May 16, 2022

Volume XII, Number 136


May 16, 2022

Subscribe to Latest Legal News and Analysis

May 13, 2022

Subscribe to Latest Legal News and Analysis

Understanding Compliance Regulations for Continuous Glucose Monitoring (CGM)

Continuous glucose monitoring (“CGM”) is a new and attractive way of monitoring glucose levels.  Companies specializing in CGM need to comply with specific healthcare laws and regulations.  Such medical developments make CGM companies especially prone to increased federal scrutiny.  

Federal authorities such as the Centers for Medicare and Medicaid Services (“CMS”); the Department of Health and Human Services’ Office of Inspector General (“OIG”); and the Department of Justice (“DOJ”) vigorously aim to investigate and prosecute companies who allegedly make false representations to the government or who allegedly take advantage of federally funded benefit programs.  Additionally, the consequences of the novel coronavirus have placed a unique strain on the entire healthcare industry.  

Violating federal healthcare statutes can wreak havoc on a company’s business operations.  Punishment can include fines and penalties, disgorgement, injunctions, and sometimes jail time.  

For this reason, it is critical to implement a comprehensive CGM compliance program that detects, corrects, and monitors the company’s internal operations for noncompliance, fraud, illegality, and other instances of misconduct.  

What are Continuous Glucose Monitoring Companies?

Continuous glucose monitoring (“CGM”) companies offer specialized equipment that automatically tracks a patient’s blood sugar levels.  This piece of equipment is a sensor that is placed under the patient’s skin and measures the glucose levels between the patient’s cells.  

The sensor then reads the glucose levels and sends the information to a monitor wirelessly.  CGM companies are growing in popularity because they allow patients to view their levels multiple times a day and, ultimately, decide how to best manage any identified deficiencies.  

The popularity and success of these companies has caught the eye of federal authorities.  These federal authorities continue to evaluate whether all healthcare statutory provisions are being complied with or whether there is any fraud present.  It is obligatory for CGM companies to be cognizant of such federal laws, which are described in the next section.

Federal Laws Regulating Companies Dealing with CGM

Below are the most typical federal civil and criminal statutes for which CGM companies need to be aware:

Eliminating Kickbacks in Recovery Act (“EKRA”)

EKRA prohibits labs, clinics, recovery centers, and other clinical facilities from accepting or paying kickbacks for patient referrals.  It is broader than other statutes such as the Anti-Kickback Statute in that healthcare benefit programs include both state and federal healthcare programs such as Medicare and Medicaid as well as private health insurance plans.  

Anti-Kickback Statute (“AKS”)

AKS prohibits knowingly and willfully making payments to induce patient referrals or generate business pertaining to any service payable to governmental healthcare programs.  As opposed to EKRA, AKS only applies with respect to federal and state healthcare programs.  

False Claims Act (“FCA”)

The FCA prohibits fraud against the government by submitting fraudulent information or making false statements.  In addition to FCA lawsuits by the government, the FCA contains a provision that allows for qui tam lawsuits—lawsuits brought by whistleblowers.

Health Insurance Portability and Accountability Act (“HIPAA”)

HIPAA regulates the disclosure of patient health information including health conditions and personal information such as address and social security number.  The statute ensures the confidentiality of patient information; aims to identify threats to the security of patient information; and protects against the unauthorized and illegal disclosure of such information.

Program Fraud Civil Remedies Act

This statute prohibits anyone from stating a claim that they know to be false and prohibits them from omitting a material fact.  

Section 666. Theft or bribery concerning programs receiving federal funds

This provision makes it a federal crime for anyone to engage in the theft of federal funds involved in a federal program or to misapply property under the control or custody of the government or one of its federal agencies.

Conspiracy to defraud the United States (18 U.S.C. § 371)

This statute makes it a crime to conspire to commit a crime against the United States or to defraud the United States or any of its agencies.

Mail and Wire Fraud Statutes (18 U.S.C. § 1341, 18 U.S.C. § 1343)

These statutes make it a federal crime to use the mails or wires to send or electronically transmit something that was associated with or that involved fraudulent acts.

U.S. Code Section 1001

This Section in the U.S. Code prohibits anyone from making false statements to the government.  Broadly, the text of the statute prohibits (1) falsifying or concealing a material fact; (2) making any materially false or fraudulent statement; or (3) making or using any false writing while knowing that it contains a false statement.  

In addition to the above, there may be additional federal and state statutes that apply to healthcare companies that specialize in CGM.  

