I hate to say this but... your probably talking bank. wordpress/woocommerce/typeform, not gonna do it. If were talking doctor / patient confidentiality, that thing has to be SECURE. Its gonna need a good auth system and since there is the potential to break doctor / patient confidentiality, I dont know if storing this info on something like oAut or google auth type thing is good enough. And since you want the ability for the patient to access data, that would have to be server secure as well AND retained for seven years (my father was a Dr., but that number might be greater / smaller).
You might want to consult a lawyer to check what EXACTLY is needed, you don't want to get sued. That would be the first steps otherwise its hard to give an estimate but I'm thinking, not cheap to be done right.