As remote patient monitoring (RPM) continues to grow in popularity, the U.S. Department of Health and Human Services, Office of Inspector General (OIG) is keeping close watch on how providers are billing, coding, and documenting these services. This is particularly the case since the Centers for Medicare & Medicaid Services (CMS) paid more than $530 million to providers for RPM care last year alone.
With that number expected to increase in the year ahead, OIG recently issued a report that identified RPM red flags and called for greater scrutiny of RPM billing practices. Specifically, OIG’s report detailed several potentially problematic RPM billing practices, including providers who bill RPM:
- without having a prior relationship with the patient;[1]
- without documentation of treatment management;[2]
- for the same patient at two or more other practices; and
- for more than one remote patient monitoring device per month per patient.
The identification of these red flags comes on the heels of a similar report in September 2024 in which OIG recommended to CMS that additional RPM safeguards were necessary, including but not limited to:
- requiring that RPM be ordered and that information about the ordering provider be included on claims and encounter data;
- developing methods to identify what health data is being monitored; and
- identifying and monitoring companies that bill for RPM.
OIG’s latest report signals a clear shift toward increased scrutiny of RPM services. David Traskey, a Partner at Garfunkel Wild agrees and notes that, “The proposed rules to the 2026 Physician Fee Schedule reflects CMS’s continued willingness to expand the use of RPM even further. While the continuing growth of RPM is surely a welcome development for providers, it is also important to recognize that such expansion comes with strings attached – likely in the form of more audits, investigations, and oversight.”
As such, it is critically important that Medicare and Medicare Advantage participating providers, in particular, proactively review their billing protocols and audit documentation practices, as well as reassess vendor relationships to ensure compliance with CMS requirements in the face of anticipated pressure to justify their use of RPM.
A complete copy of the OIG report is available here.
Our Investigations, Audits, and Regulatory Compliance Group is available to assist clients in navigating these developments, conducting internal audits, and implementing risk mitigation strategies tailored to RPM operations.
If you have any questions regarding the above or would like assistance in evaluating your RPM program for compliance with applicable laws, please contact the authors, the Garfunkel Wild attorney with whom you regularly work, or contact us at [email protected].
* * * * * *
[1] A provider must establish a relationship with the patient before billing RPM (e.g., via an in-person or telehealth service).
[2] A provider must spend at least 20 minutes per month using the patient’s data to make decisions about their care and to discuss those decisions with them.