Nostr EHR: Document upload brought up a lot of flow and security questions. Ultimately set up a practice blossom server(NIP-B7). Documents are encrypted w AES-256. Copy of ciphertext goes to blossom. Aes key inserted into FHIR document reference, which all gets dual-encrypted via nip-44 and publishes to practice relay. 
So both the practice and the patient can decrypt the one event because of the dual-encryption.
If/when a patient leaves the practice, they can go to a new practice that runs on nostr. Share their npub (like giving an insurance card). Patient shares records with provider using the providers npub, via patient portal. The portal uses the pt nsec and re-encrypts their data (including uploaded documents on blossom) for the new practices pubkey and publishes it to the new practice relay which opens up in the EMR/EHR
I think this is the first patient-portable dual-encrypted health record system where a single private key gives a patient ownership of their medical history across any provider who runs the software. Whether it's useful depends on if it is adopted. But it is possible.