What security configuration in Epic combines access control with auditing to log data access?

• A. Audit Trails Only
• B. RBAC Policies
• C. Access Logs and Roles
• D. RBAC and Audit Trails

Answer: (D)

The main idea here is to have both control over who can access data and a record of that access. In Epic, RBAC, or Role-Based Access Control, determines permissions based on a user’s assigned role, which enforces who can view or modify particular data. Audit Trails, on the other hand, keep a record of every data access event—who accessed what, when, and what actions they took—so you can review activity for security and compliance. When you combine RBAC with Audit Trails, you get a security setup that not only restricts access according to roles but also logs every access, providing accountability and traceability. The other options only cover either logging or access control, or refer to a nonstandard term, so they don’t provide the same complete protection.