Internet of things devices monitor the health status of patients, and upload the collected data as EMR to the cloud for storage and sharing. Outsourcing electronic medical records to the cloud will bring new security and privacy risks. A new architecture model is proposed to ensure the security and privacy of outsourcing health records. In this model, POSET is used to construct group based access structure, and CP-ABE is used to provide fine-grained EMR access control. The improved group based on g-CP-ABE reduces the number of leaf nodes in the access tree to minimize the computation. The symmetric encryption and CP-ABE scheme are combined to minimize the overall encryption time. Therefore, g-CP-ABE can still be used to monitor the health status of Internet of things devices with limited resources. Performance analysis shows that the model is effective and suitable for practical application.