Role-based access control (RBAC) is the correct answer because it allows access to resources based on the roles of individual users within an organization. In healthcare, someone's role, such as a doctor, nurse, or billing specialist, determines the type of patient information they need to access. RBAC simplifies the management of permissions, as changes in roles reflect access to resources without the need for individual user access management. Discretionary access control (DAC) allows the owners of resources to specify the access, which is not typically suitable for a role-based environment like a healthcare provider. Mandatory access control (MAC) imposes a strict and rigid classification-based access control policy that's not commonly utilized in a healthcare setting, as it's more suited to military and government environments. Attribute-Based Access Control (ABAC) provides granular access control based on attributes (such as department, location, and time of access), but it is often more complex and may not be necessary if roles align well with access requirements.