Remote Patient Monitoring (RPM) Compliance Consulting
Last updated: April 2026
OIG enforcement is active. Independent compliance expertise — not vendor software — is what stands between your program and a False Claims Act investigation.
What IHS Does for RPM Programs
IHS is the only independent, non-vendor RPM compliance consulting firm producing practitioner-facing guidance at the intersection of OIG enforcement, CMS billing requirements, and URAC/ACHC accreditation standards. We do not sell RPM devices, software platforms, or monitoring subscriptions. Our only product is compliance expertise — which means our guidance has no conflict of interest.
We serve medical practices, hospital systems, home health agencies, FQHCs, rural health clinics, and digital health vendors who need to build, audit, or defend their RPM programs against CMS scrutiny and OIG investigation.
Why RPM Compliance Is a Crisis, Not a Checkbox
The U.S. RPM market is valued at $16.09 billion in 2025 and projected to reach $29.13 billion by 2030 at a 12.6% CAGR (MarketsandMarkets). Rapid growth without compliance infrastructure is precisely what the OIG is watching. Ten thousand three hundred eighty-eight medical practices billed at least one RPM service in 2024; only 4,639 were billing routinely. The gap between adoption and compliance expertise has never been wider.
RPM Compliance Services
RPM Gap Assessment and Baseline Audit
What you get: A complete audit of your current RPM program against the OIG's five high-risk billing indicators, the 10 most common CMS/URAC/ACHC deficiencies, and the 2026 CPT code transition requirements. We examine clinical workflows, EHR capabilities, time tracking audit trails, patient consent records, device documentation, and prior medical relationship documentation.
Deliverable: Written gap report with deficiency rankings, priority remediation roadmap, and estimated compliance risk exposure by deficiency type.
Who needs this: Any practice currently billing RPM codes, any practice planning to launch an RPM program, and any digital health vendor preparing for a CMS or OIG audit.
CPT Billing Compliance and 2026 Code Transition
What you get: Hands-on guidance through the 2026 CMS Physician Fee Schedule changes — specifically the introduction of CPT 99445 (device supply for 2-15 day transmission periods) and CPT 99470 (treatment management, first 10 minutes) and their mutual exclusivity rules with legacy codes 99454 and 99457. We rebuild your billing logic, EHR workflow triggers, and staff decision trees to reflect current requirements.
Who needs this: Any practice that has not yet updated its billing workflows for the January 1, 2026 code changes. Practices continuing to bill 99454 for patients who transmit fewer than 16 days of data are generating CPT coding errors that OIG automated analysis will flag.
OIG Audit Readiness and Defense Preparation
What you get: A mock OIG audit using the exact five warning flags published in OEI-02-23-00261: missing required care components, enrollment spikes, lack of prior medical relationship, inadequate time documentation, and concurrent device billing. We test your program against each flag, identify vulnerabilities, and produce remediation documentation you can present to auditors.
Who needs this: Practices that have experienced rapid enrollment growth (150%+ month-over-month), practices receiving RAC or MAC prepayment review notices, and practices whose RPM vendor is under OIG scrutiny.
Policy and Procedure Development
What you get: Complete RPM policy and procedure manual covering: patient consent and identity verification, time tracking SOPs with audit trail requirements, escalation protocols for abnormal biometric data, device logistics and FDA medical device documentation, EHR integration records, and prior medical relationship documentation standards. Policies are written to satisfy both CMS billing requirements and URAC RPM Accreditation v1.0 standards simultaneously.
URAC RPM Accreditation Consulting
What you get: End-to-end preparation for URAC RPM Accreditation v1.0 — IHS's core URAC expertise applied to the newest accreditation standard. We map your program against all approximately 45 requirements across the Mandatory, Business, Professional Oversight, Quality/Patient Safety, Clinical Workflows, Technology, and Risk Management modules, prepare documentation for desktop review, and prepare staff for the validation survey.
Timeline: 4 to 6 months from gap assessment to accreditation award. URAC RPM Accreditation v1.0 operates on a 3-year cycle.
State Medicaid RPM Compliance Overlay
What you get: Analysis of state-specific RPM requirements for the states in which you operate. Over 42 state Medicaid programs reimburse RPM with dramatically varied operational parameters. Key state variations include New York (CHF, diabetes, COPD, and maternal health coverage up to 84 days postpartum), North Carolina (established patient requirement, 48-hour documentation rule, no same-day E/M billing), and Arkansas (expanded maternal RPM effective July 1, 2025). We produce a state-specific compliance checklist layered on top of your federal CMS baseline.
Why IHS — The Independent Compliance Difference
The RPM compliance market has a fundamental conflict of interest problem. The organizations producing the most compliance content — RPM platform vendors — are also selling you the software they want you to use. Law firms provide legal defense but cannot fix your clinical workflows. Neither can tell you what an independent compliance expert, with no software to sell, actually recommends.
No Software to Sell
IHS is not affiliated with any RPM platform vendor. Our gap assessments evaluate your current vendor's compliance capabilities — including weaknesses they won't disclose — and make vendor-neutral recommendations. We have assessed programs running on seven different RPM platforms and can give you an honest comparison.
URAC Expertise Applied to RPM
IHS has over 25 years of URAC accreditation consulting experience. When URAC launched RPM Accreditation v1.0, IHS was positioned to translate its accreditation knowledge directly into RPM compliance frameworks — a combination no RPM vendor or RCM firm can replicate.
OIG Report Translation
The OIG Data Snapshot (OEI-02-23-00261) identified the specific billing patterns that triggered the first FCA settlement. IHS translates these findings into actionable program fixes — not legal warnings, not software features, but operational changes to clinical workflows, documentation, and staff training.
