Medicare Remote Patient Monitoring Billing Credential Authority Failure Through Claims Submitted Without Encoding Conditions Under Which Monitoring Services Were Delivered

Remote patient monitoring allows patients to collect physiological measurements — blood pressure, glucose, weight, heart rate — using connected devices that automatically transmit data to their care team. Medicare began covering RPM services widely in 2019. The program has expanded rapidly: payments grew 31 percent from 2023 to 2024, reaching $536 million, and nearly one million beneficiaries received RPM services in 2024. The growth trajectory has continued every year since coverage began.

Medicare coverage requires that RPM meet defined conditions: a device capable of automatically collecting and transmitting physiological data must be supplied; the patient must have an established relationship with the billing provider; monitoring data must be transmitted and reviewed by clinical staff; and treatment management must be performed for a minimum time each month. The billing codes authorized by Medicare — the provider's billing credential — do not encode whether these conditions were met. They encode that the service was claimed. Medicare pays on the claim.

The OIG issued a consumer alert in November 2023 identifying organized RPM fraud schemes involving cold-call enrollment, non-compliant devices, and billing for phantom monitoring services. In September 2024, the OIG published a formal oversight report finding that nearly half of enrollees who received RPM services did not receive all three required components — education and setup, device supply, and treatment management. The OIG added an RPM audit to its work plan in December 2024. The August 2025 data-driven report analyzed all Medicare RPM claims for 2024 and identified specific billing patterns indicating fraud, waste, and abuse risk.

The billing patterns identified include: 45 practices billing for patients with no prior documented relationship — one practice with more than 30,000 enrollees without any prior relationship; 32 practices with enrollment growth of 150 percent or more in a single month — one enrolling 3,400 patients in a single month; and approximately 20 practices billing for two or more devices per enrollee per month, contrary to Medicare's one-device limit. In June 2025, the DOJ announced a $1.29 million FCA settlement with Health Wealth Safe, Inc., whose owner billed Medicare for RPM services without furnishing devices capable of automatically collecting and transmitting patient data — a basic coverage requirement. No compliant device was ever supplied. The billing credential was used regardless.

The provider billing credential — enrollment in Medicare as a qualified RPM provider — authorizes submission of RPM claims. It asserts that the provider is qualified to deliver the service. It does not encode whether the specific conditions required for a valid RPM claim were present at the point of service: whether a compliant device was furnished, whether an established patient relationship existed, whether physiological data was actually transmitted and reviewed, or whether clinical time was spent on treatment management. Medicare accepts the claim because the credential is valid. The conditions that make the claim permissible are supplied by the relying party — Medicare — through inference, not through evaluation of what the credential contains.

This is the same structural condition documented in Case 103 (DMEPOS inpatient billing) — a provider credential that authorizes billing without encoding when billing is permitted. The RPM case extends the pattern into a program that did not exist five years ago, is growing at 31 percent annually, and has already attracted organized fraud schemes within five years of its creation. The OIG's identification of billing patterns — no prior relationship, sudden enrollment spikes, phantom devices — confirms that the structural gap is being exploited systematically. CMS did not implement safeguards in response to the 2024 OIG report, and the 2025 report reiterated the same recommendations. The gap that permits the billing without the service has not been closed.

The OIG published billing measures designed to identify practices warranting further scrutiny and recommended that CMS, Medicare Advantage Organizations, and contractor entities monitor for the identified patterns. CMS did not implement the OIG's 2024 recommendations in the CY 2026 fee schedule. The OIG reiterated those recommendations in the August 2025 report. The June 2025 FCA settlement of $1.29 million resolved allegations involving one practice. The OIG noted that the billing patterns identified do not per se constitute fraud — they are screening metrics for prioritizing program integrity reviews. The detection mechanism operates after payment has been made and after program integrity review has been completed. The credential that authorized the payment does not encode whether the service condition was met.