You're going to want to look at HIPPA requirements for a better idea of how to properly secure health care data. I don't know if you care about creating a compliant solution, but the requirements would give you a good idea of the data protection concerns related to the storage and use of medical records.
Discussion
Yep, we already have people on it :) every thing will be HIPAA compliant
I think it's a great idea. Medical records are traditionally a black hole where you don't really know who has them, or how to go about reviewing them. You'd think records of such a personal nature would be securely in the possession of the individual, and up to them to decide who gets access to them.
Is it possible to contribute? I work in the behavioral health space which has additional considerations.