NIST: Securing Telehealth Remote Patient Monitoring Ecosystem

“What is this guide about?

Increasingly, healthcare delivery organizations (HDOs) incorporate telehealth and remote patient monitoring (RPM) as part of a patient’s care regimen. RPM systems capture patient biometric data over a prolonged duration. They may offer convenience and may be cost effective for patients and HDOs. These benefits promote increased adoption rates. Without adequate privacy and cybersecurity measures, however, unauthorized individuals may expose sensitive data or disrupt patient monitoring services.

The NCCoE performed a risk assessment on the telehealth RPM ecosystem, leveraging the NIST Cybersecurity Framework, NIST Privacy Framework, and other relevant guidance to develop a reference architecture. The reference architecture demonstrates how HDOs may use standards-based approaches and commercially available cybersecurity technologies to implement privacy and cybersecurity controls enhancing the resiliency of the telehealth RPM ecosystem.”