Just saying the word "audit" is a surefire way to make a practitioner's heart skip a beat. So, while we apologize for including the word in our title, we're glad to have grabbed your attention. It was only a matter of time before remote patient monitoring (RPM) received federal scrutiny. That’s why it wasn’t surprising to see RPM included in a January 2021 announcement by the Office of Inspector General that the Centers for Medicare & Medicaid Services (CMS) would be conducting a series of audits of Medicare Part B telehealth services in two phases (with RPM part of the second phase).
After all, RPM, like other telehealth services, has seen substantial growth in a short amount of time, fueled by the COVID-19 pandemic. Organizations looking to capitalize on an emerging opportunity, from financial and clinical care perspectives, can run into trouble concerning compliance. While some RPM programs run afoul of rules by choice in the hopes of lining their pockets (and not getting caught), these tend to be outliers.
Rather, most remote patient monitoring compliance problems stem from either a misunderstanding of requirements or engaging with a vendor partner that cuts corners, either unintentionally or intentionally. These are factors now motivating CMS to conduct Recovery Audit Contractor (RAC) and Medicare Administrative Contractor (MAC) audits.
Whether your organization has already established a remote physiological monitoring program or is thinking about one, knowing that it may undergo an audit is important to helping ensure you make the right decisions for your program. The good news is that these decisions are not difficult ones to make, as long as you understand what is expected of RPM programs and where organizations can easily go awry.
4 Areas of Focus for Remote Physiological Monitoring Auditing
Putting in a little work and making a smart choice when choosing a remote patient monitoring vendor partner should help keep auditors at bay. Here are four areas you will want to focus on to better ensure your RPM program is a compliant one.
1. Remote patient monitoring coding and billing rules
We start here, because if you fail to understand and properly follow remote physiological monitoring coding rules when billing CMS, or you partner with a vendor that fails to do so on your behalf, you can find yourself in hot water. The occasional coding error often leads to denials that require your practice to perform additional, unnecessary work to get paid. This is a hassle, and you should work to avoid denials as they contribute to unnecessary waste, but they are not a particularly big deal when it comes to auditing.
Where the water can become hot is if you — or your vendor partner — frequently code improperly, whether intentional or unintentional. There are essentially two ways of classifying improper coding. The more serious of the two is "upcoding," which is defined in a Physicians Practice column to mean "… reporting a higher-level service or procedure or a more complex diagnosis, than is supported by medical necessity, medical facts, or the provider's documentation." When a provider upcodes, and the claim is processed, the practice receives more payment than is deserved. As the column goes on to state, upcoding is considered a "… serious compliance risk that may lead to payer audits, reimbursement takebacks, and charges of abusive or fraudulent billing."
"Downcoding" — the other way of classifying improper coding — is, as it sounds, the opposite upcoding. Downcoding typically occurs because, as Physicians Practice notes, "… a provider fails to provide relevant documentation details to assign a service, procedure, or diagnosis to the optimal level of specificity." Downcoding often occurs because a provider is unsure about proper coding rules and wants to avoid the risk of potentially upcoding. While downcoding may seem like it only harms the provider since it reduces what a practice should earn for services, it is still considered a "… basis for abusing and defrauding the federal government and its programs," according to another Physicians Practice column. The reason: Downcoding can be used to entice patients to take advantage of additional services offered by the provider because downcoding can reduce what a patient owes for their care.
If you're looking for help with how to properly code and bill RPM, get the free Prevounce Remote Patient Monitoring Billing Guide.
2. Remote patient monitoring rules concerning number of days of data transmission
Now let's look at a particular remote patient monitoring coding and billing rule causing significant confusion that can easily lead to improper coding that catches the attention of auditors. It concerns the amount of time, and more specifically number of days, in which RPM services are rendered. The confusion largely stems from a waiver that permitted providers to deliver and bill for remote patient monitoring services to patients with suspected or confirmed cases of COVID-19.
The waiver noted that CMS would permit RPM services to be reported to Medicare for periods of time of fewer than 16 days, but no less than two days, during the health crisis. Why is this confusing? CPT 99453 and CPT 99454 require the use of a medical device that digitally collects and transmits 16 or more days of data every 30 days for the billing of these codes (i.e., 16-day requirement). The waiver temporarily changed the rules of how to code CPT 99453 and CPT 99454.
