Rapid development of Internet of Things (IoT) and its whole ecosystems are opening a lot of opportunities that can improve humans' quality of life in many aspects. One of the promising area where IoT can enhance our life is in the health care sector. However, security and privacy becomes the main concern in the electronic Health (eHealth) systems and it becomes more challenging with the integration of IoT. Furthermore, most of the IoT-based health care system architecture is designed to be cross-organizational due to many different stakeholders in its overall ecosystems – thus increasing the security complexity. There are several aspects of security in the IoT-based health care system, among them are key management, authentication and encryption/decryption to ensure secure communication and access to health sensing information. This paper introduces a key management method that includes mutual authentication and secret key agreement to establish secure communication between any IoT health device with any entity from different organization or domain through Identity-Based Cryptography (IBC).