This document proposes using attribute-based access control and encryption to securely share personal health records (PHRs) stored in the cloud. It discusses how attribute-based encryption (ABE) can allow PHR owners to encrypt their records according to an access policy that determines who can access them. The proposed system would use an ABE mechanism to authorize access for requesting users based on the policy, and proxy re-encryption to allow approved users to decrypt specified PHR files stored in the cloud. This provides security, privacy and confidentiality for outsourced PHR data while allowing flexible access for authorized medical and personal users.