Well giving access to family is sensible, but I wonder what if you are by yourself.
There should be an efficient way of enabling the ER doctor.
In my head I was imagining like having a fingerprint and other biometric record in the patient's medical records (it could be useful for remains identification in case of a catastrophe).
But doctors who don't have the permission by the patient can query these biometrical information (lets say by scanning their fingerprint, iris or dental records) and instead of getting the patient's full records, they get a list of authorized members (might be primary care doctor and emergency contact) to whom they can contact to ask temporary access to them.
Now the question is, how does the system know that the one requesting such access is an actual doctor, and not an impersonator on the phone?
Uhm... I am thinking about maybe having two main attributes, one specific for patients, another for doctors.
The account for doctors can't be activated without two vouches from department heads of hospitals, or even better, signed by the medical board itself!
Maybe a system like linkedin for doctors should also be in place in this part of the system, with feedbacks from coworkers, bosses and feedback from patients.
So when a doctor gets a request to see one's patient's record, the primary care can check out the requester's profile, confirm that it is a doctor, that he is in activity (some basic stats on his performance could also be added), and even check the degrees of separation from him from all the doctors they know in common.
And once they see the guy is legit, authorizes a temporary access to the records. The only one that can set up permanent access to the records is the patient himself.
The records can't be deleted and are permanently written, and there must have logged and displayed the authorship and time of each entry. Logs should indicate entry and access to records. If there is a mistake, an amendment can be made, but it will be an extra record indicating this, never overwriting over existing records.
Patient accounts can't never ever query biometric data about anyone, there shouldn't even have an option for that.
Uhm, I think this could work pretty fine!