Continuous glucose monitoring companies are important companies in that they are providing a service and technology that are very beneficial to patients but, at the same time, are novel and rely on specialized technology.  Federal authorities tend to scrutinize new developments, especially in the healthcare industry despite the purpose of the healthcare company or the results it achieves.  For this reason, it is imperative to retain a healthcare defense attorney as soon as you are under investigation or suspect that you are under investigation.  An attorney can help your CGM company set up, implement, and monitor an effective compliance program that identifies and corrects instances of noncompliance. – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C. 

CGM Compliance Checklist

Below is a comprehensive checklist for successful CGM compliance.  It includes key policies that should be included in the compliance program; important steps to take to monitor compliance; and internal practices to adopt within the CGM company for best practices.

CGM Compliance Program

  • Hire a law firm experienced in analyzing the effectiveness of your CGM compliance program.  Attorneys are skilled negotiators and defenders of healthcare companies’ compliance with federal law and regulations.  An attorney can help CGM companies implement a robust compliance program as well as defend it against federal accusations or allegations of noncompliance.

  • Implement and practice comprehensive due diligence practices.  Due diligence are critical steps a company undertakes prior to entering into any transaction.  Examples of strong due diligence measures include background checks; second opinions; and verification of payments.

  • Develop effective risk assessment procedures.  Risk assessment measures should reflect the particular needs of the business, including its target customers.  They should also be utilized before, during, and after major transactions such as mergers or takeovers.

  • Utilize annual employee compliance training.  Training enables all company personnel to remain up-to-date on the latest healthcare developments and federal statutes relating to the industry.  Training should be mandatory and should apply to individuals at all levels and all positions within the CGM company.

Monitoring Compliance

  • Conduct regular external audits by independent compliance auditors in order to regularly evaluate compliance.  These auditors must be independent professionals who are trained to provide impartial advice on the effectiveness of the compliance program.  Surprise audits can be beneficial because they inform CGM companies of their compliance at any moment during the year.

  • Regularly assess internal controls. CGM companies must implement policies that assess their accounting practices’ internal controls.  This helps prevent internal instances of fraud, abuse, or other misconduct.  

  • Implement detailed recordkeeping provisions.  Compliance programs cannot merely look good on paper; they have to be effective in practice and such effectiveness needs to be properly documented and recorded.  

  • CGM compliance code of conduct.  The code of conduct within a business sets the internal work environment by ensuring that compliance, anti-retaliation, anti-corruption, and due diligence remain the top priorities.

Internal Policies 

  • Be mindful of changes in the legal and regulatory environment.  CGM companies should ensure that their compliance programs are updated to reflect changes in the legal and regulatory environment.  

  • For instance, recent changes in federal legislation due to the novel coronavirus have necessitated drastic changes within the healthcare industry.  

  • The increased federal attention on medical necessity and documentation have required healthcare companies to adopt more detailed verification and documentation policies.

  • Focus on high-risk areas.  Special attention should be given to high-risk transactions such as those involving sales to foreign parties or foreign entities or transactions that are high in value.

  • Ensure that your business has implemented a successful yet anonymous anti-retaliation program.  No business is immune from the possibility of disgruntled employees.  It is therefore critical that CGM companies set up a safe and secure way for personnel to report violations or misconduct in an anonymous manner without retaliation. 

  • Guarantee a work environment with clear communications and an honest culture.  Senior personnel should encourage an attitude of frequent and open communications.


CGM compliance is critical not only for the successful operation of CGM companies but also to avoid unnecessary federal scrutiny.  CGM companies must ensure that their internal compliance programs contain strict policies mandating compliance with federal law.

Violating federal healthcare statutes regulating your business could expose your business to a federal investigation, substantial fines and penalties, disgorgement orders, injunctions, loss of ability to receive government funding or do business with the government, loss of customer base and business contacts, and reputational harm.  

Imprisonment is also a possibility.  For this reason, it is imperative to always maintain continuous compliance with federal law.  Retaining the advice of an experienced federal defense attorney can help you achieve these objectives.

Oberheiden P.C. © 2022 National Law Review, Volume XI, Number 196

About this Author

Dr. Nick Oberheiden Federal Criminal Defense Attorney Oberheiden PC
Federal Criminal Defense Attorney

Dr. Nick Oberheiden focuses his litigation practice on white-collar criminal defense, government investigations, SEC & FCPA enforcement, and commercial litigation. He has defended clients in PPP Loan Fraud cases and COVID-19 investigations. Nick also directs internal corporate investigations and he leads defense teams in whistleblower actions, corporate defense cases, as well as cases involving national security and elected officials.

Clients from more than 45 U.S. states have hired Nick to seek effective protection against government...