I like the proposal to maintain an identity that can match data to the correct patients. Verifying that a particular ID in a particular database matches a specific real person is a good use case for attestations on a shared blockchain. That will make it easier to be confident that if we send data to that person, the data.
However, it seems unlikely that you would need a blockchain for data tracking in this architecture. You send the data to the human, and the human distributes it. In this case the data itself carries a signature and a hash from the provider that indicates where it came from and who it is for.
There is a lot of complexity in the system shown in the charts, because it assumes that data gets sent out to many parties. Sending it from the human simplifies this, because the human automatically is granting consent. However, that type of data distribution would become obsolete in many cases, if we can send code out to analyze the data in place. This would improve privacy while greatly simplifying institutional relationships. That would be an option if you used a more sophisticated data store.
So, you need the identity system as described for Clinical Blockchain. Once that is established, a human centered data architecture will greatly simplify data handling and consents, and reduce the need for entanglements with slow and small public blockchains.
I would encourage you to think about a more sophisticated data store than dropbox, perhaps using HumanDB.