This study proposes a chaos-based security model applied to the physical (PHY) layer of visible light communication (VLC) systems in accordance with the IEEE 802.15.7 standard. The proposed model employs a chaotic signal generated by a Colpitts oscillator to encrypt the header of IEEE 802.15.7 VLC frames in the PHY layer to prevent eavesdropping, traffic analysis and error function attacks. The encryption method employed here is chaotic inclusion or embedding, which is known as one of the most secure chaos-based approaches. Thus, the essential information pertaining to the employed chaotic oscillator, i.e. its structure, parameter set, the utilised modulation and synchronisation methods is not visible or traceable to the eavesdropper. Moreover, the unencrypted payload is extended by an additional number of random padding bits which can only be determined by decrypting the header of the VLC frame hence the payload is unrecognisable to eavesdroppers though it has not been encrypted. At the legitimate receiver side, the received IEEE 802.15.7 frames are successfully recovered by removing the chaotic wave using chaotic synchronisation techniques. The simulation results show that the encrypted header and the unencrypted payload of the IEEE 802.15.7 frames are well protected and successfully recovered by legitimate receivers.