Latest NIST project aims to secure ‘telehealth’ ecosystem

Agency to create practical guidance for high-growth remote patient monitoring sector

Telehealth is a rapidly growing sector within healthcare, as practitioners adopt new technologies such as remote patient monitoring (RPM) and video conferencing to treat patients from the comfort of their homes.

While the use of RPM for things like blood pressure and glucose monitoring can help reduce the strain on healthcare facilities, telehealth apps and hardware devices also open up a fresh wave of concerns surrounding the security of patients’ data.

In an effort to address these concerns, the National Institute of Standards and Technology (NIST) is in the process of creating practical guidelines for telehealth vendors and healthcare delivery organizations that are exploring these new technologies.

Securing Telehealth Remote Patient Monitoring Ecosystem (PDF) is the fourth healthcare project from NIST’s National Cybersecurity Center of Excellence (NCCoE).

And for project lead Andrea Arbelaez, it is time for the industry to come together and help secure the telehealth market, which is projected to be worth more than $50 billion by 2025.

“Telehealth is growing very rapidly,” Arbelaez told The Daily Swig. “This includes anything from applications on patients’ phones to smart stethoscopes and blood pressure cuffs that are connected to the internet.

“These tools are being used to treat numerous conditions, such as patients battling chronic illnesses or requiring post-operative monitoring.

“As the use of these capabilities continues to grow, we need to be sure the infrastructure supporting it can maintain the confidentiality, the integrity, and the availability of the patients’ data.”

The public comment period for the NIST telehealth project ends this Friday, after which time a final project description will be published.

The NCCoE will then work with selected technology collaborators to develop an example best practice solution for telehealth and remote patient monitoring security.

“We are still in the very early stages of the project,” Arbelaez said. “The general goal is to provide a practical solution for addressing the cybersecurity challenges of telehealth.

“It may not solve every problem, but it will provide a foundation of cybersecurity and [guidance on] how to protect patients’ safety, which is number one.”