In CP-ABE systems , attributes describe user's credentials and policies describe who can decrypt data from the server. Many researches have been conducted in Personal Health Records (PHR) to facilitate the mediation and direct connection of patient to different users (physicians, family members and clinic agents) through network. Ciphertext Policy Attribute-based Encryption mechanism is used to determine who can access sensitive PHR documents. In this paper, CP-ABE with Constant-size Ciphertext and Constant Computation-Cost is used to describe users' credentials, and a patient associate encrypted data with credentials to determine who can decrypt sensitive PHR from the server. Due to the large number involved in the access policy scheme this work is based on Constant-size Ciphertext and Constant Computation-cost.