2 Remote Patient Monitoring Security Best Practices for 2021: NIST and NCCoE Cybersecurity Framework

The COVID-19 pandemic of 2020 and 2021 has had a massive negative impact on overall patient care, particularly with patients with chronic illnesses, who lost many of the much-needed resources for their preventive care. Medical systems have tried to adapt to this new reality by adopting telehealth solutions. Still, those remote patient solutions are limited by providers’ inability to obtain all the vital patient biometric data needed to accurately diagnose and treat many of a patients’ conditions.

The pressure COVID-19 has levied on the medical system to care for chronically ill patients has spawned an increasing number of remote patient monitoring (RPM) technology solutions. But with new technology solutions that involve managing personally identifiable information (PII), HIPPA-protected, and other sensitive information comes an increased risk of that data being compromised. That’s where DrKumo Inc. is in a league of its own when it comes to providing secure RPM solutions because they build in data privacy protection from the foundation of developing its technology, making security literally its number one priority. As DrKumo co-founder Dr. Kelly Nguyen says, the result is that “healthcare is available to anyone, anytime, anywhere” with the comfort of knowing that patient data will remain private and secure.

Coupled with the best practices in cybersecurity framework recommended by NIST and NCCoE, DrKumo Remote Patient Monitoring Home-Telehealth (RPM-HT) solutions provide unprecedented capability, useability, and flexibility, as Dr. Nguyen puts it, “by combining high-performance computing with data science, artificial intelligence, machine learning architecture, we deliver world-class live-streaming of patients’ physiologic data, that allows remote patient monitoring to be used for not only chronic disease management, but also for acute, post op, and hospital care at home program.” The result is comprehensive healthcare that is cost-effective and accessible, increasing the consistency of monitoring and analyzing patient health data while simultaneously easing the burden on both the patient and the provider. Dr. Nguyen puts it simply, “DrKumo creates a healthcare ecosystem where everyone wins.”

DrKumo Cybersecurity Framework Applies Best Practices Recommended by NIST and NCCoE

What is National Institute of Standards and Technology (NIST) Cybersecurity Framework?

As one of the several US Federal bodies, NIST, at its core mission, helps support innovation and promote industry-wide standards by implementing practical cybersecurity and privacy through the application of effective standards and best practices. This mission created the NIST Framework for Cybersecurity Infrastructure, having its first version published in 2014. This provided public and private organizations guidance and standards to secure their critical data and is reported to have been adopted by 70% of surveyed organizations as a popular best practice for computer security. In a nutshell, the NIST cybersecurity framework is organized into five functions, namely:

• Identify. The Identify function defines the foundational policies necessary to apply the Cybersecurity Framework to organizations and institutionalizes their understanding and the processes necessary to manage cybersecurity risk to systems, assets, data, and capabilities, and identify any gaps in their cybersecurity practices.
• Protect. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event by developing and implementing appropriate safeguards to ensure delivery of critical Information Technology services.
• Detect. This function enables timely discovery of cybersecurity and privacy events by implementing the appropriate activities to identify the occurrence of a cybersecurity and privacy event.
• Respond. This function supports the ability to contain the impact of a potential cybersecurity and privacy event and identifies actions to take when these events are detected.
• Recover. This function supports timely recover to normal operations to reduce the impact from a cybersecurity and privacy event.

What is the National Cybersecurity Center of Excellence (NCCoE) Cybersecurity Framework?

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. The NCCoE produces modular, easily adaptable example cybersecurity solutions employing standards, best practices, and commercially accessible technology as part of this collaboration. The goals of the NCCoE include the following:

• To provide practical cybersecurity: NCCoE provides realistic means for organizations to adopt standards-based, cost-effective, repeatable, and scalable cybersecurity solutions to secure their data and digital infrastructure.
• To increase rate of adaptation: NCCoE allows businesses to quickly implement commercially available cybersecurity technologies by lowering their total cost of ownership.
• To accelerate effective innovation: NCCoE empowers innovators to creatively address businesses’ most pressing cybersecurity challenges in a state-of-the-art, collaborative environment.

