As a new kind of patient-centred health-records model, the personal health record (PHR) system can support the patient in sharing his/her health information online. Attribute-Based Encryption (ABE), as a new public key cryptosystem that guarantees fine-grained access control of outsourced encrypted data, has been used to design the PHR system. Considering that privacy preservation and policy updating are the key problems in PHR, a privacy-preserving multi-authority attribute-based encryption scheme with dynamic policy updating in PHR was proposed. In the scheme, each of the patient’s attributes is divided into two parts: attribute name and attribute value. The values of the user’s attributes will be hidden to prevent them from being revealed to any third parties. In addition, the Linear Secret-Sharing Scheme (LSSS) access structure and policy-updating algorithms are designed to support all types of policy updating (based on “and”, “or”, and “not” operations). Finally, the scheme is demonstrated to be secure against chosen-plaintext attack under the standard model. Compared to the existing related schemes, the sizes of the user’s secret key and ciphertext are reduced, and the lower computing cost makes it more effective in the PHR system.