U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

SP 1800-30 (Draft)

Securing Telehealth Remote Patient Monitoring Ecosystem

Date Published: November 2020
Comments Due: December 18, 2020 (public comment period is CLOSED)
Email Questions to: hit_nccoe@nist.gov


Jennifer Cawthra (NIST), Nakia Grayson (NIST), Bronwyn Hodges (MITRE), Jason Kuruvilla (MITRE), Kevin Littlefield (MITRE), Julie Snyder (MITRE), Sue Wang (MITRE), Ryan Williams (MITRE), Kangmin Zheng (MITRE)


Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. RPM is convenient, cost effective, and its adoption rate has increased. Without adequate privacy and cybersecurity measures, unauthorized individuals may expose sensitive data or disrupt patient monitoring services.

The NCCoE at NIST analyzed risk factors surrounding the RPM ecosystem and leveraged the NIST Cybersecurity Framework and other relevant guidance to develop an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to implement cybersecurity and privacy controls to enhance telehealth RPM resiliency.

The comment period is open through December 18, 2020. Comments will be made public.



access control; authentication; authorization; behavioral analytics; cloud storage; data privacy; data security; encryption; HDO; healthcare; healthcare delivery organization; remote patient monitoring; RPM; telehealth
Control Families

Access Control; Configuration Management; Identification and Authentication; Physical and Environmental Protection; Program Management; Risk Assessment; System and Communications Protection


Draft SP 1800-30 files

Supplemental Material:
None available

Document History:
11/16/20: SP 1800-30 (Draft)
05/06/21: SP 1800-30 (Draft)