Today, telemedicine has a great reputation because of its capacity to provide quality healthcare services to remote locations. To achieve its purposes, telemedicine utilizes a number of wireless technologies as well as the Internet of Things (IoT). The IoT is redefining the capacity of telemedicine in terms of improved and seamless healthcare services. In this regard, this paper contributes to the set of features of telemedicine by proposing a model for an IoT-based health prescription assistant (HPA), which helps each patient to follow the doctors recommendations properly. This paper also designs a security system that ensures user authentication and protected access to resources and services. The security system authenticates a user based on the OpenID standard. An access control mechanism is implemented to prevent unauthorized access to medical devices. Once the authentication is successful, the user is issued an authorization ticket, which this paper calls a security access token (SAT). The SAT contains a set of privileges that grants the user access to medical IoT devices and their services and/or resources. The SAT is cryptographically protected to guard against forgery. A medical IoT device verifies the SAT prior to serving a request, and thus, ensures protected access. A prototype of the proposed system has been implemented to experimentally analyze and compare the resource efficiency of different SAT verification approaches in terms of a number of performance metrics, including computation and communication overhead.