Worst weakness is that read access to the first file reveals name and birthdate of patients.
And then, read access to the other files by an adversary with knowledge of the system (as assumed in cryptography) allows to get the medical data for each patient identified by name and birthdate, at bearable computational cost.
This is an IT security issue with no complete cryptographic solution. The standard solution is to restrict read access to the files. The best that I see practically possible without such restriction is that knowing/guessing exactly the name and birthdate of a patient is necessary to de-anonymize their data, and there's a computational cost to verifying a guess. The general idea is to either
- not store the name and birthdate at all; this seems possible without changing the functionality as stated in "in practice", but we can no longer de-anonymize, nor detect that a mistyped name/birthdate created duplicate entries for the same patient.
- store name and birthdate encrypted under a public key, with the private key kept with extra precautions and used (to decipher) only in the exceptional case that patient data must be de-anonymized.
As a relatively minor aside, "Randomly assigning an ID to each patient" requires something unstated to avoid duplicate IDs, and a weakness could creep there.