small selection of features from Apple and selected partners.
I assume for your whiteboard plan this would entail using a touch screen like an iPad for mirroring. Be aware that fullscreen mirroring will send a 4:3 image to the display as the iPad screen is 4:3 not 16:9 (widescreen).
You need to work with your IT dept to assess the feasibility of what you want to do - unless you need internet access, to me it would seem a standalone local network without internet connectivity might remove some concerns about devices connecting to the main hospital network. Maybe their concern is simply wifi and possible interecption of data sent to the AppleTV - this would likely be a proprietary screen sharing format for Airplay but it could still potentially be intercepted on wifi though I can't really see why anyone would want to as the data would probably be pretty useless to them unless this was a specific attempt to capture Airplay streams and people knew what they were doing and had compromised your wifi security.