With the rise and rapid development of the Internet of Things, the electronic healthcare (e-health) system gradually become a universal trend in the global medical industry. As a typical e-health application, Telecare Medical Information System (TMIS) can assist patients and medical staffs in monitoring and communicating for medical aid. However, TMIS usually runs in untrusted public channels, which makes it urgent to provide a secure authentication scheme to achieve user authentication, data security, and privacy protection purposes. In 2014, Li et al. proposed a biometric-based remote user authentication scheme that supported secure transmission and provided patient privacy protection. However, we analyze the scheme of Li et al. and identify that this scheme is vulnerable to identity theft attack, user impersonation attack, replay attack, and key compromise impersonation attack. We improve the original scheme to solve these problems and give the security proof as well as formal analysis of our scheme. Besides, we provide detailed heuristic security analysis to verify that our scheme can resist potential attacks and provide various security properties. Finally, performance analysis shows that the security of the improved protocol is enhanced without excessively increasing the computational cost.