The National Cybersecurity Center of Excellence (NCCoE) has released the final version of the NIST guidance on Securing Telehealth Remote Patient Monitoring Ecosystem (SP 1800-30),[1] which is intended to assist provider organizations in maintaining the security of telehealth and RPM.
According to the NCCoE, technology alone might not be enough to maintain privacy and security controls on external settings. People, process, and technology must all be included to develop a holistic risk mitigation plan as noted in the practice guide.
The practice guide can help health providers who are deploying RPM ecosystems in partnership with third-party telehealth platform vendors. The importance of third-party risk assessments and effective security controls was underlined in the guidance as telehealth platform manages devices and collects crucial biometric data. In addition, the NCCoE recommended that these data security controls should comply with the NIST Cybersecurity Framework and the NIST Privacy Framework.
How can this practice guide help your organization?
- It helps your organization identifies risks within the solution architecture.
- It broadens your understanding of risks through the application of the NIST Privacy Framework.
- It helps healthcare delivery organizations (HDOs) find the right telehealth platform partners to extend privacy and cybersecurity control in the implementation, management, and efficacy of their systems.
- It gives your organization a chance to consider new technologies that will help to strengthen data transmission security.
It’s been two years since NCCoE launched a telehealth project to address the risks of telehealth technology. This project included collaboration with healthcare, technology, telehealth organizations, and other relevant stakeholders.
The Final Guidance could be used in different ways depending on your role in your organization since it is intended for business decision makers, technology, security, and privacy managers, as well as IT professionals. “Your organization can adopt this solution or one that adheres to these guidelines in whole, or you can use this guide as a starting point for tailoring and implementing parts of a solution,” the NIST says.
To know more about the NIST Special Publication 1800-30A, Securing Telehealth Remote Patient Monitoring Ecosystem, click here.
DrKumo, the market leader in Next-Generation Real-time Remote Patient Monitoring, adheres to the NIST and NCCoE standards. DrKumo ensures that all data needed for telehealth and RPM services is accessed remotely through safe and secure channels. Interested in partnering with us? Contact info@drkumo.com for more information.
Reference:
- Securing Telehealth Remote Patient Monitoring Ecosystem | NCCoE. (n.d.). Securing Telehealth Remote Patient Monitoring Ecosystem | NCCoE. https://www.nccoe.nist.gov/healthcare/securing-telehealth-remote-patient-monitoring-ecosystem.
