Design framework or guidelines for secure data and workflows in healthcare

Looking for design framework to create and maintain rbac. Has anyone created a PII/PHI scanner to detect protected data in text fields?