The Department of Health and Human Services Office of Inspector General (“OIG”) released a report on September 24, 2024, identifying the need for further oversight of remote patient monitoring (“RPM”) services. Notably, OIG is specifically recommending the use of incident-to modifiers, which will likely impact non-RPM services as well, and including ordering on the claim for RPM services.
Background
RPM enables a patient with chronic or acute conditions to collect and transmit health data such as blood pressure, weight or glucose levels through an internet-connected medical device. The device automatically transmits such data to providers to assist with the management or treatment of the patient’s condition. RPM consists of three components: 1) enrollee education and device setup; 2) device supply; and 3) treatment management which must include at least 20 minutes of interactive communication with the patient/caregiver. In order to bill and receive payment for RPM, Medicare requires health data to be collected and transmitted at least 16 days over a 30-day period.
OIG’s Findings
OIG noted a dramatic increase in the number of Medicare beneficiaries who receive RPM, growing from about 55,000 enrollees in 2019 to more than 570,000 in 2022. Additionally, Medicare payments increased from $15 million to $300 million from 2019 to 2022. Given this significant increase in a four-year period, OIG evaluated RPM and potential vulnerabilities associated with these services.
In its review, OIG identified that 43% of enrollees who received RPM did not receive at least one of the three components. The most common missing components were enrollee education and device setup or device supply; however, 12% of enrollees did not receive treatment management.
Additionally, OIG and the Centers for Medicare & Medicaid Services (“CMS”) raised concerns about RPM vendors making unsolicited contact with Medicare enrollees and signing them up for remote patient monitoring and devices without assessing the need for the service or ability to properly monitor enrollees. Medicare does not have a way to identify companies that specialize in RPM leaving the program open to fraud.
The report further revealed that CMS lacks information about the ordering provider as there is not an explicit requirement that the ordering provider be listed on the claim for RPM services. Without this information, CMS’s ability to make medical necessity determinations and identify high-risk billing patterns is limited.
OIG found that CMS does not have information on what health data is collected or what devices are being used, and in some cases could not confirm that an acute or chronic condition was being monitored. Due to this lack of transparency, CMS cannot ensure it is paying for remote physiologic data as required.
OIG further noted that CMS lacks information regarding who is delivering RPM due to “incident to” billing, which allows multiple individuals to deliver services under a single provider identification number. In an extreme case, 23,569 hours of treatment management were billed by a single provider, but CMS was unable to conclude it was unreasonable. OIG noted this lack of information makes it difficult to determine if program requirements are being met. OIG further stated that CMS does not require claims and encounter data to contain a modifier to indicate when “incident to” billing occurred and the billing provider did not directly perform the service.
OIG’s Recommendations
Based on these findings, OIG recommends that CMS implement the following:
- Require physicians and other qualified practitioners to order RPM and include the ordering provider’s information on the claim along with a modifier to indicate any “incident to” services.
- Conduct periodic analysis of providers of enrollees who are frequently missing components and analysis of frequent diagnostic codes that do not represent chronic or acute conditions to increase CMS oversight.
- Create new Healthcare Common Procedure Coding System (“HCPCS”) procedure codes or modifiers to identify collected health data and collection of the types of devices being used. This information will help ensure that RPM is used appropriately.
- Issue provider education materials specific to RPM that include billing guidelines, the purposes of the three components and the importance of integrating remote patient monitoring information into the enrollee’s treatment.
- Develop a method to identify companies that specialize in RPM, potentially through a new provider enrollment classification or data analysis.
Practical Takeaways
- Providers engaged in RPM services should carefully evaluate their models to ensure compliance with Medicare coverage criteria, especially providers billing for RPM on an incident-to basis.
- Providers may see an increase in audit activity by CMS for RPM services and should consider conducting internal reviews to ensure compliance.
- RPM vendors should continue to monitor CMS developments regarding potential provider enrollment requirements.
For questions or additional information, please contact:
- Lisa Lucido at (248) 457-7812 or llucido@hallrender.com;
- Lori Wink at (414) 721-0456 or lwink@hallrender.com;
- Jennifer Skeels at (317) 977-1497 or jskeels@hallrender.com;
- Nikkia Jacques at (919) 228-2407 or njacques@hallrender.com; or
- Your primary Hall Render contact.
Hall Render blog posts and articles are intended for informational purposes only. For ethical reasons, Hall Render attorneys cannot—outside of an attorney-client relationship—answer specific questions that would be legal advice.
