Skip to: Curated Story Group 1
healthcarebusinessreview

Advertise

with us
    • US
    • EUROPE
    • APAC
    • CANADA
  • Home
  • Sections
    Business Process Outsourcing
    Compliance & Risk Management
    Consulting Service
    Dental Billing Services
    Facility Management Services
    Financial Services
    Healthcare Digital Marketing
    Healthcare Education
    Healthcare Procurement
    Healthcare Security
    Healthcare Staffing
    Long-Term Care Pharmacy Services
    Medical Billing
    Medical Case Management
    Medical Transportation
    Patient Monitoring
    Practice Management Service
    Real Estate Services
    Supply Chain
    Therapy Services
  • Contributors
  • News
  • Vendors
  • Conferences
  • CXO Awards
Welcome back to this new edition of Healthcare Business Review !!!✖
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
8 FEBRUARY - 2023IN MY OPINIONCardio DX was a laboratory company based in California that created the Corus CAD blood test. This test used a combination of a patient's age, sex and gene expression to determine one's risk of obstructive coronary artery disease (CAD). Cardio DX is in business partly because Medicare no longer pays for the tests and a number of whistleblower suits alleging that the company was defrauding Medicare. I was a healthcare compliance leader at an organization where Cardio DX representatives marketed the Corus CAD test to primary care providers. A few ordered the test for their patients. The thing about genetic testing is that it likely is not very useful in the elderly population. Many providers would question if it makes sense to order this test for a 75 year- old patient over one in their twenties or thirties or whether it makes sense to order if there is a positive family history of CAD. This is where CMS determined that the test was not medically necessary.Suppose a laboratory company or any other business associate (BA) gathers protected health information (PHI) from a covered entity (CE), such as a healthcare provider, to process testing or any other services. In that case, they must execute a business associate agreement (BAA) with the CE. The BAA, in essence, states that the business associate will safeguard the PHI through administrative, technical and physical safeguards based on the HIPAA Privacy Rule.The primary care organization did not have a BAA or agreement for services with CardioDX to perform any testing. Sometimes when vendor representatives are interacting with primary care offices, they may market their services (or goods) as a valuable part of the care plan but neglect to ensure there is a service agreement and BAA in place prior to providing services; this is usually the duty of the vendor and provider's legal teams or leadership. Our department found out about the unauthorized blood testing through a phone call from an astute Medicare beneficiary. After reviewing her explanation of benefits, she noted a blood test she did not remember being discussed by her provider and was not mentioned by the phlebotomist. She was rightfully concerned about the testing being charged to Medicare when she nor her provider had discussed or given authorization for the test.Business Associates, HIPAA, Medical Necessity, Code of Conduct and Vendor Registration: A Perfect StormBy Karyn Holley, FACHE, RN, CHC, CPHRM, Chief Compliance & Clinical Risk Management Officer, Visiting Nurse Association Health GroupKaryn Holley
< Page 7 | Page 9 >