With rapid development of e-healthcare systems, patients that are equipped with resource-limited e-healthcare devices (Internet of Things) generate huge amount of health data for health management. These health data possess significant medical value when aggregated from these distributed devices. However, efficient health data aggregation poses several security and privacy issues such as confidentiality disclosure and differential attacks, as well as patients may be reluctant to contribute their health data for aggregation. In this paper, we propose a privacy-preserving heath data aggregation scheme that securely collects health data from multiple sources and guarantee fair incentives for contributing patients. Specifically, we employ signature techniques to keep fair incentives for patients. Meanwhile, we add noises into the health data for differential privacy. Furthermore, we combine Boneh–Goh–Nissim cryptosystem and Shamir’s secret sharing to keep data obliviousness security and fault tolerance. Security and privacy discussions show that our scheme can resist differential attacks, tolerate healthcare centers failures, and keep fair incentives for patients. Performance evaluations demonstrate cost-efficient computation, communication and storage overhead.