A number of other systems resolve this through ACLs as the identity provider user service is separate from the user-type or user-role. Having the separate tables provides an additional safety check that patients are not inadvertently mixed in with clinicians. The downside is what we are facing right now is both the duplication and decentralization of both authorization and authentication systems.
For example right now there is no way in the system to provide a more restricted subset of data to a representative of a patient that the patient has authorized to have access to only that subset of data. With FHIR the patient could sort-of hack this by granting a 3rd party app certain resource scopes (for example access to just their immunization and allergy information) and then share their account credentials to their authorized representative, but that is pretty hacky in my opinion.
Anyways, food for thought, the codebase is open and available and we welcome people contributing whether that be documentation or code.