Smaller organizations often have fewer human and financial resources, such as a minimal IT budget, which can make HIPAA compliance a challenge. On the flip side, large organizations have a larger workforce that needs to be communicated with, trained, and monitored, and a greater universe of data (due to high patient volume and a greater range of services) and physical assets that need to be secured, e.g., computers, work stations, and filing cabinets.