*Register for our 30-minute "Crash Course on Remote Patient Monitoring Program Compliance” webinar on March 13, 2025, at 2PM ET/11AM PT to learn how to better ensure your RPM program meets regulatory standards.*
Just saying the word "audit" is a surefire way to make a practitioner's heart skip a beat. While we apologize for including the word in our title, we're glad to have grabbed your attention. That's because, as the title suggests, the Department of Health and Human Services Office of Inspector General (OIG) recently announced its intention to audit Part B remote patient monitoring (RPM) services through 2025 to "determine whether providers furnished and billed for RPM services in accordance with Medicare requirements."
This announcement came just a few months after OIG issued a detailed report calling for additional oversight of remote patient monitoring (i.e., remote physiological monitoring) in Medicare. I shared my thoughts on this report with Physicians Practice, noting that while OIG's report includes some questionable information, we applaud efforts to identify fraudulent operators who undermine the credibility and effectiveness of genuine RPM services and vendors.
The increased federal scrutiny of remote patient monitoring is not surprising. RPM, like other telehealth services, has seen substantial growth over the past few years, fueled by the COVID-19 pandemic and continued provider and consumer embracing of digital health. Organizations looking to capitalize on this growing opportunity, from financial and clinical care perspectives, can run into trouble concerning compliance. While some RPM programs run afoul of rules in the hopes of lining their pockets (and not getting caught), these tend to be outliers.
Rather, most remote patient monitoring compliance problems stem from a misunderstanding of requirements or engaging with a vendor partner that cuts corners. These are factors motivating audits of RPM programs, as is a 2023 fraud scheme for RPM services which caught OIG's attention.
Whether your organization has already established a remote patient monitoring program or is thinking about one, knowing that it may undergo an audit is important to helping ensure you make the right decisions for your program. The good news is that these decisions are not difficult ones to make, as long as you understand what is expected of RPM programs and where organizations can easily go awry.
5 Areas of Focus for Remote Patient Monitoring Auditing
Putting in a little work and making a smart choice when choosing an RPM vendor partner should help keep auditors at bay. Here are five areas you will want to focus on to better ensure your RPM program is a compliant one.
1. Remote patient monitoring coding and billing rules
We start here, because if you fail to understand and properly follow remote patient monitoring coding rules when billing the Centers for Medicare & Medicaid Services (CMS), or you partner with a vendor that fails to do so on your behalf, you can find yourself in hot water. The occasional coding error often leads to denials that require your practice to perform additional, unnecessary work to get paid. This is a hassle, and you should work to avoid denials as they contribute to unnecessary waste, but they are not a particularly big deal when it comes to auditing.
Where the water can become hot is if you — or your vendor partner — frequently code improperly. There are essentially two ways of classifying improper coding. The more serious of the two is "upcoding," which is defined in a Perspectives in Health Information Management article as follows: "Upcoding occurs when a healthcare provider has submitted codes for more severe conditions than diagnosed for the patient to receive higher reimbursement. When a provider upcodes, and the claim is processed, the provider receives more payment than is deserved. Upcoding is considered a serious compliance risk that may lead to payer audits, reimbursement takebacks, and charges of abusive or fraudulent billing.
"Downcoding" — the other way of classifying improper coding — is, as it sounds, the opposite upcoding. Downcoding typically occurs because, as a Physicians Practice article notes, a provider "… fails to provide relevant documentation details to assign a service, procedure, or diagnosis to the optimal level of specificity." Downcoding often occurs because a provider is unsure about proper coding rules and wants to avoid the risk of potentially upcoding.
While downcoding may seem like it only harms the provider since it reduces what a practice should earn for services, it is still considered a "… basis for abusing and defrauding the federal government and its programs," according to another Physicians Practice column. The reason: Downcoding can be used to entice patients to take advantage of additional services offered by the provider because downcoding can reduce what a patient owes for their care.
If you're looking for help with how to properly code and bill RPM, get the free Prevounce Remote Patient Monitoring Billing Guide.
2. Partnering with an "illegitimate" RPM company
In the aforementioned OIG report, the agency expressed concerns about fraudulent providers of RPM services. These concerns are valid, but it's essential to distinguish between legitimate providers and fraudsters.
There are two main RPM models: (1) the agent model, where companies support providers that bill for services, and (2) the independent clinic model, where companies bill Medicare directly. The OIG report highlights oversight challenges with the latter, as Medicare lacks visibility into the patient-physician relationship.
Some scrutiny of independent clinics is warranted, but it's important to note that many provide valuable care. Ethical independent clinics should not be unfairly grouped with fraudulent actors.
Note: While the independent clinic model can be a legitimate approach, Prevounce follows the agent model. From our experience, RPM and other care management services are most effective when performed in collaboration with the patient's primary physician and their staff.
