Personal Health Record (PHR) service is an emerging model for health information exchange. PHR system allows patients to create, control manage, and share their health information with other users as well as healthcare providers like Google e-Health. In reality, a PHR service is likely to be hosted by third-party cloud service providers in order to enhance its interoperability. Meanwhile, there have been serious privacy concerns about outsourcing patients PHR data to the cloud server. Issues such as risks of privacy exposure, scalability in key management, data loss, flexible access efficient user revocation and data theft, have remained the most important challenges toward achieving cryptographically enforced data access control.