With an increasing trend in personalised healthcare provision across Europe, we need solutions to enable the secure transnational sharing of medical records, establishing granular access rights to personal patient data. Access rules can establish what should be accessible by whom for how long, and comply with collective regulatory frameworks, such as the European General Data Protection Regulation (GDPR). The challenge is to design and implement such systems integrating novel technologies like Blockchain and Data Lake to enhance security and access control. The blockchain module must deal with adequate policies and algorithms to guarantee that no data leaks occur when authorising data retrieval requests. The data lake module tackles the need for an efficient way to retrieve potential granular data from heterogeneous data sources. In this paper, we define a patient-centric authorisation approach, incorporating a structured format for composing access rules that enable secure data retrieval and automatic rules conflict checking.