Healthcare has many forces driving less than optimal outcomes.
The for profit status of treatment in "western" medicine.
Laws like HIPPA that are well intention-ed, but written by lobbyists and out of field and out of date lawyers/politicians who don't understand the actual nature of data protection or the need for a patient to be in control of their medical records in meaningful ways.
There's also the lack of a national / international identity and legal / data security infrastructure: this makes it very difficult to associate government issued IDs to patient records and requests / authorizations for limited sharing of those records.
In a less crazy world the outcome might look something like this:
Everyone has a Digital ID; this is a government issued or signed PKI based contract approval key. It would be stored in a dedicated, open hardware, firmware and software, wallet that is used only for making strong signatures.
The Digital ID allows the patient to log in to government websites and associate their healthcare coverage (ideally single payer, but if they're rich and have a luxury plan that could be linked as well) at various medical centers to their (emergency) care records. They can also actively choose to, or passively allow, the sharing of specific records from one provider to anyone else, as well as obtain personal copies of all of their records from all of their providers. Any time a provider is no longer covering a given patient stewardship of those records transfers to the government agency providing this service (and is paid for out of a general fund based on taxing providers so they don't have to deal with this).
A management matrix might also allow for general records access approval, in the case that the patient just wants their entire medical history and ongoing updates to be provided to their pool of physicians.
Through that framework outside entities can also obtain access keys and links for the records at other providers which they are authorized to view the records at.
Also; of course, all of the records would be required to be in "open, patent free, free to implement record formats as standardized by the medical industry software and equipment providers"; a specific format wouldn't be legally mandated, but the use of formats that are intended to be interchangeable would be.
What you describe more or less exists here in Spain. The (mandatory) national ID is a NFC smart card with a PKI key [1]. With that (among a lot of other things) I can login into my regional government website [2] and look at my (single-payer) healthcare medical history, download it, see who has requested access to it, restrict access to some parts of it, make an appointment, ask for a new doctor, etc. etc. Of course it is sadly more closed-source, proprietary, lowest-bidder work than your vision, but at least the idea is out there and available for millions of people already.
What if a "patient" happened to grab the records that were faxed from one office to another, or worse, someone intentionally got a common transposition of fax number for an office and captured medical records transferred by exemption?
There are many what-ifs. The intent of the system I outlined is to make good data-hygiene practices easier and thus more likely.
I'll also point out that most EHR systems aren't 'airgapped' like paper records of old, but are still connected to the internet at least loosely for security updates if not limited remote access.
If there's some specific attack scenario that you feel is worthy of discussing as a topic that positively enhances knowledge and the exchange of information please outline such a concern in a proper venue; which might or might not be this comments thread depending on the specific concerns. I merely provided a back-of-napkin idea to start from.
The for profit status of treatment in "western" medicine.
Laws like HIPPA that are well intention-ed, but written by lobbyists and out of field and out of date lawyers/politicians who don't understand the actual nature of data protection or the need for a patient to be in control of their medical records in meaningful ways.
There's also the lack of a national / international identity and legal / data security infrastructure: this makes it very difficult to associate government issued IDs to patient records and requests / authorizations for limited sharing of those records.
In a less crazy world the outcome might look something like this:
Everyone has a Digital ID; this is a government issued or signed PKI based contract approval key. It would be stored in a dedicated, open hardware, firmware and software, wallet that is used only for making strong signatures.
The Digital ID allows the patient to log in to government websites and associate their healthcare coverage (ideally single payer, but if they're rich and have a luxury plan that could be linked as well) at various medical centers to their (emergency) care records. They can also actively choose to, or passively allow, the sharing of specific records from one provider to anyone else, as well as obtain personal copies of all of their records from all of their providers. Any time a provider is no longer covering a given patient stewardship of those records transfers to the government agency providing this service (and is paid for out of a general fund based on taxing providers so they don't have to deal with this).
A management matrix might also allow for general records access approval, in the case that the patient just wants their entire medical history and ongoing updates to be provided to their pool of physicians.
Through that framework outside entities can also obtain access keys and links for the records at other providers which they are authorized to view the records at.
Also; of course, all of the records would be required to be in "open, patent free, free to implement record formats as standardized by the medical industry software and equipment providers"; a specific format wouldn't be legally mandated, but the use of formats that are intended to be interchangeable would be.