In a Public Service Announcement issued May 13, 2020, the U.S. Federal Bureau of Investigation (“FBI”) and Cybersecurity and Infrastructure and Security Agency (“CISA”) warned of the targeting and compromise of U.S. organizations conducting COVID-19 research. More specifically, the announcement warns that “actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.” The FBI and CISA provide the following recommendations:
- Assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity.
- Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
- Actively scan web applications for unauthorized access, modification, or anomalous activities.
- Improve credential requirements and require multi-factor authentication.
- Identify and suspend access of users exhibiting unusual activity.
The U.S. Centers for Disease Control (“CDC”) has issued Considerations for Public Pools, Hot Tubs, and Water Playgrounds During COVID-19. The CDC provides that all decisions should be made locally and with local health officials. The CDC guidance offers considerations for officials to consider, such as: promoting behaviors that prevent the spread of COVID-19; maintaining healthy environments; maintaining healthy operations; and preparing for when someone gets sick. The considerations demonstrate the challenges and burdens for opening public aquatic venues. For instance, the CDC provides that shared objects, such as lounge chairs, slides, and surfaces of restrooms should be cleaned and disinfected each time they are used.
The CMS Interim Final Rule published on May 8, 2020 updated 42 CFR 483.80 to explicitly require nursing homes to report data about COVID-19 cases among facility residents and staff to the CDC’s National Healthcare Safety Network (“NHSN”) no less than weekly. In a Memorandum to State Survey Agency Directors, CMS required the first submission of data no later than 11:59 p.m. on May 17, 2020. CMS further stated that it anticipates posting CDC’s NHSN data on a weekly basis by the end of May. The IFR also requires facilities to inform residents and families of residents of confirmed or suspected COVID-19 cases by 5 p.m. the next calendar day following the occurrence of “a single confirmed infection of COVID–19; or three or more residents or staff with new-onset of respiratory symptoms that occur within 72 hours of each other.”
Norton Rose Fulbright attorneys will continue to provide relevant updates for healthcare providers on the Health Law Pulse during the COVID-19 public health crisis.