In the past, the medical record was a paper repository of information that was used for clinical, research, administrative, and financial purposes. It was severely limited in terms of accessibility, available to only one user at a time. The physician was in control of the care and documentation processes and authorized the release of information. Due to this, patients rarely viewed their medical records. Also, paper-based medical records were the lack of security. Nowadays, the electronic health record (EHR) can be viewed by many users simultaneously and utilizes a host of information technology tools. Patients routinely review their electronic medical records and are keeping personal health records (PHR), which contain clinical documentation, about their diagnoses from the physician or health care websites. According to researchers, it is “the right of individuals to keep information about them from being disclosed to others. Patient information should be released to others only with the patient’s permission. The key to preserving confidentiality is making sure that only authorized individuals have access to information. Many organizations and physician practices take a two-tier approach to authentication, adding a biometrics identifier scan, such as palm, finger, retina, or face recognition. Today, the Internet of Things (IoT) is an emerging environment and has a wide impact in healthcare applications. Due to the heterogeneous nature of the devices, security becomes a critical issue. Hence, the authors published a programmable cellular automaton based one-time pad (OTP) authentication framework. With the openness of public healthcare cloud various attacks are possible over user sensitive data. A theoretical analysis has been carried out and a mathematical model is developed to prevent chosen plaintext and brute force attacks. The performance of OTP algorithm results show that it is efficient for protecting security risks in the context of IoT healthcare data.