As cases of COVID-19 increased around the world in 2020, the need for telehealth rose dramatically as well. Overwhelming demand resulted in many hastily implemented platforms, leaving areas ripe for exploitation by cybercriminals. Top-down guidance on RPMs (remote patient monitoring systems) was wanted and needed.
Enter NIST. . .
What is NIST + What Are The Guidelines?
The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) published its final guidance to organizations for the purpose of securing telehealth and RPMs. From your EHR telehealth system to HIPAA compliant online intake forms, we are beginning to realize uniformity after a lot of confusion.
Significant work went into developing the nearly 400-page guide, including testing in a variety of industry environments. Partners like Accuhealth, Cisco, Inova, Tenable, University of MS Medical Center, and others were engaged to serve as laboratory environments. A suite of products was used to monitor the risk and address cybersecurity challenges. NIST does not endorse any specific product, but it does provide advice on selecting the best product that will integrate with existing tools and IT infrastructure.
The NIST guide seeks to help organizations reach the following objectives:
- Identify risks associated with the telehealth/RPM architecture.
- Apply the NIST Privacy Framework to broaden the understanding of this risk.
- Assure that Healthcare organizations partner with appropriate telehealth platform providers to extend privacy and cybersecurity control deployment, management, and efficacy.
- Consider future technologies that augment data-communications safeguards.
Read the full guide here “Securing Telehealth Remote Patient Monitoring Ecosystem“.