In a typical e-healthcare system, it is common for users' physiological data collected by Internet-of-Things (IoT) devices to be processed and shared in a third-party environment. To improve service quality, healthcare data sharing in third-party environments needs to ensure the integrity, source authentication, and privacy of the data. Redactable signature schemes (RSSs) are designed to address this concern over the past decades. More concretely, an RSS allows a signature holder to delete privacy-sensitive parts of the signed data and derive a valid signature for the retained data without any help from the original signer. This also provides a flexible data sharing mechanism in a bandwidth-saving manner. However, almost all of the existing RSSs are built on top of public-key infrastructure (PKI) systems, which involve heavyweight public-key management problems and are not suitable for resource-limited IoT applications. Besides, we argue that the only known PKI independent RSS for IoT has some security flaws and requires a large storage space. In this work, we eliminate some of the costs associated with PKI and certificates (such as key managements and certificate verifications) in traditional RSS and propose the first identity-based RSS satisfying the requirements of protecting the integrity and source authentication with selective disclosure control for healthcare data sharing in IoT. We prove the security of the scheme in the random oracle model under the k-SDH assumption. Theoretical comparison and experimental analysis show that our construction has a practical performance. As an extension, we also discuss how to extend our design to achieve fine-grained redaction control, which provides a feasible strategy for a signer to prevent additional redaction or arbitrary redaction from dishonest signature holders.