System and method for a patient controlled electronic (client-server) medical record system that can be used by patients, various healthcare professionals, and even emergency medical services. Patients set up the system, own and control the data, and authorize selected healthcare professionals to enter notes and other medical records (which may be imported from various legacy medical record systems) into the patient controlled system. The healthcare professionals can also retrieve data from the system according to various levels of patient authorization. Security is maintained using a combination of machine readable ID codes and patient PIN numbers, and emergency medical services personnel may also be granted at least lower level access to the system even without PIN codes, which is useful when patients are found in an unresponsive state. Other system functions, including automatic appointment scheduling, automated physician enrollment and referrals, and various messaging functions are also described.