Feds Release Final Guidance on Telehealth, RPM Security

The NIST guide is intended to help identify risks associated with remote patient monitoring architecture and ensure healthcare organizations are partnering with appropriate telehealth platform providers. The National Institute of Standards and Technology's National Cybersecurity Center of Excellence published its final guidance this week on securing telehealth and remote patient monitoring ecosystems. The guide is intended, according to NCCoE, to help identify risks associated with RPM architecture and ensure healthcare organizations are partnering with appropriate telehealth platform providers. 

"While [healthcare delivery organizations] do not have the ability to manage and deploy privacy and cybersecurity controls unilaterally, they retain the responsibility to ensure that appropriate controls and risk mitigation are applied," wrote researchers. In order to develop the guidance and demonstrate how organizations can enhance resiliency, NCCoE collaborated with industry partners to build a laboratory environment – specifically, one where a patient is being monitored by an in-home device capturing biometric data. Those partners included Accuhealth, Cisco, Inova, LogRhythm, MedCrypt, MedSec, Onclave Networks, Tenable. University of Mississippi Medical Center and Vivify Health. 

"While the NCCoE used a suite of commercial products to address this challenge, this guide does not endorse these particular products, nor does it guarantee compliance with any regulatory initiatives," noted the experts.