Securing the Remote Patient Monitoring Ecosystem
By George W. Jackson, Jr.
Senior Principal Consultant at Clearwater Compliance
Every CISO knows that April, 2019 was a grim milestone: the worst month for healthcare data breaches
since 2010, when the Office for Civil Rights began reporting healthcare data breaches of 500 individuals
or more publicly. In April, 44 breaches were reported and the medical records of nearly 700,000 people
were compromised.
Unfortunately, those numbers may soon shoot higher as remote patient monitoring (RPM) becomes more
commonplace. To date, the cybersecurity performance of telehealth platforms has been good – mainly
because the platforms connect covered entities that have well-established cybersecurity procedures and
protocols. But the new frontier in telehealth is RPM, where data is collected and transmitted from the
patient’s home – a far less secure environment.
Why RPM Is Increasing Rapidly
Last year, the Centers for Medicare and Medicaid Services (CMS) finalized its plans for reimbursing
healthcare providers for certain remote patient monitoring services. CMS created three new billing codes
for Chronic Care Remote Physiologic Monitoring. One of the new codes allows RPM services to be