Security Safeguards
Least Privilege
Granting each user or process only the minimum access needed to do its job.
Least Privilege is a security principle of granting each user, application, or process only the minimum access rights required to perform its function, and nothing more.
It directly supports HIPAA's minimum necessary standard and is commonly implemented through role-based access control. Limiting privileges shrinks the attack surface and reduces the damage a compromised account can do to ePHI.