I don't know whether you are a European citizen, but anyway, please be aware that whenever you "record" in any way: digital or written on paper, data that are identifying univocally a European citizen you MUST comply with the European law EU679/2016 GDPR (General Data Protection Regulation).
This means that your app must grant that no unadvertent loss nor voluntary data theft can happen. This implies that you shall implement measures to guarantee pseudonymity and/or anonymity of the users whose personal data are stored into your database. This is strongly applicable since you store also data regarding their health and phone numbers.
I say that not to scare you, but because I've been the responsible for the cybersecurity (CISO) and privacy (DPO) for a multinational company, whose plants are spread worldwide, for many years and I've faced (read: fighted !) a lot with such matters. So, before spending time on technical aspects, please be sure that your app and the related database will be compliant with the Privacy laws (almost every country has one equivalent to the GDPR: PIPL in China, CCPA In USA-California; FLPPDHPP in Mexico..... ). The law states that whoever treats personal data must grant "privacy by design and by default": this leads to split personal data into several encryped databases, whose composing algorithm is known only by you; if other persons are aware of it, they shall be legally binded to you: as "the data controller". Additional means like overall data cyptography, multi-layered passwords, encryped-back-ups shall apply as well. A real nightmare for those (like me) who aren't a lawyer !!!
In a nutshell: be careful.... and best wishes...