thanks!
keeping the medical records off-chain and using a smart contract to regulate access and permissions is one potential option. Together with the access limitations and permissions, the smart contract can be used to store a hash of the record or a reference to the off-chain storage site.
This strategy would allow the data to be stored off-chain, where it can be controlled more effectively, while still allowing the smart contract to enforce the access control and permissions for the medical records.