In applications such as e-Health systems, a user's consent should usually be obtained before his/her private information can be disclosed. For this purpose, users need to specify their privacy preferences about what data are to be disclosed to which recipients for what purposes. However, this may become a daunting task in a complicated application that involves potentially a large number of combinations of data recipients, purposes, and granularities of data. This paper proposes a hierarchical approach to address this issue. More specifically, we first observe that hierarchies naturally exist in each dimension of a privacy preference. We then propose a series of methods for users to more conveniently specify their privacy preferences based on such hierarchies. We also define meta-policies to resolve potential conflicts between preferences specified over time. Finally, we discuss how to represent the preferences with a snow- flake schema in backend databases.