Marti Arvin

About Marti Arvin

Marti Arvin brings more than three decades of operational and executive leadership experience in the fields of compliance, research and regulatory oversight in academic medical and traditional hospital care settings to her position at CynergisTek. She was most recently the Vice President and Chief Ethics and Compliance Officer for Regional Care Hospital System and before that Vice President and Chief Compliance Officer at UCLA Health System and the David Geffen School of Medicine.

Demonstrating an Effective Compliance Program

Most healthcare organizations today have a compliance program, but how many can say the program is effective and more importantly feel confident they could demonstrate effectiveness? It is not uncommon to hear, “I cannot define effectiveness but I know it when I see it.” Why is this important? All compliance professionals know having a paper compliance program (compliance plan that sits on the shelf along with well drafted but not implemented policies and procedures) is not effective. But as one assesses what an organization is doing as it relates to the seven elements of an effective compliance program based on the Federal Sentencing Guidelines and all the various OIG compliance program guidance documents, the process gets more convoluted. How much is enough, and do you just want to do “the bare minimum”?

March 24th, 2017|

Privacy Issues Unique to Research and Research Institutions

Covered entities deal with many complex privacy and information security issues, but institutions that conduct research have an additional level of complexity. Key to understanding the implications of privacy obligations in research is understanding the multiple regulations that could apply to human subject research.

February 27th, 2017|

Designating Hybrid Entity Status Under HIPAA in a University Setting

My colleague David Holtzman recently wrote a blog post on the OCR resolution agreement with the University of Massachusetts at Amherst (UMass). UMass designated itself as a hybrid entity but did not appropriately identify and designate all applicable functions that engaged in health care activities as inside the health care components (HCC) of its hybrid entity structure under HIPAA. Why might this not be as easy as it sounds?

December 6th, 2016|

Pay Now or Pay Later: The Cost of Privacy and Security

For many things in health care, if you don’t spend the energy and resources to reduce risks now you will likely pay for it later. However, if you wait until later it will cost more to take care of the problem than it would have to prevent it. We all know if we eat healthy, exercise and get our routine medical and dental examinations the risk of serious health conditions is reduced. Catching a disease early could mean the difference between surviving or not. There are of course exceptions.

September 16th, 2016|