HHS-OIG continues to sharpen its focus on Remote Patient Monitoring (RPM). As we discussed in November 2023 and September 2024, HHS-OIG has concerns about inappropriate utilization and billing for RPM, as well as potential vulnerabilities in the current system that warrant more focused oversight by CMS, and the agency has put forth recommendations to mitigate these risks. HHS-OIG recently released yet another report on billing for RPM in Medicare (OEI-02-23-00261). The message is familiar but firmer: utilization is up, and billing patterns continue to raise program-integrity concerns. HHS-OIG estimates $536 million in Medicare payments for RPM in 2024—a 31% increase from 2023—and nearly one million beneficiaries served, figures that reinforce prior calls for enhanced oversight.

RPM and Medicare

RPM is a technology-based health care service designed to allow for better management of health conditions, especially chronic conditions. RPM uses connected medical devices—e.g., blood pressure cuffs, scales, glucose meters, and pulse oximeters—to collect a patient’s physiologic data at home and securely transmit it to clinicians for ongoing care. In Medicare, RPM is billable for both chronic and acute conditions and is structured around three components: education and setup; monthly device supply/data transmission; and treatment management based on the transmitted data. HHS-OIG has cautioned that rapid growth without corresponding controls has increased oversight risks.

What’s New in HHS-OIG’s 2024 Data (and Why it Matters)

In its most recent report, HHS-OIG states that roughly 4,600 medical practices “routinely” billed for RPM in 2024. While typical utilization was modest—about 70 enrollees per practice annually and  roughly five new enrollees per month—HHS-OIG observed more significant growth at a subset of providers: 32 practices posted ≥150% month-over-month increases with ≥100 new enrollees in a single month, and one practice billed RPM for approximately 3,400 new enrollees in one month. While such growth can reflect legitimate expansion, HHS-OIG flags these billing spikes as patterns that have signaled fraud risk in other Medicare services and, therefore, warrant further scrutiny.

To guide oversight, HHS-OIG proposes five concrete monitoring measures drawn from claims/encounter data and program rules: (1) sudden spikes in new enrollees; (2) a high share of patients without a prior relationship with the practice; (3) patients enrolled in RPM who never receive treatment management; (4) overlapping billing for the same beneficiary by multiple practices; and (5) multiple devices billed in the same month for a single beneficiary. HHS-OIG states that practices billing far outside normal ranges on these measures warrant further scrutiny.

Implications for Providers

HHS-OIG is intensifying its focus on RPM by identifying specific billing indicators that MACs can use to detect outliers. Thus, providers should expect data-driven targeting by MACs and special investigation units (SIUs) using HHS-OIG’s measures (e.g., prior-relationship checks, multiple-device edits) to identify outliers for pre- and post-payment review. Based on HHS-OIG’s most recent report, growth spikes—meaning large, abrupt enrollment surges (e.g., ≥150% month-over-month with ≥100 new beneficiaries)—are likely to invite questions and subject a provider to scrutiny. Further, HHS-OIG’s report flags multiple devices billed in the same month and the absence of treatment management as risk indicators; therefore, providers can expect edit logic and audits keyed to these patterns.

What Providers Should Do

Providers and organizations that incorporate, or are seeking to incorporate, RPM should act now to strengthen documentation, calibrate enrollment to clinical need, enhance vendor oversight, and validate claim elements against HHS-OIG’s outlined measures. Specifically, providers should:

  • Validate eligibility & prior relationships. Confirm medical necessity; document the ordering practitioner and patient consent; and ensure a bona fide prior relationship (or document why initiation is appropriate). HHS-OIG’s “prior relationship” look-back construct can inform intake logic.

  • Tighten device controls. Reconcile vendor inventory to claims; prevent duplicate billing across practices; and require documented clinical rationale where more than one device is furnished in a month.

  • Embed treatment-management workflows. Hard-stop claims if monthly treatment-management time/requirements are not met and recorded; audit for enrollees who never receive treatment management.

  • Monitor enrollment velocity. Trigger review when new-patient counts exceed risk thresholds; require approvals for marketing-driven spikes.

  • Map and monitor multi-practice overlaps. Use attribution logic and data-sharing agreements to detect concurrent RPM billing and resolve conflicts before submission.

  • Refresh policies & provider education. Update RPM standard operating procedures and clinician training to reflect HHS-OIG’s measures and CMS rules; set expectations for documentation, device stewardship, and monthly engagement.

Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Ramy Fayed

About Ramy Fayed

Ramy Fayed is a partner in the Health Care practice group in Dentons US' Washington, DC, office. He has been recognized by Super Lawyers, Nightingale's Healthcare News and Best Lawyers as one of the leading health care lawyers in the US.

Full bio

Danika Rothwell

About Danika Rothwell

Danika Rothwell is a member of Dentons' Health Care Practice, focusing on health care fraud and abuse, privacy, and confidentiality, and other compliance and regulatory matters.

RELATED POSTS