SP 1800-30 (Draft)

Securing Telehealth Remote Patient Monitoring Ecosystem

Date Published: November 2020
Comments Due: December 18, 2020
Email Comments to: hit_nccoe@nist.gov

Author(s)

Jennifer Cawthra (NIST), Nakia Grayson (NIST), Bronwyn Hodges (MITRE), Jason Kuruvilla (MITRE), Kevin Littlefield (MITRE), Julie Snyder (MITRE), Sue Wang (MITRE), Ryan Williams (MITRE), Kangmin Zheng (MITRE)

Announcement

Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. RPM is convenient, cost effective, and its adoption rate has increased. Without adequate privacy and cybersecurity measures, unauthorized individuals may expose sensitive data or disrupt patient monitoring services.

The NCCoE at NIST analyzed risk factors surrounding the RPM ecosystem and leveraged the NIST Cybersecurity Framework and other relevant guidance to develop an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to implement cybersecurity and privacy controls to enhance telehealth RPM resiliency.

The comment period is open through December 18, 2020. Comments will be made public.

Abstract

Keywords

access control; authentication; authorization; behavioral analytics; cloud storage; data privacy; data security; encryption; HDO; healthcare; healthcare delivery organization; remote patient monitoring; RPM; telehealth
Control Families

Access Control; Configuration Management; Identification and Authentication; Physical and Environmental Protection; Program Management; Risk Assessment; System and Communications Protection

Documentation

Publication:
Draft SP 1800-30 volumes and Project homepage
Submit comments

Supplemental Material:
Submit comments (web)

Document History:
11/16/20: SP 1800-30 (Draft)