The telecare medical information system (TMIS) could improve quality of medical care since it allows patients to enjoy health-care delivery services in their home. However, the privacy and security influence the development of the TMIS since it is employed in open networks. Recently, Wu and Xu proposed a privacy authentication scheme for the TMIS and claimed that their scheme could overcome weaknesses in previous schemes. However, we will demonstrate that their scheme is venerable to the server spoofing attack and cannot provide user anonymity. To overcome weaknesses in their scheme, we also propose a new authentication scheme for the TMIS. Analysis shows that our scheme not only overcome weaknesses in Wu et al.’s scheme, but also has better performance.