Welcome to HIMSS

This site uses technologies such as cookies to provide a better user experience by personalising content and ads, analysing web traffic and trends, and improving site operations. We may share information about your use of the site with third parties in accordance with our Privacy Policy. By continuing to use this site you agree that we can save cookies on your device, unless you have disabled them. You can change your cookie settings at any time by visiting our Cookie Policy, but parts of our site may not function correctly without them.

Skip to main content
Email

The latest news in Healthcare IT – straight to your inbox.

Home
  • Main Menu
  • Subscribe
  • Topics
    • Video
    • Analytics
    • Artificial Intelligence
    • Cloud Computing
    • EHR
    • Government & Policy
    • Interoperability
    • Patient Engagement
    • Population Health
    • Precision Medicine
    • Privacy & Security
    • Telehealth
    • Women In Health IT

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition
Global Edition
Privacy & Security

Feds release final guidance on telehealth, RPM security

The NIST guide is intended to help identify risks associated with remote patient monitoring architecture and ensure healthcare organizations are partnering with appropriate telehealth platform providers.
By Kat Jercich
February 24, 2022
01:37 PM

Photo: The Good Brigade/Getty Images

The National Institute of Standards and Technology's National Cybersecurity Center of Excellence published its final guidance this week on securing telehealth and remote patient monitoring ecosystems.  

The guide is intended, according to NCCoE, to help identify risks associated with RPM architecture and ensure healthcare organizations are partnering with appropriate telehealth platform providers.  

"While [healthcare delivery organizations] do not have the ability to manage and deploy privacy and cybersecurity controls unilaterally, they retain the responsibility to ensure that appropriate controls and risk mitigation are applied," wrote researchers.  

WHY IT MATTERS  

In order to develop the guidance and demonstrate how organizations can enhance resiliency, NCCoE collaborated with industry partners to build a laboratory environment – specifically, one where a patient is being monitored by an in-home device capturing biometric data.

Those partners included Accuhealth, Cisco, Inova, LogRhythm, MedCrypt, MedSec, Onclave Networks, Tenable. University of Mississippi Medical Center and Vivify Health.  

"While the NCCoE used a suite of commercial products to address this challenge, this guide does not endorse these particular products, nor does it guarantee compliance with any regulatory initiatives," noted the experts.  

"Your organization’s information security experts should identify the products that will best integrate with your existing tools and Information Technology system infrastructure," they continued.

The practice guide operated under the assumption that the delivery organization is using a separate telehealth platform provider that manages a distinct infrastructure, applications and a set of services.   

Using the NIST Risk Management Framework, the NIST Cybersecurity Framework, the NIST Privacy Framework and other relevant standards, the NCCoE analyzed risk factors in an RPM ecosystem and identified measures to safeguard it.  

It outlined several potential vulnerabilities, including fraudulent uses of health-related information, interruption or inaccuracy of patient diagnoses, disrupted processes and system disruption.  

"As organizations consider measures to disrupt threats and adverse actions made against the ecosystem, an opportunity exists where organizations examine threats to identify controls that mitigate adverse actions identified by threat modeling," read the report.  

The guidance authors noted that, although they used cellular data-based biometric devices and addressed those using broadband communications, a future build may also implement an electronic health record system that would receive automated data from the telehealth platform provider.    

"The future build may include direct messaging from the RPM systems to the EHR," they wrote.  

THE LARGER TREND  

NIST has been offering tips around cybersecurity and telehealth deployments for years.

NIST IT Security Specialist Nakia Grayson, who co-authored the guidance, told Healthcare IT News Executive Editor Mike Miliard in April 2021 that the agency began the work in response to  an uptick in patient and provider interest in virtual care, particularly amidst the COVID-19 pandemic.  

"Without adequate privacy and cybersecurity measures, unauthorized users may expose a patient's sensitive data or disrupt the patient monitoring system," Grayson said in a HIMSSTV interview.    

ON THE RECORD  

"Technology solutions alone may not be sufficient to maintain privacy and security controls on external environments," wrote NCCoE experts.  

"This practice guide notes the application of people, process and technology as necessary to implement a holistic risk mitigation strategy," they continued.  

