Date Published: May 2021
Comments Due: June 7, 2021 (public comment period is CLOSED)
Email Questions to: hit_nccoe@nist.gov
, , , , , , , ,
Increasingly, healthcare delivery organizations (HDOs) incorporate telehealth and remote patient monitoring (RPM) as part of a patient’s care regimen. RPM systems may offer convenience and may be cost effective for patients and HDOs, which promotes increased adoption rates. Without adequate privacy and cybersecurity measures, however, unauthorized individuals may expose sensitive data or disrupt patient monitoring services.
The NCCoE developed a reference architecture that demonstrates how HDOs may use standards-based approaches and commercially available cybersecurity technologies to implement privacy and cybersecurity controls, thereby enhancing the resiliency of the telehealth RPM ecosystem.
After adjudicating all the comments from the first draft, notable adjustments were made to the RPM Practice Guide, including:
Access Control; Configuration Management; Identification and Authentication; Physical and Environmental Protection; Program Management; Risk Assessment; System and Communications Protection
Publication:
Second Draft SP 1800-30
Supplemental Material:
Project homepage (web)
Document History:
11/16/20: SP 1800-30 (Draft)
05/06/21: SP 1800-30 (Draft)
02/22/22: SP 1800-30 (Final)
Security and Privacy
asset management; identity & access management; privacy; risk assessment
Sectors
healthcare