The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

NCCoE Releases Final Version of NIST Securing Telehealth Remote Patient Monitoring Ecosystem Guidance

Posted By on Feb 23, 2022

The National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST guidance on Securing Telehealth Remote Patient Monitoring Ecosystem (SP 1800-30).

Healthcare delivery organizations have been increasingly adopting telehealth and remote patient monitoring (RPM) systems to improve the care they provide to patients while reducing costs. Patient monitoring systems have traditionally only been used in healthcare facilities but there are advantages to using these solutions in patients’ homes. Many patients prefer to receive care at home, the cost of receiving that care is reduced, and healthcare delivery organizations benefit from freeing up bed space and being able to treat more patients.

While there are advantages to be gained from the provision of virtual care and the remote monitoring of patients in their homes, telehealth and RPM systems can introduce vulnerabilities that could put sensitive patient data at risk and if RPM systems are not adequately protected, they could be vulnerable to cyberattacks that could disrupt patient monitoring services.

Special Publication 1800-30 was developed by NCCoE in collaboration with healthcare, technology, and telehealth partners to form a reference architecture that demonstrates how a standard-based approach can be adopted along with commercially available cybersecurity tools to improve privacy and security for the telehealth and RCM ecosystem.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The project team at NCCoE performed a risk assessment based on the NIST Risk Management Framework on a representative RPM ecosystem in a laboratory environment. The NIST Cybersecurity Framework was applied along with guidance based on medical device standards, and the team demonstrated how healthcare delivery organizations can implement a solution to enhance privacy and better secure their telehealth RPM ecosystem.

SP 1800-30 explains how healthcare delivery organizations can identify cybersecurity risks associated with telehealth and RPM solutions, use the NIST Privacy Framework to broaden their understanding of privacy risks, and apply cybersecurity and privacy controls. How-To guides are provided that include detailed instructions for installing and configuring the products used to build NCCoE’s example solution. NCCoE used solutions from AccuHealth and Vivify, but the principles can be applied to other solutions.

The final guidance and How-To guides can be downloaded from NCCoE here.

Image Source: J. Stoughton/NIST

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist