On November 22, 2023, while many were preparing for the Thanksgiving holiday, the Office of Inspector General (OIG) posted a consumer alert (Alert) warning the public about a fraud scheme involving monthly billing for remote patient monitoring (RPM).

The Alert follows several large civil and criminal investigations over the last few years of fraud schemes involving companies that claimed to provide telemedicine or telehealth services, but allegedly engaged in kickbacks and substandard medical practices to generate medically unnecessary orders and prescriptions and likely will result in increased scrutiny of all RPM companies.

The RPM Fraud Scheme

The OIG says the fraud scheme involves unsolicited contact by unscrupulous companies targeting Medicare beneficiaries to set up monthly billing for RPM equipment and services regardless of medical necessity. According to the OIG, scammers are contacting Medicare enrollees through phone solicitations (“cold calling”), texts, internet ads (“click bait”), and TV advertising. Once these organizations obtain the Medicare beneficiary’s personal information (e.g., the individual’s Medicare number), they begin billing the Medicare program for setup of the equipment, patient education, and monthly monitoring of data. Typically (according to OIG), the scammers never send the patient the equipment requested (or the equipment is not FDA-approved) and the monthly monitoring never happens, but the enrollee is billed monthly, anyway. Durable Medical Equipment (DME) companies and pharmacies are specifically flagged by the OIG as organizations who may be making these offers or claims.

The OIG recommends individuals protect themselves by, among other things, not accepting medical equipment that hasn’t been ordered by their health care provider and being suspicious of anyone who offers free medical equipment and then requests the individual’s Medicare number.

What Does this Mean for Remote Monitoring and Digital Health Companies?

In the coming months we anticipate the OIG will increase investigations of “unscrupulous” RPM and digital health companies and target arrangements and practices the government agencies believe are illegal. It is not uncommon for a major takedown shortly after one of these fraud alerts is issued.

However, there is a difference between bona fide RPM services and suspect arrangements that do not involve the legitimate use of remote monitoring technology to deliver medical care. The OIG refers to the latter as “telefraud” schemes, and has noted (in a July 2022 Special Fraud Alert) that it is important to distinguish those schemes from “telehealth fraud.” As such, this Alert is not intended to discourage legitimate RPM arrangements. Indeed, the OIG acknowledges that, when used properly, remote patient monitoring is “beneficial for those whose condition might deteriorate quickly, where monitoring can reduce complications, hospitalizations or death.”

RPM and digital health companies should take practical steps to help ensure their services, operations, and billing practices adhere to Medicare and Medicaid requirements. A prudent approach would be to conduct a privileged compliance review of current operations and arrangements, identify risk areas, and promptly fix them if necessary. RPM and digital health companies also should consider implementing a health care fraud and abuse compliance program consistent with OIG’s new General Compliance Program Guidance. A few efforts taken now can help reduce the risk a company will find itself on the receiving end of an overpayment demand or a False Claims Act investigation.