Electronic health (e-health) social system provides an effective way for the patients to share their treatment experience, exchange medical information and build a supportive relationship. In this paper, we propose a novel symptom-matching based group key management scheme for the e-health social system supporting dynamic group membership change. The patients in this system are diagnosed and treated by different medical institutions. This proposed schemes allows a group of patients from different healthcare domains (cross-domain) to securely establish a group session key to protect the group disease discussion. The scheme supports patient anonymity and traceability since the identities of the patients are hidden in an anonym and their medical institution is able to recover the real identity. The group agreement protocol ensures that only the authenticated patient with the same symptom could derive the group session key. The privacy of patient’s symptom is also protected since the patient cannot know the other patients’ symptoms if they do not have the same symptom. The security of this scheme is proved and the performance is evaluated theoretically and experimentally. The simulation and comparison indicate that our scheme has good performance and suitable for the mobile e-health social system.