DrKumo Remote Patient Monitoring Cybersecurity Framework

• Establishes a corporate culture developed through an overall prioritized approach, which it applies to developing solutions, summarized simply as “people, process, technology (PPT).” Through this, DrKumo achieves its balance of security and performance with its RPM-HT solutions.
• Uses the PPT Framework as a methodology in which the balance among the three drives action, i.e., the people performing a specific type of work for DrKumo using processes and often, technology to streamline and improve these processes.
• Implements the PPT Framework to achieve harmony within its organization and is most often used when deciding whether to develop or implement new technologies.
• By prioritizing the PPT framework, DrKumo creates a culture of “people first, security always.”
• DrKumo’s RPM-HT solutions adopt the Veterans Affairs (VA) Enterprise Architecture (EA) that likewise prioritizes “people, process, technology.” Through this, The VA’s EA supports operations, execution, and management accountability, and equips its leadership to execute change across the enterprise to offer an in-depth, complete, and effective approach to outlining our Information Technology (IT) Infrastructure of the RPM-HT System, Care Coordinator Web Viewer (CCWV) and Medical Device Data System (MDDS) platforms and peripherals.

How DrKumo Prevents Cyber Risks and Remains Proactive to Data Security and Privacy?

Security and Privacy are not static and require constant evaluation against the latest threats and regulatory requirements. To stay ahead of the latest cyber risk and maintain proactive to data security and Privacy, DrKumo Security and Privacy framework leverage the Health Insurance Portability and Accountability Act (HIPAA), ISO 27001, National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS), Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB), and security safeguard from best practice leaders, including awareness of the privacy landscape shifts from new laws or regulations.

DrKumo develops quality systems, applications, and processes. We are entrusted with the security and privacy of the information on behalf of employees and clients. Additionally, the constantly evolving statutory and regulatory landscapes requires DrKumo to implement security and privacy by design.

How DrKumo Meets or Exceeds Quality Standards of NIST and NCCoE Cybersecurity Framework?

DrKumo’s processes and policies meet or exceed the performance standards as outlined by requirements specified in Department of Commerce’s National Institute of Standards and Technology (NIST) Special Publication 1800-30: Securing Telehealth Remote Patient Monitoring Ecosystem. By meeting or exceeding the standards within, DrKumo ensures the safeguarding of the confidentiality, integrity, and availability of DrKumo systems and information, including customer, employee, client, corporate, personal, and third-party relationship information.

Furthermore, within DrKumo’s agile approach to product development, today’s iteration of the RPM-HT Solutions was developed to be entirely consistent with guidance provided by the National Cybersecurity Center of Excellence (NCCoE) – a subset of NIST – which exists as a collaborative hub where businesses like DrKumo, government agencies, and academic institutions work together to thoroughly address cybersecurity issues. Leveraging this public-private partnership, DrKumo applies NCCoE standards and best practices that have resulted in its modular, adaptable cybersecurity solutions using commercially available technology, and which maps capabilities to the NIST Cybersecurity Framework.

Rapid changes in the technology environment create substantial new risks that must be constantly assessed and mitigated. New risks result from the widespread and rapid adoption of machine learning, technology virtualization, mobile technologies, social media, personal devices, third-party hosting, cloud computing and multi-tenant environments, as well as the increasingly interconnected relationships within the global community.

DrKumo ensures the development and maintenance of information protection capabilities to safeguard data from unauthorized activity or compromise while enabling its use for legitimate business purposes throughout its lifecycle of creation, at rest, in transit, in process, archival and destruction. All data on DrKumo’s RPM solutions can be transmitted securely via Data Movement Service utilizing NIST approved cipher algorithms that ensure data confidentiality and has achieved several certifications including Federal Information Processing Standards (FIPS) 140-2, which is a mandatory standard for the protection of sensitive or valuable data within Federal systems…one of the few RPM solutions in existence with this capability.

DrKumo Remote Patient Monitoring Implements the Best Practices from NIST and NCCoE Cybersecurity Framework

There are many reasons why DrKumo is the technology leader in highly scalable, continuous, real-time RPM solutions for Chronic Disease Management, Acute Care, Post-Operation, and Hospital Care at home.

• Its bedrock focuses on “people first, and security always” as the principle. It solves the most painful problems in healthcare with user-friendly solutions powered by its state-of-the-art, HIPAA-compliant, mobile-enabled, continuous real-time monitoring, and artificial intelligence / machine learning engine.
• DrKumo Remote Patient Monitoring (RPM) technology enables patients to manage their health conditions in the comfort of their homes and supports healthcare providers with real-time intelligence for timely intervention.
• DrKumo revolutionizes the way people access quality health care across the world. With a culture that is innovative; collaborative; and “people, process, technology-driven,” DrKumo provides the safest, most secure, and most effective solutions to both patients and healthcare providers.