Mitigating Cybersecurity Risk in Telehealth Smart Home Integration

Download the Project Description & Comment

The NCCoE has released the draft project description, Mitigating Cybersecurity Risk in Telehealth Smart Home Integration. Use the buttons below to view the publication and submit comments.

Download PDF » Comment »

Current Status

The National Cybersecurity Center of Excellence (NCCoE) has released the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration project description. Currently, we are seeking feedback on this publication. The public comment period is now open and will close on October 4th, 2021.


The NCCoE is proposing a project that will describe a reference architecture for smart home integration with healthcare systems as part of a telehealth program, leveraging concepts established in previous NCCoE and NIST publications. Telehealth technology and its use has advanced alongside the "Internet of Things (IoT)". IoT adoption brings novel capabilities to consumers in their homes. Healthcare solutions may allow patients to use consumer-grade IoT devices to review their health information and interact with systems operated by a healthcare delivery organization (HDO). Individuals may use IoT devices to obtain lab results, schedule visitations with their care team, set reminders for appointments and regimens, or request prescription refills, for example. As patients adopt IoT use when interacting with health systems, technologists may need to apply new approaches in safeguarding systems and environments. IoT devices may require unique approaches to ensure patient data confidentiality, integrity, and availability.

This project's goal is to identify those elements that are unique to using consumer-grade IoT devices with healthcare systems. Telehealth solutions that integrate consumer-owned devices such as smart speakers with HDO-managed health information systems may include atypical threats and vulnerabilities. This project uses established guidelines and standards such as the NIST Cybersecurity, NIST Privacy, and NIST Risk Management Frameworks. Applying concepts from these frameworks enables the project to identify risks and select appropriate controls that support telehealth smart home integration.

This project will result in a publicly available National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide: a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses this challenge.

Join Our Community of Interest

Interested in joining the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.