Traditionally, patient monitoring systems have been deployed in healthcare facilities which are controlled environments. However, Remote Patient Monitoring (RPM) is different since monitoring equipment is deployed in the patient’s home.
RPM can involve third party platform providers using videoconferencing capabilities and leveraging cloud and internet technologies coupled with RPM devices to treat numerous medical conditions requiring post-operative monitoring.
The use and adoption of RPM has increased since the onset of COVID-19, but without adequate privacy and cybersecurity measures, unauthorized individuals may expose sensitive data or disrupt patient monitoring services. The challenge is that RPM solutions engage multiple participants to take care of patients such as healthcare delivery organizations, telehealth platform providers, and patients.
This means that each participant uses, manages, and maintains different technology components within an interconnected ecosystem. The result is that each participant must be responsible for safeguarding against unique threats and the risk associated with RPM technologies.
In addition, the telehealth platform provider has to coordinate with others to provide, configure, and deploy RPM components to the patient’s home to assure secure communication between the patient and clinician.
Patients and families also play a part in safeguarding and protecting the system. For instance, the patient will receive equipment that may include biometric devices, a communications device, or workstations from the telehealth platform provider. While the telehealth platform provider manages the equipment, the patient may need to provide internet connectivity and be responsible for physically managing the equipment.
To meet the challenge for providing cybersecurity, industry partners and NIST’s National Cybersecurity Center of Excellence (NCCoE) https://hit_nccoe@nist.gov, have drafted a guide explaining how healthcare delivery organizations need to use standards-based approaches and commercially available cybersecurity technologies to enhance the resiliency of telehealth use.
After the first draft of the publication titled Securing Telehealth Remote Patient Monitoring Ecosystem received comments, the second draft (NIST Special Publication 1800-30A) was released May 2021.
NCCoE will use the comments received after the release of the second draft of the guide to improve the guide. Go to https://www.nccoe.nist.go/projects/use-cases/health-it/telehealth for the 2nd draft of the guide.