OIG calling for greater remote patient monitoring oversight: What practices need to know

© MITstudio - stock.adobe.com

The Department of Health and Human Services Office of Inspector General (OIG) recently published a detailed report calling for additional oversight of remote patient monitoring (RPM) in Medicare. This report has sparked criticism from various RPM industry thought leaders, including the Alliance for Connected Care. In response, OIG has clarified several of its findings while reiterating its general support for RPM as a program.

For healthcare organizations with active RPM programs or those considering launching such programs, here are the key takeaways from the OIG's 30-plus page report, "Additional Oversight of Remote Patient Monitoring in Medicare Is Needed," along with interpretation and commentary.

OIG RPM report: Findings and analysis

1. Increased RPM adoption

OIG Finding: "The use of remote patient monitoring in Medicare increased dramatically from 2019 to 2022."

Analysis: While OIG seems to view this increase negatively, it's actually a positive development. Medicare coverage and reimbursement for RPM were introduced in 2018, with the most important coverage rules clarified in March 2019.

The significant increase in RPM patients compared to when the service was first announced and rolled out is unsurprising. It's clear that when Medicare started reimbursing providers for monitoring their patients, the result would be more providers offering this service. However, the fact that there was significant RPM adoption is not ipso facto evidence of abuse. What matters is why there was adoption and whether the benefits outweigh the costs.

On that front, a growing body of clinical evidence demonstrates that well-designed RPM programs positively impact patients with conditions such as hypertension, congestive heart failure, and diabetes. Based on public Medicare data, only about 5% of eligible Medicare patients received RPM services in 2022, suggesting room for further — and significant — growth in utilization of remote patient monitoring.

The dramatic tone OIG took when describing RPM adoption ("ten-fold growth!") misses the most important point: RPM is a fast-growing and highly valuable service that is moving from its "pilot" stage to becoming an inherent and valuable part of our healthcare system. OIG is correct that the growth of RPM means more resources need to be allocated to checking for bad-faith actors and non-compliant programs. However, the resources Medicare should spend on RPM diligence should be proportional to the investment in RPM coverage. Given the impact of these programs and the current low ratio of Part B RPM eligible versus enrolled patients, this investment will likely continue to grow.

2. Flexibility in RPM service delivery

OIG Finding: "About 43 percent of enrollees who received remote patient monitoring did not receive all 3 components of it, raising questions about whether the monitoring is being used as intended."

Analysis: This finding demonstrates a misunderstanding of the RPM billing structure's intentional flexibility. The different RPM CPT codes (99453, 99454, and 99457/99458) are not "components" that must all be delivered together. Rather, they are separate, billable services designed to accommodate various RPM program structures. The codes and what they broadly cover are as follows:

• CPT 99453: Initial setup and patient education
• CPT 99454: Supply of devices and collection of patient physiologic data
• CPT 99457/99458: Remote physiologic monitoring treatment management services

The current structure of these codes is the result of an evolving understanding of RPM services. Initially, all RPM was bundled into underlying services. This was followed by the AMA and Medicare unbundling and allowing the billing of CPT code 99091, which included both device readings and time spent on patient monitoring. However, this single code didn't provide enough flexibility to account for the various components of RPM services. In response, CMS introduced the individual codes primarily used today, further separating the service to allow more flexibility in payment for different aspects of RPM.

This flexibility is a feature, not a bug, of the newer RPM coding. Many valuable RPM programs may not require 16-measurement days (the threshold for billing CPT 99454) but still provide significant benefits to patients through the time-based treatment management services (CPT 99457/99458).

OIG's interpretation of incomplete service delivery fails to recognize that:

• Medicare has never mandated the use of all three codes for a compliant RPM program;
• the separate billing structure allows for customization based on patient needs and program design; and
• worthwhile RPM interventions can occur even when not all codes are billed each month.

