If you start from a place of distrusting your medical professional, now you need a way of uniquely identifying them in a way that can tie back to them for accountability purposes. So we've introduced some kind of notarized identity service.
Furthermore, doctors are only going to read the most recent entry for any given data point: doctors won't read the entire file, especially in emergency situations.
Just because the status quo and doctor's behaviour is currently a certain way, doesn't mean it's the right way. The efficiency lacking in our health-"care" systems is astonishing - there needs to be self-regulation mechanisms and accountability.
Emergency situations is an orange if everything else is an apple, so of course there can be protocol and acceptable boundaries for each.
Humans are humans, mistakes can happen - especially that we aren't aware we're making, and therefore bound to make them again. Accountability will lead to necessary learning and improvement.
1 extra level of security? Perhaps the added cost of the system doesn't warrant it, perhaps there are better ways to mitigate.
I'm not an expert in the area and don't know the nuances as much as I'd like, like I've wondered if there's a way to have 2 keys - so in the case of blackmail, you give a different key than normal, which will work - however then there's a way to trace.
Obviously the best system is having a system of governance that is stable and accountable. The situation to perhaps design for is say tyrannical dictatorships that may rise.
I suppose the most important aspect of git would be redundancy of data, along with perhaps immutable and/or offline archives; evidence may be changed without anyone ever knowing though to check, unless perhaps there were regular (every 5 years?) consistency checks between archives and present-day/online historical data?