However, there's a particularly important caveat: Billing for remote patient monitoring for fewer than 16 days, but more than two days (i.e., two-day requirement), is limited to patients with a suspected or confirmed diagnosis of COVID-19 — emphasis on "limited." If a patient does not have a suspected or confirmed diagnosis of the coronavirus, the rules concerning the digital collection and transmission of 16 or more days of data every 30 days still apply.
The waiver and final 2021 rule were vague and did not clearly associate the two-day requirement with patients having suspected or confirmed cases of COVID-19. This led some to interpret that the two-day requirement could apply to all patients during the pandemic.
A recently published correction document essentially puts any question about the two-day requirement to bed. While this document does not specifically mention the waiver or COVID-19 patients, CMS clarifies what is currently required for RPM billing by stating the following: "The medically necessary services associated with all the medical devices for a single patient can be billed … when at least 16 days of data have been collected."
The emphasis on 16 days should be interpreted to mean that this figure is the current default requirement. Thus, only those exceptions identified within the aforementioned waiver are acceptable for the two-day requirement. Those exceptions specifically concern patients with a suspected or confirmed diagnosis of COVID-19.
Remote patient monitoring programs that apply the two-day requirement to patients who do not have suspected or confirmed diagnosis of the coronavirus could find themselves in serious hot water with auditors.
3. Text messaging as form of RPM "interactive communication"
There had long been confusion concerning how CMS defined the technology that could be used by remote patient monitoring providers to perform "interactive communication" with patients, which is referred to in the descriptions of CPT 99457 and CPT 99458. CMS has defined interactive communication as a conversation that occurs in real time and includes synchronous, two-way interactions that can be enhanced with video or other kinds of data. What is essential to know from a compliance perspective is that the final 2021 rule made it clear that CMS would no longer permit text messaging to be used as a billable form interactive communication.
Why is this important? Texting is a communication method used by many remote patient monitoring and chronic care management (CCM) platforms. Since text messaging is no longer considered a billable form of interactive communication, time spent texting with patients, even when performed in real time, cannot be counted towards remote patient monitoring care management time.
If your program is still relying upon texting as a method for delivering billable "interactive communication" time, you are not in compliance with CMS rules.
4. Multiple practitioner delivery of remote patient monitoring services
The final 2020 rule seemed to infer that separate practitioners could bill remote patient monitoring services for the same patient as long as they used different RPM devices (e.g., cardiologist monitors blood pressure readings while a pulmonologist monitors peak flow readings).
In the aforementioned correction document, CMS sought to clarify that only a single practitioner could bill CPT 99453 and CPT 99454 during a 30-day period. Practitioners that bill for remote patient monitoring services for a patient already receiving RPM services from another practitioner are likely to have their claims denied. Repeated attempts to bill for RPM in this scenario could lead to auditor scrutiny.
Staying on the Right Side of Remote Physiological Monitoring Regulations
If you've reached this part of the blog, hopefully we haven't scared you away from the idea of growing or launching a remote patient monitoring program. CMS reaffirmed its support and plans for future expansion for RPM in its final 2021 rule commentary, so it's a great time to add and expand remote patient monitoring. The rules concerning coding and billing of RPM can be tricky; there's no denying that. But maintaining compliance and achieving successful audit results doesn't need to be, as long as you use an RPM platform that includes compliance as a core component of its functionality.
That's one aspect of the Prevounce Remote Patient Monitoring platform that we believe differentiates us from other platforms. While we are interested in helping practices start and building successful RPM programs, we want to best ensure they get paid what they deserve while staying on the right side of regulations. To do so, we take the time to understand all of the rules concerning RPM and build them into the platform. When rule changes are announced, we make sure our platform is updated to reflect these changes when they take effect.
The end result: With Prevounce RPM, you can run your remote patient monitoring program knowing that compliance, at least concerning the coding and billing of your services, and the potential to trigger an audit isn't something you need to worry very much about.