New Telehealth Cybersecurity Guide Available and Open for Public Comment

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is pleased to announce the publication of the draft NIST Special Publication (SP) 1800-30: Securing Telehealth Remote Patient Monitoring Ecosystem Practice Guide. The public comment period is open now through December 18th, 2020. We welcome your comments and feedback.

Increasingly, healthcare delivery organizations (HDOs) incorporate telehealth and remote patient monitoring (RPM) as part of a patient’s care regimen. RPM systems capture patient biometric data over a prolonged duration. They may offer convenience and may be cost effective for patients and HDOs. These benefits promote increased adoption rates. Without adequate privacy and cybersecurity measures, however, unauthorized individuals may expose sensitive data or disrupt patient monitoring services.

The NCCoE performed a risk assessment on the telehealth RPM ecosystem, leveraging the NIST Cybersecurity Framework, NIST Privacy Framework, and other relevant guidance to develop a reference architecture. The reference architecture demonstrates how HDOs may use standards-based approaches and commercially available cybersecurity technologies to implement privacy and cybersecurity controls enhancing the resiliency of the telehealth RPM ecosystem.