RPM: A New Frontier

Remote Patient Monitoring (RPM) is reshaping healthcare by allowing providers to track patient health outside traditional clinical settings. This approach cuts down on the need for frequent in-person visits and helps clinicians intervene earlier when managing chronic or acute conditions. The rapid expansion of RPM has also resulted in increased scrutiny from regulators, with close attention being paid to providers’ compliance with proper billing and coding practices. Thus, it’s more essential now than ever before to understand the benefits and legal risks of adding RPM services to your practice.

Growth and Revenue Potential

Demand and public support for RPM services continues to climb. Market research has indicated that by 2025, more than 71 million Americans are expected to use RPM services. Globally, RPM is expected to reach a market value of $42 billion by 2028, thanks to software innovations and the growing availability of connected medical devices. For medical practices, enrolling as few as 500 patients in RPM could generate between $100,000 and $240,000 per year, as noted in a recent MedCentral report. RPM therefore poses significant opportunities for established telemedicine providers looking to offer additional services to their patients.

Regulatory Oversight and Fraud Concerns

Regulators like OIG and CMS have also taken notice of the significant demand for and revenue generating potential of RPM, noting it as a potential hotbed for fraud. An OIG report observed a tenfold rise in Medicare beneficiaries using RPM from 2019 to 2022, but also found that 43% of beneficiaries did not receive all three required components of RPM services (education/setup, device supply, and treatment management). Fraudulent activities, such as enrolling beneficiaries without medical necessity or billing for services that never took place, have also been highlighted as concerns.

This heightened scrutiny underscores the need for compliance. The OIG recently added RPM fraud oversight to its Work Plan for 2025, signaling more frequent audits and possible enforcement actions. Providers who do not meet documentation and billing requirements could face recoupments or legal penalties.

What is Remote Patient Monitoring (RPM)?

RPM refers to the collection of patient data through devices such as blood pressure monitors, glucose meters, and wearable sensors, offering real-time insights that inform clinical decisions.  RPM is commonly seen as a subset of traditional telehealth services, which generally focus on communication—video visits, phone calls, or messaging—to deliver care remotely. Although both approaches fall under virtual healthcare, RPM deals more with continuous data collection, while telehealth is about remote interaction with a provider. When used together, these strategies can help clinicians address potential issues before they escalate.

The Legal Risks of Noncompliant RPM Billing

Because RPM devices transmit large volumes of data outside of office visits, they can introduce unique risks. For one, incomplete service delivery is a prominent concern. Research indicates that nearly half of Medicare beneficiaries using RPM do not receive all required service components. Additionally, collecting inaccurate or incomplete data is another risk, as technical problems with RPM devices or insufficient patient education on proper device usage can reduce reliability. These gaps can complicate patient care and create billing complications if the data does not meet payor documentation standards.

Key RPM CPT Codes and Their Applications

The Centers for Medicare & Medicaid Services (CMS) has established specific CPT codes for RPM services. Each code corresponds to a distinct aspect of RPM care. Common codes used for RPM services include:

• CPT Code 99453: Covers the initial setup of monitoring devices and patient education. This is a one-time billable code billed after patient enrollment. It requires at least 16 days of device usage within a 30-day period to qualify for reimbursement.
• CPT Code 99454: Reimburses for the monthly supply of devices, data collection, and transmission. Like 99453, the code cannot be billed unless the patient has at least 16 days of device usage or readings within a 30-day period.
• CPT Code 99457: Applies to the first 20 minutes of interactive remote care management provided by a physician or qualified healthcare professional each month. This code applies only where the provider has live and/or interactive virtual communication with the patient.
• CPT Code 99458: An add-on code for each additional 20 minutes of interactive care management beyond the initial 20 minutes covered by 99457.
• CPT Code 99091: Covers at least 30 minutes of physician time spent collecting and interpreting physiologic data digitally transmitted by patients. Unlike other codes, it does not require interactive communication but focuses on data analysis.

These codes allow providers to bill for various components of RPM services, from device setup to ongoing care management, ensuring comprehensive reimbursement for their efforts.

Meeting Medicare Requirements: How Providers Can Avoid Common RPM Billing Pitfalls

Medicare outlines specific guidelines for RPM billing. First, as with other forms of telehealth, patient records must document the patient’s consent (whether written or verbal) to RPM and should clearly detail the care provided, including the amount of time spent on patient management. Several types of documentation mistakes can open providers up to claim denials or audits, including incomplete documentation of time, misunderstanding code requirements (e.g., the 16-day usage rule), and missing the 20-minute threshold for codes that require interactive communication. Further, any devices used must meet the definition of a medical device as defined by the FDA.

Non-compliance with Medicare’s reimbursement requirements can have serious consequences. Notably, the Office of Inspector General has flagged insufficient documentation and improper billing as areas of concern, recommending stricter documentation practices and expanded education on RPM billing codes for healthcare providers.

Strategies for Compliance and Profitability

Providers wanting to tap into RPM’s financial potential while minimizing regulatory risks should focus on thorough documentation, staff training, and patient engagement. Having detailed records of device usage, time spent on patient interactions, and clinical decision-making build a strong defense in the event of an audit. But keeping detailed patient records is only half the battle. Training billing teams and clinicians on best practices for appropriate billing, including RPM-specific code requirements and time thresholds, helps prevent errors at the source. Finally, patient education is essential. Explaining the importance of consistent device usage, and offering patients technical support when necessary, can ensure data accuracy and prevent claims denials tied to incomplete monitoring periods.

Many practices also conduct regular internal audits. These reviews help identify coding or documentation issues before they snowball into larger compliance problems. Automated care management software can further simplify claims submission, verify that time and usage thresholds are met, and alert staff to missing or incomplete documentation.

Conclusion

RPM has the potential to improve patient outcomes and create new revenue streams, but it also requires providers to establish thorough compliance protocols tied to new and evolving regulations. As federal oversight increases, providers must ensure that their billing and coding practices align with Medicare guidelines and other payor requirements. By staying informed, documenting all services thoroughly, and fostering patient engagement, healthcare organizations can harness RPM’s benefits while mitigating legal and financial risks.