NIST to Launch New Guidance on Security Risks of Telehealth and Smart Home Integration

Tetra Images/Getty Images

The agency notes that “user experience” improvements may come with less control over privacy and security.

The National Institute of Standards and Technology completed the final product description earlier this week to guide the intersection of telehealth offerings and smart home devices. 

Dubbed the “Mitigating Cybersecurity Risk in Telehealth Smart Home Integration,” NIST’s National Cybersecurity Center of Excellence will outline the safest ways for consumers to use new technologies that provide access to their health care information in a secure digital environment. 

The project specifically targets devices used within the Internet of Things, and that are potentially vulnerable to hacks as they share data within a household network. 

“This project will analyze how consumers use smart home devices as an interface into

the telehealth ecosystem,” the current abstract reads. “While the user experience may be improved, practitioners may find challenges associated with deploying mitigating controls that limit cybersecurity and privacy risks.”

NIST’s existing Cybersecurity Framework, Privacy Framework and Risk Management Framework will be incorporated to help identify threats in smart home telehealth devices. 

The NCCoE Healthcare team will publish a formal notice in the Federal Register based on this description. 

NIST’s interest in securing digital healthcare data comes as federal regulatory agencies work to implement stronger national data privacy protocol and laws. Concern over health care data has mounted with the recent overturning of Roe v Wade and the implicit potential for law enforcement to seize and use individual reproductive and geographic data in prosecutions.