Comment Now: Second Draft NIST SP 1800-30, Securing Telehealth Remote Patient Monitoring Ecosystem

National Institute of Standards and Technology (NIST) sent this bulletin at 05/06/2021 11:32 AM EDT
NIST

View As Web Page

NCCoE UPDATES

Now Available: Second Draft of NIST SP 1800-30, Securing Telehealth Remote Patient Monitoring Ecosystem

Telehealth ecosystem

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is pleased to announce the publication of the second draft NIST Special Publication 1800-30: Securing Telehealth Remote Patient Monitoring Ecosystem.

The public comment period is open now through June 7th, 2021. We welcome your comments and feedback.

What is this guide about?

Increasingly, healthcare delivery organizations (HDOs) incorporate telehealth and remote patient monitoring (RPM) as part of a patient’s care regimen. RPM systems may offer convenience and may be cost effective for patients and HDOs, which promotes increased adoption rates. Without adequate privacy and cybersecurity measures, however, unauthorized individuals may expose sensitive data or disrupt patient monitoring services.

The NCCoE developed a reference architecture that demonstrates how HDOs may use standards-based approaches and commercially available cybersecurity technologies to implement privacy and cybersecurity controls, thereby enhancing the resiliency of the telehealth RPM ecosystem.

After adjudicating all the comments from the first draft, notable adjustments were made to the RPM Practice Guide, including:

  • Adjusted the security and privacy control mapping in accordance with NIST SP 800-53 Revision 5.
  • Enhanced cybersecurity capabilities in the Identity Management and Data Security sections.
  • Updated the final architecture to include secure broadband communication between the patient's home and the telehealth platform provider.
  • Included guidance from NIST’s Cybersecurity for the Internet of Things program on device cybersecurity capabilities and nontechnical supporting capabilities that telehealth platform providers should be aware of in their biometric device acquisition processes.

Share Your Expertise

Please download the document and share your expertise with us to strengthen the guide. The public comment period for the second draft is open now through June 7th, 2021. Submit comments online or via email to hit_nccoe@nist.gov.
National Cybersecurity Center of Excellence
NIST