Practical compliance playbook for remote patient monitoring

Blog Post

Twice in the last year the Office of Inspector General (OIG) of the Department of Health and Human Services has published reports recommending expanded oversight of remote patient monitoring.  See "OIG Report Identifies Remote Patient Monitoring Billing Compliance Concerns" and "OIG Recommends Expanded CMS Oversight of Remote Patient Monitoring."

A thoughtful, methodical approach to program design and daily operations will materially reduce audit and related risks. Below is a non-exhaustive list of safeguard practices that remote physiological monitoring (RPM) and remote therapeutic monitoring (RTM) providers can implement to demonstrate a culture of compliance and ward off federal scrutiny.

  • Frequent Regular High Level Audits
    Conduct short regular self-audits of a randomized sample of claims, looking for billing concerns, such as upcoding where interactive communication did not meet the 20-minute threshold for RPM or RTM treatment management, or issues relating to medical necessity, supervision or other applicable billing standards. Where corrections are needed make sure document remediation steps and produce a “paper trail” that is easy for an outside auditor to identify your compliance efforts.
  • Maintain Written Vendor Contracts and Rigorously and Continuously Vet Vendors
    When a provider retains an outside company (such as a staffing company or other vendor) to assist in furnishing RPM or RTM it is important to maintain a written contract that sets forth the responsibilities of the parties and addresses significant issues, including (in most cases) a HIPAA business associate agreement. Get written confirmations from vendors that their platform and services comply with Medicare’s (and other applicable payors’) billing rules, FDA device classifications, HIPAA, and state corporate practice of medicine laws. Likewise, vendors who furnish RPM or RTM staffing or related services should vet their provider clients and may request similar assurances. While attestations or reps and warranties are preferable, even mere email trails asking questions and getting responses can demonstrate good faith efforts to look into compliance and not stick your head in the sand. Educate yourself on CMS (and other payor) billing policies for RPM and RTM and ask to see their billing policies to confirm they match your understanding. In the event you haven’t entered into a contract or that you are able to renegotiate, consider building in contractual “claw-back” language that shifts liability to the other party for any penalties or overpayments resulting from their misconduct.
  • Lock In FDA-Cleared Devices
    Maintain a living inventory spreadsheet that lists every make and model used in your program, its FDA status, and the date you confirmed that status. Avoid consumer wellness gadgets that market themselves as “RPM-ready” but lack required clearance or real-time data transmission capabilities. If you substitute a device mid-year, memorialize the change in your policies and update patient consents.
  • Say Goodbye to Billable Texting
    CMS has made clear that asynchronous texting does not satisfy the “interactive communication” standard under CPT 99457/99458 for RPM and CPT 98980/98981 for RTM. Educate clinical staff that texting is still valuable for outreach but should be logged separately from billable RPM minutes. Configure your platform so that audio/video encounters automatically time stamp and flow into your EHR; this single step eliminates most documentation errors.
  • Enforce the “Single Practitioner” Rule
    Check patients upfront to confirm that no other practitioner has billed 99453 or 99454 for the same patient in the preceding 30-day window and try to determine whether any other RPM or RTM services are being billed for the patient.
  • Operationalize a 16-Day Transmission Policy
    CMS requires at least 16 days of data in a 30-day period to bill for RPM or RTM device supply and data transmission codes. Create automated alerts that flag patients falling short on day 10, giving staff time to intervene with coaching or technical assistance. Archive the raw transmission logs in your EHR or a secure repository; they are the first items auditors’ request. These alerts should be modified if CMS finalizes proposals to allow RPM and RTM billing for shorter periods of data collection.
  • Obtain and Refresh Patient Consent
    If feasible, secure written (not oral) consent before initiation, explaining potential cost-sharing requirements. If oral (rather than written) consent is obtained be sure to document patient consent in the medical record. Re-affirm consent annually and any time there is a material change to devices, data flows, or cost structure. Store consents in a discrete EHR field that can be accessed if requested.
  • Build Compliance Committee
    Design a team dedicated to RPM and/or RTM compliance. If you have an existing compliance committee, make sure to make RPM and/or RTM review a regular part of the meetings to review metrics.
  • Train and Test
    Develop a mandatory but easily digestible curriculum covering RPM and/or RTM fundamentals, common pitfalls, and documentation best practices. Whatever mechanism is used for education, build-in some sort of learning check to confirm participants knowledge and interaction with the material. Make sure you have someone designated to watch for new OIG and CMS guidance that will update and educate staff as needed.
  • Prepare Your “Audit Binder”
    Assemble a digital folder that contains policies and procedures, vendor contracts, device FDA documents, patient consents, sample annotated claims, internal audit reports, and meeting minutes from. Review and update the binder at least every six months so you are audit-ready at all times. Designate a point person (usually the compliance officer) who can provide auditors with rapid, organized access, signaling transparency and control.

Implementing the above steps will not only hard-wire compliance into your RPM and/or RTM program but also create a robust operational framework that delivers measurable clinical value. In the current enforcement environment, providers who combine meticulous documentation with continuous quality improvement will stand out as trusted stewards of Medicare dollars exactly the reputation you want when a regulator or an auditor comes calling.

For more information on remote patient monitoring and related issues, please contact McDonald Hopkins Healthcare Practice Group's Rick Hindmand or Rachel Carey.

Related Services

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.