You are the Chief Security Officer (CSO) for a healthcare organization that is migrating its electronic health records (EHR) system to a cloud-based solution. The EHR system will be accessed by various healthcare professionals, including doctors, nurses, and administrative staff, each requiring different levels of access to patient data. To ensure compliance with healthcare regulations and to protect patient privacy, which access control model should you implement to define permissions based on the distinct roles within the healthcare organization, and why is this model the most suitable for such a regulated environment?