Identity and Access Management (IAM) systems are crucial for any information system, such as healthcare information systems. Health IoT (HIoT) applications are targeted by attackers due to the highvolume and sensitivity of health data. Thus, IAM systems for HIoT need to be built with high standards and based on reliable frameworks. Blockchain (BC) is an emerging technology widely used for developing decentralized IAM solutions. Although, the integration of BC in HIoT for proposing IAM solutions has gained recent attention, BC is an evolving technology and needs to be studied carefully before using it for IAM solutions in HIoT applications. A systematic literature review was conducted on the BC-based IAM systems in HIoT applications to investigate the security aspect. Twenty-four studies that satisfied the inclusion criteria and passed the quality assessment were included in this review. We studied BC-based solutions in HIoT applications to explore the IAM system architecture, security requirements and threats. We summarized the main components and technologies in typical BC-based IAM systems and the layered architecture of the BC-based IAM system in HIoT. Accordingly, the security threats and requirements were summarized. Our systematic review shows that there is a lack of a comprehensive security framework, risk assessments, and security and functional performance evaluation metrics in BC-based IAM in HIoT applications.INDEX TERMS access control, Blockchain, e-Health, health IoT, identity management, security, systematic literature review.