Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Project Description (Initial Public Draft)

Mitigating Cybersecurity Risk in Telehealth Smart Home Integration: Cybersecurity for the Healthcare Sector

Date Published: August 2021
Comments Due: October 4, 2021 (public comment period is CLOSED)
Email Questions to: hit_nccoe@nist.gov

Author(s)

Nakia Grayson (NIST), Ronald Pulivarti (NIST), Bronwyn Hodges (MITRE), Kevin Littlefield (MITRE), Julie Snyder (MITRE), Sue Wang (MITRE), Ryan Williams (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description for Mitigating Cybersecurity Risk in Telehealth Smart Home Integration. The publication of this project description begins a process to further identify project requirements, scope, and hardware and software components for use in a laboratory environment.

We want your feedback on this draft to help refine the project. The comment period is now open and will close on October 4th, 2021.

What is this Project About?

Telehealth technology and its use has advanced alongside the "Internet of Things (IoT)". Healthcare solutions may allow patients to use consumer-grade IoT devices to review their health information and interact with systems operated by a healthcare delivery organization (HDO). Individuals may use IoT devices to obtain lab results, schedule visitations with their care team, set reminders for appointments, or request prescription refills, for example.

IoT brings novel capabilities to consumers in their homes. However, with those capabilities, IoT compels technology adopters to re-think how they may need to secure their home environment and the networks with which their homes interconnect. This project will result in a practice guide that describes a reference architecture for smart home integration with healthcare systems as part of a telehealth program.

We Want to Hear from You!

Review the project description and submit comments online on or before October 4th, 2021. You can also help shape and contribute to this project by joining the NCCoE’s Healthcare Community of Interest. Send an email to hit_nccoe@nist.gov detailing your interest. We value and welcome your input and look forward to your comments.
 

Abstract

Keywords

application programming interface; API; application security; cybersecurity; data privacy; data privacy and security risks; health delivery organization; HDO; Internet of Things; IoT; smart home; telehealth
Control Families

Access Control; Configuration Management; Identification and Authentication; Risk Assessment

Documentation

Publication:
Draft Project Description (pdf)

Supplemental Material:
Project homepage

Document History:
08/31/21: Project Description (Draft)
08/29/22: Project Description (Final)