The healthcare services industry has seen a huge transformation since the prominent rise of the Internet of Things (IoT). IoT in healthcare services includes a large number of unified and interconnected sensors, and medical devices that generate and exchange sensitive information. Thus, an enormous amount of data is transmitted through the network which raises an alarming concern for the privacy of patient information. Therefore, privacy preserving data collection (PPDC) is on-demand to ensure the privacy of patient data. Several pieces of research on PPDC have been proposed recently. However, the research literatures have fallen short in privacy requirements and are prone to various privacy attacks. In this paper, we propose a novel privacy-preserving data collection scheme for IoT based healthcare services systems. A clustering-based anonymity model is utilized to develop an efficient privacy-preserving scheme to meet privacy requirements and to prevent healthcare IoT from various privacy attacks. We formulated the threat model as client-server-to-user to ensure privacy on both ends. On the client-side, a modified clustering-based k-anonymity model with α-deassociation is used to anonymize the data generated from the IoT nodes. The base-level privacy is then ensured through a bottom-up clustering method which generates clusters of records as per the privacy requirements. On the server-side, the cluster-combination method-UPGMA is utilized to reduce communication costs and to achieve a better level of privacy. The proposed scheme is efficient in tackling privacy attacks such as attribute disclosure, identity disclosure, membership disclosure, sensitivity attacks, similarity attacks, and skewness attacks. The effectiveness and efficiency of the proposed scheme are proven through theoretical and experimental analyses.