Abstract Personal Health Record (PHR) is a transpiring patient-centric embodiment of patient information trade that is customarily contracted out to third parties, for illustration, cloud service providers. There were far-reaching privacy apprehensions as individual medical records may possibly be unveiled to some third-party servers in addition to unconstitutional parties. On the road to warrant the patients’ charge to access their medical records, it is a hopeful procedure to encrypt the medical records prior to outsourcing. Hitherto, questions like exposure to privacy, scalability during key management, in addition to proficient user revocation, have lingered the most imperative tests in the direction of accomplishing fine-grained access control. This manuscript puts forward a fresh multi-layer patient-centric scaffold in addition to an anthology of techniques in support of data access control to medical records amassed in honest-but-curious servers. In the direction of accomplishing fine-grained as well as scalable access control, a new-fangled modification of Cipher-text Policy Attribute-Based Encryption (CP-ABE) technique is persuaded with random key length in the offline encryption phase to encrypt each patient’s PHR file. In the online phase, the CP-ABE encrypted data is transmitted to the cloud through a secure tunnel and then the data in rest is encrypted again by the 256-bit Advanced Encryption Standard (AES-256). In order to eliminate the problem aroused from leaked keys, both attribute and user revocation is done. The proposed system achieves data confidentiality, access control, user revocation, random key length, resists collusion attack, tracks the user location periodically, and preserves forward and backward secrecy. Within the MLPPT-MHS scheme, the computation time to perform Key Generation, Encryption, and Decryption would be 823.75ms, 152.43ms, 82.54ms and the storage overhead incurred to record the Public Parameters, Secret Key and Cipher Text would be 6098 bits, 59,653 bits, and 26,712 bits. These investigational outcomes demonstrate the security, scalability, as well as efficiency of this MLPPT-MHS scheme.