While dealing with the big data in healthcare, it was difficult for a policy maker to foresee what information a doctor may need, even to make an accurate access control policy. To deal with it, a risk-based access control model that regulates doctors access rights adaptively was proposed to protect patient privacy. This model analyzed the history of access, applies the EM algorithm and the information entropy technique to quantify the risk of privacy violation. Using the quantified risk, the model can detect and control the over-accessing and exceptional accessing of patients data. Experimental results show that this model is effective and more accurate than other models.