On August 25, 2025, the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) issued a report analyzing Medicare billing practices for remote patient monitoring (“RPM”) services during 2024. As RPM technologies have matured and become more accessible, their availability has driven widespread adoption and enhanced patient care by enabling continuous, data-informed management outside the clinic; at the same time, this proliferation has attracted heightened government attention. The report highlights the rapid growth of RPM utilization and payments, identifies patterns that may be indicators of potential fraud and abuse, and reiterates the need for enhanced oversight by the Centers for Medicare & Medicaid (“CMS”). The OIG’s findings assist providers in assessing regulatory and compliance implications.

Key Findings

1. Medicare Payments: Medicare payments for RPM services reached $536 million in 2024, a 31% increase from 2023. Further, nearly one million Medicare enrollees received RPM services, a 27% increase from 2023.

2. Provider Participation: Approximately 4,600 medical practices regularly billed for RPM services in 2024. Broken down, this amounts to each medical practice billing for approximately 70 enrollees annually, adding five new enrollees each month.

3. Billing Practices Warranting Further Scrutiny: OIG, through its data analysis, determined that certain practices or models indicate Medicare RPM billing practices “that warrant further scrutiny.”  For example:

  1. Billing Spikes: Significant increases in new RPM enrollees, such as one practice adding 3,400 new enrollees in a single month, which OIG acknowledges may be legitimate programmatic growth, however it could serve as a marker for potential fraud.
  2. Lack of Prior Relationship: 45 medical practices billed Medicare for RPM services for more than 80% of patients with whom they had no prior medical relationship. Medicare generally requires a medical practice to establish a patient relationship with the enrollee through either an in-person service or telehealth service prior to billing for RPM services.
  3. Missing Treatment Management: 52 medical practices billed for RPM services for more than 75% of their enrollees who never received required treatment management. Treatment management includes when a provider reviews the enrollee’s data to make clinical decisions about their care. OIG recognized that not all patients will need such management each month but is concerned that “a medical practice that has a high percentage of enrollees who never received treatment management in any month warrants further scrutiny.”
  4. Multiple Practices Billing Same Enrollees: 34 medical practices frequently billed RPM services for the same enrollees as two or more other practices, raising concerns about unnecessary and duplicative services.
  5. Multiple Device Billing: Approximately 20 medical practices regularly billed for two or more RPM devices per enrollee per month, despite Medicare generally allowing only one device per month.

Heightened Enforcement and Audit Risk

Once again, the OIG reiterates its call for CMS to implement additional safeguards to ensure RPM is used and billed appropriately, including monitoring for the foregoing billing patterns. Providers should expect more frequent audit inquiries from CMS, especially if their billing patterns resemble the aforementioned billing indications necessitating further scrutiny.

This report comes after the OIG published a consumer alert in November 2023 involving a fraud scheme related to RPM billing (the “Consumer Alert”). The Consumer Alert discussed a scam involving Medicare enrollees getting signed up for RPM through phone solicitations (cold calling), internet ads (click bait), or TV advertising. The scammers billed for set-up, patient teaching, and monthly monitoring data. However, the proper Food and Drug Administration (“FDA”)-approved devices were often never sent.

In September 2024 OIG published a report (the “2024 Report”) reviewing and recommending increased oversight over RPM services and billing practices in Medicare. The 2024 Report discussed the significant rise in the use of RPM in Medicare between 2019 to 2022 and its growing concern regarding potential Medicare fraud. RPM fraud typically involves allegations that monitoring is not being used as intended, companies signing-up enrollees for medically unnecessary RPM, and billing for services that are not, in fact, provided. OIG stated that the Medicare program currently lacked critical information for oversight, particularly regarding details about the heath data monitored, devices used, and providers who request and deliver the services. McGuireWoods previously discussed the findings in the report and its future implications in an FCA Insider article published in November 2024.

The calls for increased oversight after the Consumer Alert and the 2024 Report was followed by an audit of Medicare Part B RPM services announced in December 2024. It has an expected issue date of 2026. OIG notes that it will “determine whether providers furnished and billed for RPM services in accordance with Medicare requirements.”

Recommended Action

Despite increased scrutiny, CMS continues to work to expand reimbursement for RPM services while reducing operational hurdles, as discussed in a recent McGuireWoods alert focusing on RPM in the 2026 Medicare Physician Fee Schedule Proposed Rule. RPM can therefore be a great tool for healthcare providers to deliver value-add for their patients and be paid for ongoing services.

To implement these programs, providers should navigate RPM billing requirements by adding certain proactive protections for their programs, including:

  1. Conduct Internal Audits: Review RPM billing data for spikes in new enrollees, a lack of prior relationships, multiple device billing, missing treatment management or other anomalies. If the practice identifies such billing, document the reasons for these findings or take other corrective action.
  2. Update Policies and Training: Ensure that relevant provider staff are trained on Medicare RPM coverage and billing requirements and documentation standards.
  3. Strengthen Documentation: Maintain clear records of prior patient relationships, medical necessity, device provision, and treatment management.
  4. Prepare for Audits: Remain vigilant and prepared to respond to OIG or CMS inquiries regarding RPM billing practices.
  5. Medical Necessity: Ensure RPM is medically necessary for each patient through documentation of the initial diagnosis and need for RPM as well as ongoing monitoring of the patient’s condition using an FDA-approved device.

The OIG’s August 2025 report underscores the need for robust provider compliance programs around RPM services. Due to rapid growth and increased scrutiny, providers should proactively assess and strengthen their RPM billing practices to ensure compliance and mitigate enforcement risk.

For more information about RPM billing, compliance, audits, or investigations, please contact one of the authors of this alert.

The authors thank McGuireWoods summer associate Cleo M. Medina for assistance preparing this legal alert. She is not licensed to practice law.