Marti Arvin

Marti Arvin

About Marti Arvin

Marti Arvin brings more than three decades of operational and executive leadership experience in the fields of compliance, research and regulatory oversight in academic medical and traditional hospital care settings to her position at CynergisTek. She was most recently the Vice President and Chief Ethics and Compliance Officer for Regional Care Hospital System and before that Vice President and Chief Compliance Officer at UCLA Health System and the David Geffen School of Medicine.

CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 4

The Center for Medicare and Medicaid Services (CMS) has issued a number of waivers of certain regulatory obligations for multiple segments of the healthcare industry during the public health emergency (PHE). These waivers modify the compliance obligations in a number of ways. This podcast series will focus on some of the waivers issued for teaching hospitals, teaching physicians, medical residents, and hospitals as part three of a three-part series regarding the waivers for this industry segment. Waivers for Verbal Orders

CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 3

The Center for Medicare and Medicaid Services (CMS) has issued a number of waivers of certain regulatory obligations for multiple segments of the healthcare industry during the public health emergency (PHE). These waivers modify the compliance obligations in a number of ways. This article will focus on some of the waivers issued for teaching hospitals, teaching physicians, medical residents, and hospitals as part two of a three-part series regarding the waivers for this industry segment. Waivers Related to the Type

CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 2

The Center for Medicare and Medicaid Services (CMS) has issued a number of waivers of certain regulatory obligations for multiple segments of the healthcare industry during the public health emergency (PHE). These waivers modify the compliance obligations in a number of ways. This article will focus on some of the waivers issued for teaching hospitals, teaching physicians, medical residents, and hospitals as part two of a three-part series regarding the waivers for this industry segment. Waivers for Hospitals The

CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 1

The Center for Medicare and Medicaid Services (CMS) has issued a number of waivers of certain regulatory obligations for multiple segments of the healthcare industry. These waivers modify the compliance obligations in a number of ways. This article will focus on some of the waivers issued for teaching hospitals, teaching physicians, medical residents, and hospitals as part one of a three-part series regarding the waivers for this industry segment. Waivers for Teaching Hospitals and Teaching Physicians Anyone involved with

Telehealth and Coronavirus: Compliance Considerations to Think About

Things are changing rapidly in the current regulatory environment and that is true for telehealth as well. On March 13, 2020 the President declared the coronavirus pandemic a national emergency. On March 17, 2020, the Center for Medicare and Medicaid Services (CMS) issued fact sheet relaxing the requirements telehealth services to be billable to Medicare. That same day, CMS also provide a list of frequently asked questions (FAQs) on providing telehealth services under the current Public Health Emergency. The

User Access Monitoring in the Current COVID-19 Crisis

It might be tempting for covered entities and business associates to put-off some of their regulatory or compliance obligations as other priorities evolve in the current crisis. Whether to do that or not is a risk decision like most security and privacy compliance choices. There are a number of factors to consider when thinking about this. For example, an organization might consider reducing or pausing their user access monitoring program. HHS has issued guidance on a number of areas

Mobile Devices in the Healthcare Academic Medical Center: Why Are They So Difficult to Control?

In today’s healthcare environment, mobile devices are rampant. Controlling the nature and method of data stored on these devices is not easy in most industries – and mobile devices in the healthcare environment present a unique challenge. What makes securing mobile devices particularly difficult in healthcare and even more difficult in the academic medical center (AMC)? It helps first to understand the environment. The Academic Medical Center The old saying is that if you have seen one AMC, you

User Access Monitoring: Convincing Your Governing Body that You Need to do This

User access monitoring is a requirement under the HIPAA Security Rule. However, the specifics of what must be done remain a little cloudy. The regulations state, “implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information” 45 C.F.R. §164.312(b). The rule also requires that covered entities “implement policies and procedures to prevent, detect, contain, and correct security violations” and “implement procedures to regularly review records of information

When is data collected for research PHI covered by HIPAA and when is it not?

On June 1, 2018, an OCR ALJ decision imposed civil monetary penalties against the University of Texas MD Anderson Cancer Center for data that was on two lost thumb drives and a stolen laptop. MD Anderson had challenged the original determination by OCR that the data was improperly accessed, used or disclosed. They also appear to have put forth an argument that the data was research information and therefore not subject to HIPAA. The ALJ’s decision indicated the information

Building and Maintaining an Effective Compliance Program with Limited Resources

It is often said an effective compliance program is difficult to measure, but experienced compliance professionals “know it when they see it”. This is not much comfort to many compliance professionals. A key outcome of having a compliance program is that it is effective. This is even less comfort to individuals who have limited resources for their compliance program. But even with limited resources, there are still ways to demonstrate effectiveness. It just requires more creativity and leveraging of