Access controls
Technical and administrative rules that limit who can see or change patient information — unique logins, passwords, and permission levels are common examples.
Example
A receptionist can schedule appointments but cannot open clinical notes outside their department.
45 CFR §164.312(a)(1)