With that said, RPM providers must do their due diligence when considering an RPM partner and try to ensure the partner they choose is following and will continue to follow the rules. Fraudulent billing performed on behalf of a provider can still lead to serious ramifications for the provider.
3. Improper remote patient monitoring devices
As remote patient monitoring has grown in popularity, so has the number of choices for RPM device options for providers and their patients. But not every device that captures patient data qualifies as a legitimate RPM device, and, unfortunately, not every device that describes itself as an RPM device meets the requirements.
To be a legitimate RPM device (like Pylo connected devices), and one that a provider can bill, the device must meet the Food and Drug Administration's (FDA) definition of a medical device. Depending on the device class, an acceptable RPM device could have received 510(k) clearance, pre-market approval, or a waiver.
Providers will also want to ensure the devices they select can achieve real-time data transmission. As federal guidelines note, "Physiologic data must be electronically collected and automatically uploaded to a secure location where the data can be available for analysis and interpretation by the billing practitioner."
When researching RPM device options, ensure the devices you select are considered legitimate by FDA and will meet this data transmission requirement.
4. Text messaging as form of RPM "interactive communication"
There had long been confusion concerning how CMS defined the technology that could be used by remote patient monitoring providers to perform "interactive communication" with patients, which is referred to in the descriptions of CPT 99457 and CPT 99458. CMS has defined interactive communication as a conversation that occurs in real time and includes synchronous, two-way interactions that can be enhanced with video or other kinds of data. What is essential to know from a compliance perspective is that the 2021 physician fee (PFS) schedule final rule made it clear that CMS would no longer permit text messaging to be used as a billable form interactive communication.
Why is this important? Texting is a communication method that is used by some remote patient monitoring and chronic care management (CCM) platforms. Since text messaging is not considered a billable form of interactive communication, time spent texting with patients, even when performed in real time, cannot be counted towards remote patient monitoring care management time.
If your program is still relying upon texting as a method for delivering billable "interactive communication" time, you are not in compliance with CMS rules.
5. Multiple practitioner delivery of remote patient monitoring services
A PFS final rule from several years ago created confusion when it seemed to infer that separate practitioners could bill remote patient monitoring services for the same patient as long as they used different RPM devices (e.g., cardiologist monitors blood pressure readings while a pulmonologist monitors peak flow readings).
In a correction document, CMS clarified that only a single practitioner could bill CPT 99453 and CPT 99454 during a 30-day period. Practitioners that bill for remote patient monitoring services for a patient already receiving RPM services from another practitioner are likely to have their claims denied. Repeated attempts to bill for RPM in this scenario could lead to auditor scrutiny.
Staying on the Right Side of Remote Patient Monitoring Regulations
If you've reached this part of the column, hopefully we haven't scared you away from the idea of growing or launching a remote patient monitoring program. CMS has shown its support for RPM time and again, with the federal agency even adding RPM as services billable by federally qualified health centers (FQHCs) and rural health clinics (RHCs) in 2024. It's a great time to start offering remote patient monitoring and expand an existing RPM program. The rules concerning coding and billing of RPM can be tricky; there's no denying that. But maintaining compliance and achieving successful audit results doesn't need to be, as long as you use an RPM platform that includes compliance as a central component of its functionality and work with an RPM vendor that makes compliance an ongoing focus of its solution and services.
That's one aspect of Prevounce Remote Patient Monitoring that we believe differentiates us from other platforms. At Prevounce, we take a compliance-first approach to RPM that helps clients maximize its clinical and financial value while adhering to evolving rules and regulations. While we are interested in helping organizations start and build successful RPM programs, we want to ensure they get paid what they deserve while always staying on the right side of regulations. To do so, we take the time to understand all of the rules concerning RPM and build them into the platform and our services. When rule changes are announced, we make sure our platform is updated to reflect these changes when they take effect, and our people are educated on the revised requirements.
The end result: With Prevounce RPM, you can run your remote patient monitoring program knowing that compliance, at least concerning the coding and billing of your services, and the potential to trigger an audit isn't something you need to worry very much about. To learn how Prevounce can help you establish and build a thriving, compliant RPM program, book a meeting with us.
Upcoming Webinar: “Crash Course on RPM Program Compliance”
Ensuring your RPM program meets regulatory standards is crucial for long-term success, and our upcoming “Crash Course on Remote Patient Monitoring Program Compliance” webinar is designed to give you the knowledge and tools you need. This 30- minute program on March 13, 2025, at 2PM ET/11AM PT, will provide attendees with knowledge on how to build and manage an RPM program that's always compliant with Medicare rules.
* Disclaimer: This presentation is for informational purposes only and does not constitute legal or other professional advice. Billing and coding requirements – especially in the telehealth space – can change and be reinterpreted often. You should always consult an attorney and/or medical billing professional prior to submitting claims for services to ensure that all requirements are met.