Wireless Body Area Network (WBAN) is a part of Wireless Sensor Network (WSN) which works with medical devices and capable to transmit medical data in run time. It has changed the healthcare industry and proved itself as the best technique in case of emergencies and remote area location. However, WBAN has witnessed several security issues which demand a secure data transmission and user authentication in resource constrained environment. Healthcare devices have resource constraints such as energy constraints, space constraints, etc. Implementing high level security is a daunting task due to those constraints. This technique implements Elliptic Curve Cryptography (ECC) for secure key distribution and data exchange. ECC provides same level of security by using lesser key size than RSA. Moreover, this scheme has mutual authentication of sink node by base station server and of base station server by sink node. It uses hash value of sink ID, registered random number and time-stamp value for two-way authentication. Furthermore, our technique uses time-stamp value to identify replay attack. Overall, it proves a better security mechanism in case of WSNs for healthcare devices.