The National Cybersecurity Center of Excellence at the U.S. Department of Commerce's National Institute of Standards and Technology proposed a project to address security and privacy risks that healthcare delivery organizations face when offering remote patient monitoring services.
Remote patient monitoring services pose a challenge for healthcare providers, since equipment is deployed in a patient's home, rather than in controlled environments such as the hospital setting. These services also tend to rely on third-party video conferencing, cloud computing and internet technologies — the security of which may not be regulated outside of the hospital.
To address the risks inherent in these services, the NCCOE outlined a reference architecture to help healthcare organizations secure their remote patient monitoring ecosystem and proposed a project to assess its feasibility.
Under the proposal, a project team will perform a risk assessment on a remote patient monitoring ecosystem within a laboratory environment, including applying NIST's cybersecurity framework for medical device standards.
Armed with its findings, NIST will develop a cybersecurity practice guide for healthcare organizations, outlining the steps needed to implement a secure remote patient monitoring solution.
"As the use of these [remote monitoring] capabilities continues to grow, it is important to ensure that the infrastructure supporting them can maintain the confidentiality, integrity and availability of patient data, and to ensure the safety of patient," the proposal reads.
NCCOE is accepting public comment on its draft project description through Dec. 21.
To download the NCCOE's draft project description, click here. To submit feedback on the draft, click here.