Skip to content

Brought to you by

Dentons On Call

Making health law a little more accessible and a lot less daunting.

open menu close menu

Dentons On Call

  • Home
  • About Us

HHS-OIG’s New RPM Report: Same Risks, Sharper Focus

By Ramy Fayed and Danika Rothwell
September 12, 2025
  • Compliance
  • Digital Health
  • Fraud & Abuse
  • Medicaid
  • Medicare
Share on Facebook Share on Twitter Share via email Share on LinkedIn

HHS-OIG continues to sharpen its focus on Remote Patient Monitoring (RPM). As we discussed in November 2023 and September 2024, HHS-OIG has concerns about inappropriate utilization and billing for RPM, as well as potential vulnerabilities in the current system that warrant more focused oversight by CMS, and the agency has put forth recommendations to mitigate these risks. HHS-OIG recently released yet another report on billing for RPM in Medicare (OEI-02-23-00261). The message is familiar but firmer: utilization is up, and billing patterns continue to raise program-integrity concerns. HHS-OIG estimates $536 million in Medicare payments for RPM in 2024—a 31% increase from 2023—and nearly one million beneficiaries served, figures that reinforce prior calls for enhanced oversight.

RPM and Medicare

RPM is a technology-based health care service designed to allow for better management of health conditions, especially chronic conditions. RPM uses connected medical devices—e.g., blood pressure cuffs, scales, glucose meters, and pulse oximeters—to collect a patient’s physiologic data at home and securely transmit it to clinicians for ongoing care. In Medicare, RPM is billable for both chronic and acute conditions and is structured around three components: education and setup; monthly device supply/data transmission; and treatment management based on the transmitted data. HHS-OIG has cautioned that rapid growth without corresponding controls has increased oversight risks.

What’s New in HHS-OIG’s 2024 Data (and Why it Matters)

In its most recent report, HHS-OIG states that roughly 4,600 medical practices “routinely” billed for RPM in 2024. While typical utilization was modest—about 70 enrollees per practice annually and  roughly five new enrollees per month—HHS-OIG observed more significant growth at a subset of providers: 32 practices posted ≥150% month-over-month increases with ≥100 new enrollees in a single month, and one practice billed RPM for approximately 3,400 new enrollees in one month. While such growth can reflect legitimate expansion, HHS-OIG flags these billing spikes as patterns that have signaled fraud risk in other Medicare services and, therefore, warrant further scrutiny.

To guide oversight, HHS-OIG proposes five concrete monitoring measures drawn from claims/encounter data and program rules: (1) sudden spikes in new enrollees; (2) a high share of patients without a prior relationship with the practice; (3) patients enrolled in RPM who never receive treatment management; (4) overlapping billing for the same beneficiary by multiple practices; and (5) multiple devices billed in the same month for a single beneficiary. HHS-OIG states that practices billing far outside normal ranges on these measures warrant further scrutiny.

Implications for Providers

HHS-OIG is intensifying its focus on RPM by identifying specific billing indicators that MACs can use to detect outliers. Thus, providers should expect data-driven targeting by MACs and special investigation units (SIUs) using HHS-OIG’s measures (e.g., prior-relationship checks, multiple-device edits) to identify outliers for pre- and post-payment review. Based on HHS-OIG’s most recent report, growth spikes—meaning large, abrupt enrollment surges (e.g., ≥150% month-over-month with ≥100 new beneficiaries)—are likely to invite questions and subject a provider to scrutiny. Further, HHS-OIG’s report flags multiple devices billed in the same month and the absence of treatment management as risk indicators; therefore, providers can expect edit logic and audits keyed to these patterns.

What Providers Should Do

Providers and organizations that incorporate, or are seeking to incorporate, RPM should act now to strengthen documentation, calibrate enrollment to clinical need, enhance vendor oversight, and validate claim elements against HHS-OIG’s outlined measures. Specifically, providers should:

  • Validate eligibility & prior relationships. Confirm medical necessity; document the ordering practitioner and patient consent; and ensure a bona fide prior relationship (or document why initiation is appropriate). HHS-OIG’s “prior relationship” look-back construct can inform intake logic.

  • Tighten device controls. Reconcile vendor inventory to claims; prevent duplicate billing across practices; and require documented clinical rationale where more than one device is furnished in a month.

  • Embed treatment-management workflows. Hard-stop claims if monthly treatment-management time/requirements are not met and recorded; audit for enrollees who never receive treatment management.

  • Monitor enrollment velocity. Trigger review when new-patient counts exceed risk thresholds; require approvals for marketing-driven spikes.

  • Map and monitor multi-practice overlaps. Use attribution logic and data-sharing agreements to detect concurrent RPM billing and resolve conflicts before submission.

  • Refresh policies & provider education. Update RPM standard operating procedures and clinician training to reflect HHS-OIG’s measures and CMS rules; set expectations for documentation, device stewardship, and monthly engagement.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Ramy Fayed

About Ramy Fayed

Ramy Fayed is a partner in the Health Care practice group in Dentons US' Washington, DC, office. He has been recognized by Super Lawyers, Nightingale's Healthcare News and Best Lawyers as one of the leading health care lawyers in the US.

All posts Full bio

Danika Rothwell

About Danika Rothwell

Danika Rothwell is a member of Dentons' Health Care Practice, focusing on health care fraud and abuse, privacy, and confidentiality, and other compliance and regulatory matters.

All posts

RELATED POSTS

  • Compliance
  • Fraud & Abuse
  • Hospitals & Health Systems
  • Managed Care
  • Medicare
  • News Flash
  • US Health Care

CMS Finalizes New Medicare Overpayment Regulations

By Christopher Janney and Gadi Weinreich
  • Anti-Kickback Statute
  • Compliance
  • Fraud & Abuse
  • Hospitals & Health Systems
  • Managed Care
  • Medicaid
  • Medicare
  • Pharmaceuticals
  • US Health Care

First Circuit Weighs in on AKS Causation Standard for FCA Liability

By Samantha Groden, Christopher Janney, and Gadi Weinreich
  • Compliance
  • Digital Health
  • Digital IT
  • Health Care IT
  • Hospitals & Health Systems
  • Managed Care
  • Reimbursement
  • US Health Care

The Price Transparency Drumbeat Continues as President Trump Issues New Executive Order

By Kate Sullivan Morgan and Joanna Borman

About Dentons

Redefining possibilities. Together, everywhere. For more information visit dentons.com

Categories

  • Anti-Kickback Statute
  • Compliance
  • Corporate
  • Corporate Practice of Medicine | CPOM
  • Digital Health
  • Digital IT
  • Fraud & Abuse
  • Health Care IT
  • Hospitals & Health Systems
  • Managed Care
  • Management Services Organizations | MSOs
  • Medicaid
  • Medical Devices
  • Medicare
  • News Flash
  • Pharmaceuticals
  • Podcast
  • Privacy & Security
  • Reimbursement
  • Stark Law
  • US Health Care

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

© 2025 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site