Security Safeguards
Role-Based Access Control (RBAC)
Granting access to ePHI based on a user's job role rather than individually.
Role-Based Access Control (RBAC) is a model that grants permissions to ePHI according to a user's job role rather than assigning them individually.
RBAC is a practical way to implement HIPAA's minimum necessary standard and least privilege: defining roles such as "clinician," "billing," or "read-only support" keeps access aligned with what each job actually requires and makes access control easier to audit.