Nowadays Electronic Health Records (EHRs) is a preferred method to store patients' health records. The emergence of cloud computing services provides users with flexible access, large storage capability and low costs, which motivate EHR maintainers to consider migrating EHR data from their own storage to the cloud. However, securing EHRs in cloud is a major challenge. Several security properties need to be satisfied, such as data privacy, fine-grained access control and scalable access between different clouds. In this paper, we propose a secure and scalable framework for EHR data sharing which combines Identity-based Encryption and Attribute-based Encryption together to enforce access control policies. Through this framework a fine-grained access control scheme on EHR can be enforced and scalable access between different clouds is enabled. We also propose a novel design to address the problem of improper data access caused by a user with multiple roles and access rights to an EHR.