NCCoE Publishes the NIST Guidance Final Version on Securing Telehealth Remote Patient Monitoring Ecosystem

The National Cybersecurity Center of Excellence (NCCoE) has released the NIST guidance final version on Securing Telehealth Remote Patient Monitoring Ecosystem (SP 1800-30).

Healthcare delivery companies have been using more telehealth and remote patient monitoring (RPM) systems to enhance the care they present to patients at the same time lowering expenses. Patient monitoring systems have usually just been employed in healthcare facilities however there are benefits to making use of these solutions in the homes of patients. A lot of patients opt for receiving care in their own homes, the expense for getting that care is lowered, and healthcare delivery providers benefit from having more free bed space and having the ability to care for more patients.

Although there are benefits to be received from the availability of virtual care and the remote supervision of patients in their residences, telehealth and RPM systems could bring in vulnerabilities that can place sensitive patient information in danger and when RPM systems are not sufficiently secured, they may be susceptible to cyberattacks that can interrupt patient monitoring solutions.

NCCoE developed the Special Publication 1800-30 together with healthcare, telehealth, and technology partners to create a reference design that shows how a standard-based strategy could be implemented alongside commercially available cybersecurity resources to enhance privacy and safety for telehealth and RCM ecosystem.

The NCCoE project team conducted a risk assessment according to the NIST Risk Management Framework on a sample RPM ecosystem in a clinical setting. The NIST Cybersecurity Framework was employed together with guidance according to medical device specifications, and the team exhibited how healthcare delivery providers can carry out a solution to improve privacy and better protect their telehealth RPM environment.

SP 1800-30 describes how healthcare delivery providers can determine cybersecurity risks connected with telehealth and RPM solutions, utilize the NIST Privacy Framework to expand their comprehension of privacy threats, and implement cybersecurity and privacy settings. How-To guides are given that consist of specific guidelines for setting up and configuring the products employed to establish NCCoE’s model solution. NCCoE employed solutions from Vivify and AccuHealth, however, the principles could be implemented in other solutions.

The final guidance and How-To guides are available for download at NCCoE .


About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at