Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Comment Today: Mitigating Cybersecurity & Privacy Risks in Telehealth Smart Home Integration White Paper
Comment Now! NIST Cybersecurity White Paper: Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration
The National Cybersecurity Center of Excellence (NCCoE) has released for public comment the draft of NIST Cybersecurity White Paper (CSWP) 34, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration. The comment period for the draft is now open through January 6, 2025.
About the White Paper
Hospital-at-Home (HaH) is a form of telehealth wherein patients receive in-patient care, including clinical care and monitoring, at their place of residence. Healthcare systems have begun incorporating communications interfaces, patient monitors, and other medical devices into the patient’s residence to provide advice and perform clinical care while leveraging the advantages associated with patients receiving treatment in an amenable location. HaH offers several benefits to healthcare delivery organizations (HDOs), including improving patient outcomes, alleviating in-patient bed capacity limits, and providing safety for patients and care team members in infectious scenarios.
While these are desirable benefits, HaH introduces privacy and cybersecurity risks by introducing medical-grade equipment and information systems into environments the hospital does not control. This paper examines risks found in HaH deployments when using smart speakers as a representative IoT device and provides recommended steps to address these risks. This paper also describes applying controls that include access control, authentication, continuous monitoring, data security, governance, and network segmentation.
We Want to Hear from You!
The public comment period for this draft is open until January 6, 2025 at 11:59 P.M. EST. You can view the publication and submit comments by visiting the NCCoE project page. If you have any questions, please email our team at hit_nccoe [at] nist.gov (hit_nccoe[at]nist[dot]gov).