Mid-Market Accessibility
Law firms providing RPM compliance guidance bill $400-$800/hour and focus on institutional clients. RCM firms specialize in billing optimization, not compliance program design. IHS fills the gap: specialized compliance expertise priced for the medical practices and mid-market health systems that need it most.
Who We Serve
Medical Practices
Primary care (59% of RPM billing), cardiology (11%), nephrology, gastroenterology, and pulmonology practices billing or planning to bill RPM codes. Focus: CPT billing compliance, OIG audit readiness, staff training.
Hospital Systems and Health Systems
Multi-site organizations with complex EHR integration requirements and higher audit exposure due to billing volume. Focus: enterprise gap assessment, policy development, URAC accreditation.
FQHCs and Rural Health Clinics
Newly eligible to bill RPM codes independently as of 2026. Full compliance guidance for organizations standing up RPM programs for the first time under the new eligibility rules.
Home Health Agencies
Organizations deploying RPM devices in the home setting with complex device logistics, HIPAA data transmission requirements, and escalation protocol documentation needs.
RPM Platform Vendors
Digital health companies (~200 dedicated RPM vendors) needing independent compliance validation, regulatory alignment documentation for enterprise sales, and URAC/ACHC accreditation preparation.
Private Equity and Digital Health Investors
Pre-acquisition due diligence on RPM program compliance posture, post-acquisition remediation planning, and regulatory alignment for portfolio companies preparing to scale.
The 10 Most Common RPM Compliance Deficiencies
These are the deficiencies IHS finds most frequently in RPM program audits — drawn from OIG findings (OEI-02-23-00261) and ACHC survey citation data.
- Missing Required Care Components — 43% of OIG-audited enrollees lacked setup claim, data transmission claim, or treatment management claim. Any missing component invalidates the entire episode of care for billing purposes.
- Incomplete Individualized Plans of Care — 48% of ACHC RPM survey citations. RPM data collected but not integrated into a continuously updated patient-specific care plan.
- Enrollment Spikes — Abrupt, disproportionate surges in RPM billing (150%+ month-over-month growth) flagged as a high-risk fraud indicator in OIG automated analysis.
- Lack of Prior Patient Relationship — 45 practices audited by OIG billed RPM for more than 80% of patients with no documented clinical history or prior established relationship.
- Inadequate Documentation of 20-Minute Interactive Time — Weak audit trails failing to prove the mandatory 20 minutes of interactive clinical time for CPT 99457 occurred synchronously with the patient.
- Concurrent Device Billing — Submitting claims for multiple separate monitoring devices for the same patient within a single 30-day period.
- Overlapping Provider Billing — Multiple disparate medical practices billing RPM for the same Medicare beneficiary in the same month.
- Missing Patient Consent Documentation — Failure to formally document patient consent prior to device deployment, rendering subsequent services unbillable.
- Manual Data Entry Violations — Counting patient-reported manual entries (e.g., typing weight into an app) as physiologic data, violating the FDA auto-transmission requirement.
- Medication Reconciliation Failures — Failing to utilize incoming physiological data to actively review and adjust the patient's drug regimen, as required under ACHC standards.
Engagement Timeline: Zero to Audit-Ready in 4-6 Months
Gap Assessment
Baseline audit of clinical workflows, EHR capabilities, and current billing practices. Executive goal definition and ROI methodology established. OIG 5-flag risk scoring completed.
Policy Development and Vendor Evaluation
Draft policy and procedure manuals. Evaluate FDA-cleared device vendors and software platforms supporting automated time tracking and cellular data transmission. 2026 CPT code billing logic rebuilt.
Workflow Integration and Credentialing
Embed RPM data flows into EHR. Establish patient consent protocols. Verify clinical staff credentialing and supervision requirements by state. State Medicaid overlay analysis completed.
Training and Mock Audit
Staff education on CPT 99454 vs. 99445 distinctions, 20-minute time documentation, and consent requirements. Mock OIG audit using the five published warning flags. Vulnerabilities corrected.
Accreditation Application (if pursuing URAC/ACHC)
Submit documentation for desktop review. Prepare for virtual or on-site validation survey. Initiate program with first patient cohort under new compliance framework.
Organizations already billing RPM that need targeted remediation — rather than a full program build — can typically achieve audit-ready status in 60 to 90 days. The maximum safe clinical monitoring ratio is 120 active patients per Clinical Support FTE; at 150:1, compliance risk escalates exponentially.
Frequently Asked Questions
What are the biggest RPM compliance risks in 2025-2026?
The OIG's 2025 Data Snapshot identified five high-risk billing patterns: missing required care components (43% of enrollees), enrollment spikes of 150%+, billing without a prior medical relationship, inadequate time documentation under CPT 99457, and concurrent device billing. The June 2025 FCA settlement confirmed OIG is in active enforcement mode. See our full FAQ for detailed analysis of each risk.
What new CPT codes took effect January 1, 2026?
CPT 99445 (device supply, 2-15 day transmission) and CPT 99470 (treatment management, first 10 minutes). Both are mutually exclusive with legacy codes 99454 and 99457 respectively. See our RPM Billing Guide for complete 2026 code details and reimbursement rates.
Can FQHCs and Rural Health Clinics now bill RPM?
Yes. As of 2026, FQHCs and RHCs are newly eligible to bill RPM codes independently. Full compliance guidance for organizations standing up new RPM programs under these rules is available through IHS's gap assessment service.
Related Services
Start with a Gap Assessment
OIG is auditing active RPM billers now. The first step is understanding exactly where your program stands against the five OIG warning flags and the 2026 CPT requirements. IHS conducts RPM gap assessments with a written deliverable within 30 days of engagement.