Just to clarify...
In your scenario, Dr. Smith is trying to access your intranet folder via an external www internet connnection? Am I correct in my interpretation?
I can't offer any specific resources, but I have seen programs advertised that alledgedly allow an authorized user to:
Access anything on his/her computer via any other computer & internet connection, anywhere in the world.
With the addition of a little front end php/pathway work, it sounds like it might be worth looking into. If that doesn't work, could the technology I mentioned be used in combination with your program automatically and additionally putting the information in folders outside of the program and setting up permission critera for that/those folder/folders?