Over the last few years, the medical Internet of Things (IoMT) has experienced numerous security challenges related to the monitoring of patient healthcare data. In IoT centric healthcare framework, connected clinical devices are more prone to severe security menaces and attacks against other network devices. Current solutions can ensure the patient’s information during data transfer to some extent but cannot avoid some of the advanced cyber-attacks like data leakage, collision attacks, and data integrity. Thus, this paper proposes an efficient privacy-preserving and public-key authentication model for securing IoT-based healthcare systems. An efficient public-key authentication system with access policy-based confidentiality is used to preserve privacy. In this proposed model, the patients stay in their homes, and their health assistance will send the sensor data using a mobile healthcare application. First, the patient must be registered with the corresponding hospital using patient credentials on the hospital website or mobile application. After getting the unique login id and successful login, sensed data is encrypted using the proposed method and securely uploaded to the hospital cloud server by generating an access policy. Then, in the hospital, the corresponding doctor can download the secured patient data with high confidentiality using the same access policy generated while uploading the health data from the hospital cloud server. The results gained from the experiments demonstrate a superior performance of the proposed mechanism over the existing methodologies, and it is evidenced to be more secure and efficient.