New guidance is available for remote patient monitoring (RPM) companies on cybersecurity and privacy compliance. The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), has released Securing Telehealth Remote Patient Monitoring Ecosystem. The practice guide offers healthcare organizations and RPM software developers an example architecture to implement cybersecurity and privacy controls and solutions to challenges faced in securing the RPM ecosystem. The guidance is currently in draft and NIST is accepting public comments through December 18, 2020.
RPM services continue to grow in popularity due to their convenience, cost-effective options for patients and providers, and continued expansion of RPM reimbursement by health plans, Medicare, and Medicaid. Historically, most RPM solutions were implemented in controlled and cyber-risk averse environments, such as hospitals or medical facilities. But with the advances of in cloud services, networking and wireless technologies, and biometric device capabilities, RPM solutions provide new ways for clinical teams to directly reach patients in their homes, sometimes in DTC virtual-only service models. Even if the RPM company is not subject to HIPAA, these new healthtech service models raise different cybersecurity and privacy risks. Responsible RPM software developers and tech-enabled service providers need to understand and account for cybersecurity when deploying their RPM offerings.
Read more at: The National Law Review