Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration

Consumers now use smart home devices as an interface into the telehealth ecosystem. Smart home devices offer enhanced, multi-sensory user experiences that allow individuals to converse with technology naturally. While the user experience may be improved, practitioners may find challenges associated with deploying mitigating controls that limit cybersecurity and privacy risk given that devices may use proprietary or purpose-built operating systems that do not allow engineers to add protective software.
 

Providing HDOs with practical solutions for securing an ecosystem that incorporates consumer-owned smart home devices into an HDO-managed telehealth solution.

In-patient service demands have increased during a time when the healthcare landscape has experienced a reduction in the number of hospitals and beds to provide care. Hospital-at-Home (HaH) solutions provide an in-patient care experience for patients, which may result in reduced costs and improved outcomes. This paper examines privacy and cybersecurity risks found in HaH deployments when using smart speakers as a representative IoT device and provides recommended steps to address those risks.

Overview

Healthcare Delivery Organizations (HDOs) have begun implementing Hospital-at-Home (HaH) programs for select patients. HaH is a form of telehealth wherein patients receive in-patient care, including clinical care and monitoring, at their place of residence.

HaH offers HDOs several benefits, including improving patient outcomes, alleviating in-patient bed capacity limits, and providing safety for patients and care team members during infectious scenarios. HaH solutions provide an in-patient care experience for patients, which may result in reduced costs and improved outcomes. Nevertheless, HaH presents several cybersecurity and privacy challenges due to the introduction of medical device-grade equipment and information systems into environments the hospital does not control.

This NIST Cybersecurity Whitepaper examines privacy and cybersecurity risks found in HaH deployments when using smart speakers as a representative IoT device and provides recommended steps to address those risks. By implementing the safeguards suggested in this paper, HDOs will reduce their risk profile while providing a valued service to their patients. This paper uses established Frameworks such as the NIST Cybersecurity Framework, NIST Privacy Framework, and NIST Risk Management Framework.

View the Project Description

As patients adopt IoT use when interacting with health systems, technologists may need to apply new approaches in safeguarding systems and environments.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name