U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 1800-30 (Draft)

Securing Telehealth Remote Patient Monitoring Ecosystem

Date Published: November 2020
Comments Due: December 18, 2020 (public comment period is CLOSED)
Email Questions to: hit_nccoe@nist.gov

Author(s)

Jennifer Cawthra (NIST), Nakia Grayson (NIST), Bronwyn Hodges (MITRE), Jason Kuruvilla (MITRE), Kevin Littlefield (MITRE), Julie Snyder (MITRE), Sue Wang (MITRE), Ryan Williams (MITRE), Kangmin Zheng (MITRE)

Announcement

Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. RPM is convenient, cost effective, and its adoption rate has increased. Without adequate privacy and cybersecurity measures, unauthorized individuals may expose sensitive data or disrupt patient monitoring services.

The NCCoE at NIST analyzed risk factors surrounding the RPM ecosystem and leveraged the NIST Cybersecurity Framework and other relevant guidance to develop an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to implement cybersecurity and privacy controls to enhance telehealth RPM resiliency.

The comment period is open through December 18, 2020. Comments will be made public.

Abstract

Keywords

access control; authentication; authorization; behavioral analytics; cloud storage; data privacy; data security; encryption; HDO; healthcare; healthcare delivery organization; remote patient monitoring; RPM; telehealth
Control Families

Access Control; Configuration Management; Identification and Authentication; Physical and Environmental Protection; Program Management; Risk Assessment; System and Communications Protection

Documentation

Publication:
Draft SP 1800-30 files

Supplemental Material:
None available

Document History:
11/16/20: SP 1800-30 (Draft)
05/06/21: SP 1800-30 (Draft)