In fact, it would be concerning if almost all patients were billing for all possible RPM codes each month, as this could be evidence of overuse or an improper, one-size-fits-all approach. The current pattern of providers scaling their programs and billing for patients on a case-by-case basis across the four available codes is precisely what the separated code structure was designed to encourage.

3. Medicare RPM oversight challenges

OIG Finding: "Medicare lacks key information on the devices being used and the vitals being monitored."

Analysis: OIG's observation is not incorrect. Medicare would indeed benefit from collecting more information on the types of devices used in RPM programs. While Medicare can glean some condition data from ICD codes, more detailed insights into devices and conditions could be valuable for oversight and program improvement.

However, it's important to understand why this information isn't currently collected. The AMA and Medicare purposefully built the RPM codes to avoid specifying conditions or devices, with the explicit goal of encouraging innovation. This flexibility has provided for valuable clinical applications beyond initial expectations, such as foot ulcer monitoring to reduce amputations and Parkinson's tremor monitoring.

The challenge lies in balancing the need for oversight with the desire to foster innovation. While OIG's call for device-specific and condition-specific codes is understandable from an oversight perspective, it needs to be balanced against stifling the innovation that has helped make RPM so valuable.

OIG Finding: "OIG and CMS have raised concerns about fraud related to remote patient monitoring."

Analysis: While OIG's concern is valid, it's important to clarify the landscape of RPM service providers and distinguish between legitimate business models and fraudulent actors.

There are primarily two types of legitimate RPM companies:

1. Agent model: These companies act as extensions of the patient's physician, providing care management under the physician's supervision. The physician bills for RPM codes, maintaining active involvement and coordination with the company.
2. Independent clinic model: These companies operate more independently, taking referrals from physicians and managing most aspects of RPM care. They bill Medicare directly for their services.

The OIG report identified 41 companies operating under the second model. The concern here is that Medicare lacks visibility into the true patient relationship because the underlying patient physician does not come through in the claims data, which could potentially lead to oversight challenges.

I share some of the OIG's concerns regarding the second type of RPM company. The business I founded, which provides RPM services, selected the agent model because, from our experience, RPM and other care management services are most effective when performed in close collaboration with the patient's primary physician and their staff. With that said, there are clinic model companies that are acting in good faith and making tangible, beneficial differences in patient's lives, and they should not all be grouped together as was inferred in the OIG report.

While increased scrutiny of the independent clinic model may be warranted, it's crucial to note that Medicare has already taken steps to address potential issues. For instance, revoking the waiver that allowed non-active patients to be enrolled in RPM makes it more difficult for third-party companies to operate without close collaboration with the patient's primary provider.

The OIG report also mentions concerns about fraudulent actors who are not legitimate RPM companies at all, but rather scammers targeting elderly individuals. It's also important to distinguish these bad actors from legitimate RPM providers. The RPM industry as a whole supports efforts to identify and eliminate these fraudulent operations, as they undermine the credibility and effectiveness of genuine RPM services.

Ramifications of the OIG's RPM report

CMS is not obligated to incorporate any of OIG's recommendations into future rulemaking. Despite that, CMS has already started incorporating changes to mitigate the legitimate concerns in the OIG report, and I expect them to continue to do so.

The most important takeaways from this report for healthcare organizations are twofold:

1. Partner with a compliance-first partner/vendor for your RPM programs. Make sure there is the required coordination in care management between your office and the vendor if you are outsourcing management of your RPM program.
2. Stay informed about regulatory changes and updates but continue leveraging the benefits of RPM. After publishing its report, OIG clarified that it supports the continued use of RPM and is now seeking more transparency. No one should be worried about starting or expanding good-faith RPM programs because of this report.

By focusing on these aspects, healthcare providers can ensure they're maximizing the clinical, financial, and operational value of RPM while mitigating potential compliance risks.

Daniel Tashnek is the co-founder of Prevounce Health, a healthcare software and services company that simplifies the provision of preventive medical services, chronic care management and remote patient management. Daniel is also a practicing healthcare attorney specializing in regulatory compliance, reimbursement, scope of practice, and patient care issues.