Here is one of the first articles I’ve seen that explores the approach of applying structured analysis methodologies such as Unified Modeling Language (UML), definition here, to the HIPAA challenge.
Though I’m an advocate of both conventional (Gane/Sarson) and more current UML methodologies with respect to system/software development and business process re-engineering, ten years of professional practice as a business systems analyst has demonstrated that the majority of organizations will not pay for the professionals and the Computer Aided Software Engineering (CASE) tools needed to support modern-day structured analysis and development.
Those organizations that do fund a structured approach like UML have a tough-time suffering the time frames needed to gather requirements, analyze needs and document the results, before beginning to develop and implement a new design. This is true even for executives and managers who understand the long-term benefits of this approach over conventional analysis and development methodologies.
Extreme programming/data modeling, and even a condensed UML approach (Extreme UML) are in the works by some advocates, in an attempt to shorten the lifecycle of a structured analysis and design project. If these efforts are successful, one expected result would be that more organizations would adopt and fund a structured analysis and development approach, as opposed to hacking away endlessly trying to bring an organization into compliance with HIPAA.