Marti Arvin

Marti Arvin, ExecutiveAdvisor for CynergisTek brings more than three decades of operational and executive leadership experience in the fields of compliance, research and regulatory oversight in academic medical and traditional hospital care settings to her position in CynergisTek. Arvin leads strategic business development around compliance services and utilizes her industry recognized expertise in health research to inform the development of privacy and security services to meet that communities underserved needs. She is a nationally recognized speaker and contributor to the thought leadership around healthcare compliance and research, and contributes to CynergisTek’s industry outreach and educational programs. Arvin has extensive experience in building and managing compliance and research programs. Arvin previously served as the Chief Compliance Officer for Regional Care Hospital Partners and the UCLA Health System and David Geffen School of Medicine. She has a legal background from obtaining her J.D. and holds CHC-F, CCEP-F, CHRC and the CHPC certifications. She is recognized as an expert on compliance and privacy issues from her published articles, lectures and presentations at national conferences. She was a board member to the Health Care Compliance Association between 2008 and 2011 and was on the Compliance Certification Advisory Board for over eight years. She also served on the certification committee for the CHC, CHC-F, CCEP, CCEP-F, CHRC and CHPC.

  • CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 4

    CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 4

    In part 4 of this blog series, Marti Arvin discusses compliance considerations around the waivers that the (CMS) has issued for the healthcare industry.

    Read More
  • CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 3

    CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 3

    In part 3 of this blog series, Marti Arvin discusses compliance considerations around the waivers that the (CMS) has issued for the healthcare industry.

    Read More
  • CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 2

    CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 2

    In part 2 of this blog series, Marti Arvin discusses compliance considerations around the waivers that the (CMS) has issued for the healthcare industry.

    Read More
  • CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 1

    CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 1

    Marti Arvin discusses compliance considerations around the waivers that the (CMS) Center for Medicare and Medicaid Services has issued for the healthcare industry.

    Read More
  • Telehealth and Coronavirus: Compliance Considerations to Think About

    Telehealth and Coronavirus: Compliance Considerations to Think About

    Things are changing rapidly in the current regulatory environment and that is true for telehealth as well. On March 13, 2020 the President declared the coronavirus pandemic a national emergency....

    Read More
  • User Access Monitoring in the Current COVID-19 Crisis

    User Access Monitoring in the Current COVID-19 Crisis

    It might be tempting for covered entities and business associates to put-off some of their regulatory or compliance obligations as other priorities evolve in the current crisis. Whether to do that...

    Read More
  • Mobile Devices in the Healthcare Academic Medical Center: Why Are They So Difficult to Control?

    Mobile Devices in the Healthcare Academic Medical Center: Why Are They So Difficult to Control?

    In today’s healthcare environment, controlling the nature & method of data stored on these devices is not easy in most industries – & mobile devices in the healthcare environment present a challenge.

    Read More
  • User Access Monitoring: Convincing Your Governing Body that You Need to do This

    User Access Monitoring: Convincing Your Governing Body that You Need to do This

    User access monitoring is a requirement under the HIPAA Security Rule. However, the specifics of what must be done remain a little cloudy. The regulations state, “implement hardware, software,...

    Read More
  • When is data collected for research PHI covered by HIPAA and when is it not?

    When is data collected for research PHI covered by HIPAA and when is it not?

    On June 1, 2018, an OCR ALJ decision imposed civil monetary penalties against the University of Texas MD Anderson Cancer Center for data that was on two lost thumb drives and a stolen laptop. MD...

    Read More
  • Building and Maintaining an Effective Compliance Program with Limited Resources

    Building and Maintaining an Effective Compliance Program with Limited Resources

    It is often said an effective compliance program is difficult to measure, but experienced compliance professionals “know it when they see it”. This is not much comfort to many compliance...

    Read More
  • What Can Be Done About Drug Diversion?

    What Can Be Done About Drug Diversion?

    A Growing Problem for Healthcare Organizations The opioid crisis and drug addiction are not just among criminals. The issue is growing among all segments of the population including healthcare...

    Read More
  • Guide to Proactive Access Monitoring and Auditing Under the HIPAA Security Rule

    Guide to Proactive Access Monitoring and Auditing Under the HIPAA Security Rule

    A guide to proactive access monitoring and auditing under the HIPAA security rule to help prevent patient complaints triggering the need to conduct an investigation.

    Read More
  • Printer and Multi-Function Device Security: Why Compliance and Privacy Officers Should Care

    Printer and Multi-Function Device Security: Why Compliance and Privacy Officers Should Care

    Security of an organization’s printers and multi-function devices, as well as the data on those devices, is handled by the IT department, right? While this might be true, compliance and privacy...

    Read More
  • Business Associates, Ransomware and Breach Notifications: Why Covered Entities Must be Diligent

    Business Associates, Ransomware and Breach Notifications: Why Covered Entities Must be Diligent

    The increase of ransomware attacks on healthcare entities and their business associates continues to be a significant concern. While covered entities (CE) have their own issues to deal with when...

    Read More
  • What would a Petya attack on your organization or your BA mean?

    What would a Petya attack on your organization or your BA mean?

    Petya, or NotPetya as some call it, has shown itself to either be very poorly thought out ransomware, or more likely a full on destructive malware attack thinly veiled as ransomware. In essence, a...

    Read More
  • Using the OIG/HCCA Compliance Effectiveness Resource Guide

    Using the OIG/HCCA Compliance Effectiveness Resource Guide

    Compliance officers everywhere want to believe the compliance program they oversee is effective. Some believe it is effective, some hope it will be found effective and some know the program is not...

    Read More
  • Demonstrating an Effective Compliance Program

    Demonstrating an Effective Compliance Program

    Most healthcare organizations today have a compliance program, but how many can say the program is effective and more importantly feel confident they could demonstrate effectiveness? It is not...

    Read More
  • Privacy Issues Unique to Research and Research Institutions

    Privacy Issues Unique to Research and Research Institutions

    Covered entities deal with many complex privacy and information security issues, but institutions that conduct research have an additional level of complexity. Key to understanding the...

    Read More
  • Designating Hybrid Entity Status Under HIPAA in a University Setting

    Designating Hybrid Entity Status Under HIPAA in a University Setting

    My colleague David Holtzman recently wrote a blog post on the OCR resolution agreement with the University of Massachusetts at Amherst (UMass). UMass designated itself as a hybrid entity but did...

    Read More
  • Pay Now or Pay Later: The Cost of Privacy and Security

    Pay Now or Pay Later: The Cost of Privacy and Security

    For many things in health care, if you don’t spend the energy and resources to reduce risks now you will likely pay for it later. However, if you wait until later it will cost more to take care of...

    Read More
  • loading
    Loading More...