I think you are mixing up the terms User and UserRole a bit. But to answer your question:
Yes - It is possible to set the access rules based on the currently logged in user and his account (applied at runtime) and also based on the certain user roles (also applied at runtime). For more information on this topic see http://www.nolanramsey.com/blog/2015/8/22/how-to-build-a-mendix-security-model-part-2-entity-vs-ui
I am sure there are also a ton of other resources online about this.
Hope this helps,
PS: In your concrete situation what you need is a Role Based Homepage for "Doctors" - you need to create this user role in your project. Then only allow Doctors to see data from their own Patines using access rules in the entity model e.g. on the Entity Patient you would have an Xpath acess rule that looks something like this
Yes we can. We should use the user and user roles, to let the administrator create doctors. For the doctor to see only his patients, we can compare the current user who logged in and an attribute i.e., doctor's name from the patients entity and display the resulting data.