Digital Health Transformation

Your Blueprint for Digital Health Advancement

Infrastructure Adoption Model (INFRAM)

The HIMSS Infrastructure Adoption Model (INFRAM) helps healthcare leaders assess and map healthcare infrastructure and the associated technology capabilities required to reach their facility’s infrastructure goals while meeting international benchmarks and standards set by this maturity model.

Healthcare organizations cannot build or improve upon other capabilities required to deliver quality care without a sound infrastructure. If an organization is working with weak infrastructure, they may struggle with digital transformation. Organizations can leverage the INFRAM to improve the person-enabled health and interoperability dimensions of digital health.


Define Capabilities by Domain of Healthcare Infrastructure

Identify and define the capabilities of separate domains of healthcare infrastructure—mobility, security, collaboration, transport and data center—and understand how they work together.

Develop an Infrastructure Pathway

Build a detailed, strategic technology plan with this maturity model that defines the current state, desired future state, and each stage between to achieve clinical and operational goals across multiple facility types within the organization.

Improve Care Delivery

Ensure clinical team adoption by optimizing technology infrastructure that allows reliable and fast access to information when and where it is needed.

Reduce Cyber and Infrastructure Risk

Mitigate risk, accommodate the exponential growth of data, and gain the most from your investments with this maturity model by ensuring your infrastructure matches the requirements of your technology.


Improve clinical and operational outcomes through healthcare infrastructure development guided by this maturity model, the INFRAM.

Get started




  • The organization’s data, voice and location grade exceeds 81% for all internal areas and has achieved data, voice and location grade for all specified external on-campus areas.
  • 802.11x passive and active wireless surveys have been conducted for all internal locations and specified external on-campus location-grade areas.
  • A high-availability wireless identity and access management solution and a high-availability wireless enterprise mobile management solution are implemented on premise and in the cloud.
  • The organization has well-defined bring-your-own-device network access policies for both staff-owned and guest-owned devices that are managed through the enterprise mobile management solution with software-defined network policy enforcement.
  • Identity, access and mobile device management solutions integration use the software-defined networking controller to provide advanced security and automated access policy enforcement.
  • The organization has implemented a campus software-defined networking access capability using a campus software-defined controller that supports API integration with provisioning.
  • There is a software-defined network with automated validation of experience based on defined policies.
  • Traffic loads are manipulated dynamically based on policy compliance monitoring.
  • There is end-to-end visibility of service delivery in real time.
  • There is on-premise, enterprise-wide hybrid cloud application and infrastructure automation that is API driven using an automation tool on virtualized and non-virtualized platforms (application, network, compute or storage).
  • There is a self-service portal for IT use cases.
  • The organization’s network infrastructure using micro virtual segmentation in the campus infrastructure is based on a virtual extensible local area network.
  • The organization defines its network quality of service policies based on its quality of experience requirements.
  • The local and wide area networks are advanced with quality of service performance monitoring for policy compliance using a software-defined network controller for end-to-end quality of service policies across platforms.
  • Software-defined networking is based on a single physically centralized controller design with a static architecture based on unchangeable links and controller positions logically centralized with either a flat or hierarchical architecture.
  • In addition to its dual on-premise wireless controllers, an on-premise wireless controller is reserved for software-defined networking access in a mixed mode.
  • The organization’s network infrastructure uses macro virtual segmentation based on virtual local area network trunking protocol propagation and virtual routing and forwarding.
  • There is a well-defined automated configuration of access port policy in place utilizing automated configuration tools. However, campus software-defined networking access has not yet been implemented. 
  • The campus network and the wide area network are fully redundant and designed to recover very quickly with no or limited downtime.
  • The dual on-premise wireless controllers with access point and client stateful switchover support lightweight access points with cloud-capable redundancy groups.
  • The number of devices at the end of its support to less than 3% for core and distribution layer technologies and less than 10% for access layer technologies.
  • The organization has increased its modular and scalable network design to between 41% and 70% of network switches.
  • The organization has implemented an active/active failover procedure for its network core and distribution layer, and the network is fully redundant and designed to recover very quickly with no or limited downtime.
  • The network design includes dual on-premise wireless controllers with access point and client stateful switchover but supporting only lightweight access points.
  • The organization has implemented a predominantly IP telephony environment with IP telephony exceeding 90% of the network and an analog/digital PBX used for less than 10%.
  • The organization begins to demonstrate a well-defined but manually configured access port policy. It has implemented a modular and scalable network design, but only for less than 40% of network switches.
  • The organization has reduced the number of access layer technologies that have reached an end of support status to 20%.
  • The network is fully redundant but retains an active/standby configuration that may introduce system delays in network failure recovery.
  • Data and voice grade exceeds 80% and location grade for specific areas, but the data and voice grade for other areas is less than 80% with no location grade.
  • The organization has completed an 802.11x passive wireless survey for the entire location and an 802.11x active wireless survey internally.
  • Location grade is specified for certain areas only.
  • Network design is based on a single on-premise wireless controller that only supports lightweight access points.
  • The organization has implemented a hybrid IP telephony and analog/digital PBX environment.
  • The organization has implemented some basic information assurance capabilities, such as role-based access control, inventory/fault management and basic voice reporting.
  • The organization has only static virtual segmentation for its infrastructure and has a limited access port policy definition, which is also manually configured.
  • Less than 5% of the organization’s core infrastructure and distribution layer technologies and less than 30% of access layer technologies have reached an end of support status.
  • The organization’s network design is not modular, cannot be scaled and operates on a fixed switch platform.
  • The organization has implemented an active/standby failover procedure for the core and distribution layer of the network, but it has single points of failure.
  • There are redundant components available, but for less than 5% of its wireless controller infrastructure and less than 30% of its wireless access point infrastructure.
  • The network design is based on a single on-premise wireless controller with a combination of lightweight and autonomous access points. The organization has implemented an analog/digital PBX.
  • The organization has not implemented VPN support but may have some level of access control and related policy.
  • The organization has not implemented or configured any quality of service settings or policy definitions, and it has not implemented an intrusion detection and prevention system.
  • There are no formal security policies implemented or enforced, no dedicated data center network, and no structured compute architecture in place.