This paper proposes a framework for an IoT-based health prescription assistant (HPA), which helps each patient to follow the doctors recommendations properly. The paper also designs a security system that ensures user authentication and protected access to resources and services. Based on the OpenID standard, an access control mechanism is implemented to prevent unauthorized access to medical devices. Once the authentication is successful, the user is issued an authorization ticket, which this paper calls a security access token (SAT). The SAT contains a set of privileges that grants the user access to medical IoT devices and their services and/or resources. The SAT is encrypted to guard against forgery. A medical IoT device verifies the SAT prior to serving a request, and thus, ensures protected access.