Role-Based Access Control (RBAC) has become a core component in securing electronic health records (EHRs) by assigning access rights to users based on their job roles. This study investigates the effectiveness of RBAC in healthcare, evaluating its strengths and weaknesses through a mixed-methods approach that includes a systematic literature review, surveys, and interviews with healthcare IT professionals. Analysis of survey data and organisational documents reveals that while RBAC offers a clear structure and supports regulatory compliance, challenges such as role explosion, dynamic role needs, and integration issues with modern technologies persist. The paper recommends strategies such as dynamic role assignment, regular role audits, and improved training to enhance RBAC systems. The findings provide practical insights for healthcare administrators aiming to secure patient data and improve overall data governance.