RPM Manual
The practical 2026 guide to device rules, day thresholds, management time, and audit defensibility for Remote Patient Monitoring.
Read the RPM Guide →The "Vendor Trap": Why Outsourcing RPM Doesn't Outsource the Risk
The Bottom Line
- The Myth: "My vendor said they are liable if we get audited."
- The Law: The NPI on the claim is the NPI on the hook. CMS does not care about your vendor contract; they care who submitted the bill.
- The Mechanism: Vendors often use "General Supervision" rules loosely to run call centers that have no real connection to your clinic, creating "Ghost Minutes" you can't verify.
- The Fix: You must own the data. If you cannot log in and see exactly who spoke to your patient and what they said, you are billing blindly.
Why "Indemnification Clauses" Don't Work
Many RPM vendors try to soothe nervous practice owners by pointing to an "Indemnification Clause" in their service agreement. They say, "If you get fined because of our work, we pay the fine."
In reality, these clauses are virtually useless during a Federal audit for two reasons:
1. The "Ultimate Responsibility" Rule
CMS regulations state that the billing provider is ultimately responsible for the accuracy of the claim. You cannot contract away your federal liability. If the claim is false, you committed the False Claims Act violation, not the vendor.
2. The "Ghost Vendor" Problem
When the OIG issues a clawback for $2M, most small RPM startups simply declare bankruptcy and fold. Your "indemnification" is only as good as the vendor's bank account--which is often empty when the Feds arrive.
The "Ghost Minute" Disconnect
The video mentions "Ghost Minutes." This happens when a vendor bills you for 20 minutes of time (CPT 99457), but the patient says, "I never talked to anyone." Because the vendor uses a separate system you can't access, you have no way to verify if the work happened before you send the claim. That is negligence.
Video Transcript
0:00 Part 2 of our Compliance Update. We talked about "General Supervision" in the last video, but here is where it gets dangerous.
0:08 A lot of you are using third-party RPM vendors. They tell you, "Don't worry, we handle the 20 minutes. We have a call center. We do the work, you just bill."
0:18 But here is the problem: You are the one submitting the claim. Your NPI is on the line. If that vendor says they spent 20 minutes with Mrs. Jones, but Mrs. Jones tells the auditor, "I haven't spoken to anyone in months," guess who goes to jail?
0:32 It's not the vendor. It's you. You billed for services not rendered. We call these "Ghost Minutes."
0:38 The vendor is a ghost. The minutes are ghosts. But the audit is very real. You cannot outsource your compliance to a company that doesn't have your license on the wall. You need to see the data, you need to own the logs, and you need to know exactly what is happening with your patients.
0:52 Stop trusting blind reports and start verifying the work.
Stop billing blindly. Analyze your vendor.
Use our tool to calculate exactly how much margin your vendor is taking--and how much risk they are leaving you with.
