On November 22, 2023, HHS-OIG issued a consumer alert to Medicare beneficiaries concerning a fraud scheme relating to remote patient monitoring (RPM) services. The scheme involves unsolicited contact by scammers who (i) enroll beneficiaries in RPM programs that are not medically necessary, (ii) bill for equipment and monitoring that are not provided or not approved, and (iii) compromise beneficiary personal information.
The Scheme
According to HHS-OIG, the fraud scheme targets Medicare beneficiaries through phone calls, texts, and internet and television ads. The scammers may claim to be from durable medical equipment companies or pharmacies, and offer free or low-cost RPM devices in exchange for the beneficiary’s Medicare Beneficiary Identifier (MBI) (i.e., the 11-character number assigned to each beneficiary). After obtaining the beneficiary’s MBI, the scammers bill for equipment setup, patient education, and monthly monitoring, regardless of whether the beneficiary needs or receives the services. The equipment, for example, may not be approved by the FDA or may not be sent at all. Similarly, the monthly monitoring may not occur, or may not meet the Medicare requirements for frequency and duration.
The Response
HHS-OIG makes it clear in the alert that it will investigate “unscrupulous” enterprises that engage in RPM schemes and, in the coming months, RPM companies should expect the agency—utilizing data analytics and in collaboration DOJ and its other law enforcement partners—to be actively involved in the RPM space. The agency recognizes that legitimate RPM service providers may be adversely affected by the fraud schemes detailed in the consumer alert and, more specifically, by the increased scrutiny of the RPM industry that these schemes necessarily generate. HHS-OIG does not intend to discourage proper RPM arrangements that comply with the law and benefit patients. Indeed, in its July 2022 Special Fraud Alert on the topic of fraudulent telemedicine companies, the agency clearly distinguishes legitimate RPM—characterized by an established physician-patient relationship, a valid medical necessity determination, and appropriate patient education—from fraudulent schemes such as those described in the agency’s November consumer alert.
The Take-Aways
RPM is a valuable tool for improving health care quality and access, but it also poses challenges and risks for both beneficiaries and providers. Digital health companies that offer RPM services should take proactive steps to ensure compliance with the Medicare rules and regulations. More specifically, HHS-OIG recommends that RPM companies (i) conduct compliance reviews to identify any risk areas, such as improper billing, inadequate documentation, or insufficient monitoring; and (ii) implement compliance programs that include policies and procedures, training and education, internal monitoring and auditing, reporting and response mechanisms, and disciplinary actions. These measures will help RPM companies prevent, detect, and correct any potential violations, and demonstrate their commitment to ethical and lawful conduct.