My approach is to design the database with restrictions in place to begin with. Use roles to restrict what data a user is allowed to access. I expect (ie hope) that a user who has access to SOME PHI doesn't have access to ALL PHI.
My goal with permissions is that I am not building special objects for different people to see (such as new views so people without access to PHI can access my system), but instead have the permissions in place to protect the data. The advantage to this approach is that if someone without PHI access gets moved to a position where they can have PHI access, your responsibility is just to put them in the proper groups in SQL and they will see the new (to them) data.
If I understand right, you previously had a system where anyone who had access to the system would have access to the PHI. To me this sounds like a HUGE security risk. Since the database doesn't consist of ONLY PHI data, what I would do first is remove all objects from being able to be access from PUBLIC (if that is allowed), then create roles for the different levels of access and grant permissions on the objects based on the role. For example, if you have a secretary, they may need access to the patients name, address, doctor, and phone number (possibly more info, but I expect a secretary doesn't need full medical history information). So you'd have a role for Secretary and all Secretaries would be in that role. That role would have access to the required information and nothing extra. So no prescription information or medical history or allergies, etc. MAYBE a Secretary should have view access to allergies but not update or delete permissions - so make sure that those permissions are restricted. Then repeat for all roles that need access to things.
I personally wouldn't create special views for users UNLESS those views are required for the role. For example, if your table contains names, addresses, and phone numbers of patients and you need someone to be able to access Names and Addresses but not phone numbers, a view would be a good way to do that or data masking. But like you said, data masking would require a lot of work.
One thing I am confused about your setup though is you have Database 2 as being replicated data from Database 1 which is pushing data into DatabaseZero. If this is the case, why do you need Database 2 to pull any data from Database 1 with a cross database query? Or am I reading your post wrong?
The above is all just my opinion on what you should do.
As with all advice you find on a random internet forum - you shouldn't blindly follow it. Always test on a test server to see if there is negative side effects before making changes to live!
I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.