Best Fit Small Medium Large
Health information exchange partners One or two partners Several exchange partners Significant number of partners or partners with less rigorous standards or requirements

Global data exchange
IT Capability No dedicated IT professionals on staff, IT may be outsourced on a break/fix or projecct-by-project-basis Dedicated IT respurces on staff

No or limited dedicated security resources on staff
Dedicated IT resources with dedicated budget

CISO or dedicated security leader with dedicated security staff
Cybersecurity investment Nonexistent or limited funding Funding allocated for specific initiatives

Potentially limited future funding allocations

Cybersecurity and IT budgets
Dedicated budget with strategic roadmap specific to cybersecurity
Size (provider) 1-10 physicians 11-50 physicians Over 50 physicians
Size (acute / post-acute) 1-25 providers 26-500 providers Over 500 providers
Size (hospital) 1-50 beds 51-299 beds Over 300 beds
Complexity Single practice or care site Multiple sites in extended geographic area Integrated delivery networks

Participate in accountable care organization or clinnically integrated network
Other Org Types Practices Mangement Organization

Managed Service Organization

Smaller device manufacturers

Smaller pharmaceutical companies

Smaller payor organizations
Health Plan

Large Device Manufacturer

Large pharaceutical organization
Organizational Size