In modern healthcare environments, healthcare providers are more willing to shift their electronic medical record systems to clouds. Instead of building and maintaining dedicated data centers, this paradigm enables to achieve lower operational cost and better interoperability with other healthcare providers. However, the adoption of cloud computing in healthcare systems may also raise many security challenges associated with authentication, identity management, access control, trust management, and so on. In this paper, we focus on access control issues in electronic medical record systems in clouds. We propose a systematic access control mechanism to support selective sharing of composite electronic health records (EHRs) aggregated from various healthcare providers in clouds. Our approach ensures that privacy concerns are accommodated for processing access requests to patients' healthcare information.We also demonstrate the feasibility and efficiency of our approach by implementing a proof-of-concept prototype along with evaluation results.