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Topics: 
Government & Policy, Privacy & Security, Quality and Safety, Telehealth

More regional news

Patient does a virtual care consult

Castlight Health intros virtual urgent care for members

By
Mike Miliard
April 18, 2025
HIMSSCast logo

HIMSSCast: Should every healthcare organization have an AI strategy?

By
Mike Miliard
April 18, 2025
Nurse checks tablet to communicate on shift

Zoom launches agentic AI-powered mobile comms for frontline staff

By
Andrea Fox
April 18, 2025
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff

Most Read

How UCHealth is reducing fall injuries with AI-enhanced risk modeling
Australia infuses $85M in digital mental health and more briefs
Roundup: AI and cloud tackle cyber risk and improve workflows
Texting the CEO proves wildly popular at Banner Health
Chinese health players begin integrating DeepSeek
DEA's draft special telehealth reg rule should be tossed, healthcare orgs say

Research

White Papers

More Whitepapers

Telehealth
Create secure, connected omnichannel communications
Telehealth
Let us guide you to HIPAA compliance
Cloud Computing
How a cloud communications platform puts connection at the center of care

Webinars

More Webinars

Analytics
Standby Eligibility and Claims Solutions: Diversify Your Risk & Ensure Business Continuity
Interoperability
Nursing Leadership, Operational Innovation, and Emerging Technologies with AONL
Artificial Intelligence
Loving the AI Revolution: How Automation is Humanizing Healthcare and Improving Provider Well-Being

Video

Ilir Kullolli, Stanford Medicine Children's Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
HIMSS-ACCE working together to advance digital health
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts
Priyanka Jain, Evvy_Hand holding sample vial Photo courtesy of Evvy
How one women's health startup tests fertility outcomes
Keisuke Nakagawa, UC San Diego Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
Can technology help bring the human touch back to medicine?

More Stories

Lee Kim, HIMSS_Las Vegas skyline Photo by halbergman/E+/Getty Images
Past year's data breaches often stemmed from remediable cybersecurity gaps
Cathy Menkiena, Health Catalyst_Las Vegas skyline Photo by halbergman/E+/Getty Images
Innovative – and useful – tech is key to empowering care teams
Sameer Sethi of Hackensack Meridian Health on AI
Hackensack Meridian Chief AI Officer on the intersection of business and technology
Doctor checking and tracking information on a computer
HHS updates regulatory guides for the safe use of EHRs
Sameer Sethi, Hackensack Meridian Health_Computer neural network concept Photo by dan/Moment/Getty Images
Chief AI Officer on becoming one and working with the C-suite
Businessperson signing piece of paper
White House releases guidance on federal AI use and procurement
Dr. Ateev Mehrotra of Brown University School of Public Health on telehealth policy
Brown University policy expert talks about the future of telehealth flexibilities
Micky Tripathi, former HHS acting chief AI officer
Former National Coordinator headed to Mayo Clinic, reports say
Home

More News

  • MobiHealthNews
  • Healthcare Finance News
  • Healthcare Payers News

Newsletter Signup

HIMSS25 European Health Conference & Exhibition
HIMSS25 European Health Conference & Exhibition
Get ready for knowledge-sharing, all the latest innovations, and in-depth demos with Europe's most influential healthcare community.
10 - 12 June, 2025 | Paris
Learn More
AI in Healthcare Forum
AI in Healthcare Forum
The HIMSS AI in Healthcare Forum cuts through the hype to showcase real-world examples illustrating the transformative potential, and realistic challenges of AI application across the care continuum.
10 - 11 July 2025 | New York
Learn More

Footer Menu

  • About
  • Advertise
  • Reprints
  • Contact
  • Privacy Policy

© 2025 Healthcare IT News is a publication of HIMSS Media

X

Topics

  • Video
  • Analytics
  • Artificial Intelligence
  • Cloud Computing
  • EHR
  • Government & Policy
  • Interoperability
  • Patient Engagement
  • Population Health
  • Precision Medicine
  • Privacy & Security
  • Telehealth
  • Women In Health IT

Career

  • Events
  • Jobs
  • Research Papers
  • Webinars

More

  • About
  • Advertise
  • Contact
  • Special Projects
  • Video

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition

The Daily Brief Newsletter

Get daily news updates from Healthcare IT News.

Search form

Top Stories

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff
HIMSSCast logo
HIMSSCast: Should every healthcare organization have an AI strategy?
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts