Do you really need a blockchain? Blockchains are in my opinion very heavyweight given that you have to store it on every (full) node, and there is also the issue of incentivization. Who would validate the new blocks? If it’s a centralized service, then there is no point to use a blockchain to begin with, you might as well use directly a centralized API. If it’s a decentralized verification system like Proof of Work or Proof of Stake, then you have to reward the validators of the blocks.
Storing the relevant files on the IPFS network should be more than enough in my opinion. In order to give access to the data only to certain people, you can use a secret key system: for example all the physicians would share a secret key that would encrypt and decrypt the files used by the website. Yes the data would be public (provided you have its CID), but noone except the persons who know the key can read it. This feature is not natively implemented yet in IPFS, but it’s on its way. You can implement your own encrypting system for the time being.