Electronic patient records (EPR) may contain highly confidential and personal medical information. It is therefore essential that medical data is properly protected and managed. Today, it is widely recognized that patients have a right to selfdetermination and to exert control of their own medical data by consent. In this paper, we present a cryptographic EPR access authorization scheme that incorporates patient consent as a basis for granting EPR access to medical teams or practitioners. This ensures that only the medical practitioners specified by a consenting patient are granted EPR access. If a patient is unconscious, the variation of the scheme allows an emergency or security team to act on behalf of the patient.