The hardest technical challenge Ive come across for this Nostr EHR is multi user access. So much so that I think this is where the project forks depending on needs; enterprise versus private practice. Currently I'm faced with three options:
1.Shared Practice key via Nip-46 (Nsec bunker). Bunker whitelists staff npubs. Revocation of privileges possible. However, its dependent on bunker being up to publish to the relay and nsec bunker is new and untested. Any troubleshooting turns into option 2 with more steps.
2.User keypairs with the practice key. Practice key encrypted to staff pubkey. Staff logs in w nsec and stores practice key for the session. Clean and simple. Makes for low latency but now practice key is on multiple machines. Privileges are limited by UI only, which is similar to current EHRs, but cannot be revoked. Revocation of privileges requires practice key rotation, which can be a lot of work.
3.Staff signs with their own keypairs. Becomes a group of whitelisted keys and each clinical event is encrypted for the group+ patient keypairs. Clean revocation and audit trails but requires a huge architecture change since the current setup revolves around the single practice key. This would be ideal for enterprises.
I'm leaning option 2 for this project but the truth is 3 sounds ideal. I'm gona think about this one a bit.