RPM Manual
The practical 2026 guide to device rules, day thresholds, management time, and audit defensibility for Remote Patient Monitoring.
Read the RPM Guide →Compliance & Audit Risk
Stop Guessing About RPM Audit Risk. See the OIG Red Flags in Your Billing Before CMS Does.
For practices running RPM/CCM/RTM on Medicare and MA. Our Compliance-as-Code engine scans your claims 24/7 for the same red flags highlighted in the 2024 OIG report.
You’ll answer 4 quick questions and book a 30-minute session. We run your public CMS and internal billing data (no PHI) through our engine and show you exactly which red flags appear.
No PHI required Uses the same billing data CMS contractors rely on.
Transparent We show you the findings before you change anything.
Why This Is an Urgent Problem for Your Practice
Remote Patient Monitoring (RPM) has exploded, growing from 55,000 enrollees in 2019 to over 570,000 in 2022, with payments exceeding $300 million. That growth triggered aggressive oversight.
Based on the 2024 OIG report and our internal analysis, these are the top 5 red flags auditors look for. Use the quick links to jump to each risk.
⏱
Time
Spot ghost minutes and impossible hours.
🗂
Setup
Enforce once-per-episode 99453 rules.
📡
Device
Enforce the 16+ day usage threshold.
📋
Components
Deliver setup, usage, and review together.
✅
Eligibility
Keep capitated or excluded patients out.
Who This Is For
- Compliance officers accountable for RPM audit exposure.
- Practice owners and CMOs who want RPM revenue without clawback risk.
- Billing leaders who don’t trust their RPM vendor’s internal QA.
Proof This Isn’t Theoretical
Multi-specialty group | 4,500 Medicare lives
Identified 2,300 at-risk 99454 claims before submission, avoiding ~$420k in potential denials and re-training a vendor team.
Cardiology practice | 600 active RPM patients
Caught 18 duplicate 99453 events linked to device swaps; prevented automatic resubmission and preserved audit defensibility.
The 5 OIG Red Flags (And How to Automate the Fix)
Red Flag 1
Impossible “Ghost” Minutes & Billing Hours
What auditors see: Month after month of billable time that exceeds human limits--e.g., one provider logging 23,569 hours in a year.
Why it’s risky: It signals either fabricated encounters or unsupervised automation. Auditors treat it as intent to defraud, not a paperwork error.
What this looks like in claims data: 99457/99458 volume that implies 10+ hours per day per clinician, or overlapping time stamps across multiple beneficiaries.
How to fix / automate it: FairPath caps concurrent minutes, reconciles clinician capacity, and blocks submissions once realistic thresholds are exceeded. Every minute is logged with source data and user identity for audit defense.
Red Flag 2
CPT 99453 Mismatch (Billing Setup Too Many Times)
What auditors see: Services billed exceeding beneficiaries--duplicate setup claims for the same patient or episode.
Why it’s risky: 99453 is billable once per episode. Duplicate billing is treated as intentional overpayment and often triggers extrapolated recoupments.
What this looks like in claims data: 56 beneficiaries but 60 services billed for 99453 in the same quarter; device replacements or vendor swaps generate repeat setup claims.
How to fix / automate it: FairPath enforces “once-per-episode” automatically, tracks setup provenance, and suppresses duplicate 99453 submissions tied to device swaps or restarts.
Red Flag 3
Billing 99454 Without 16+ Days of Device Use
What auditors see: 99454 billed month after month with inconsistent or low reading days.
Why it’s risky: CMS requires 16+ days of data per 30-day period; the OIG found 23% of enrollees with insufficient usage.
What this looks like in claims data: 3.2 99454 services per beneficiary vs. ~7+ expected over a year, or files showing single-digit reading days before billing.
How to fix / automate it: FairPath counts days per patient in real time, only releases 99454 when the threshold is met, and triggers reminders before a cycle falls short.
Red Flag 4
Incomplete Service Delivery (The 43% Gap)
What auditors see: Billing RPM without completing all three components: setup, device data, and clinician review.
Why it’s risky: The OIG found 43% of enrollees missing a required component, making these claims prime targets for clawbacks.
What this looks like in claims data: 99457 billed in months where no qualifying device readings or documented reviews exist; setup dates with no linked review events.
How to fix / automate it: FairPath requires setup consent, verifies device data flow, and links each monthly review to the exact readings that triggered it--creating an auditable chain.
Red Flag 5
Billing for Ineligible Patients
What auditors see: Claims for patients who were never eligible--capitated MA plans, excluded state Medicaid groups, or missing qualifying diagnoses.
Why it’s risky: These billings feed into Medicare’s $262B in denials and spark fraud scrutiny because payers never owed the money.
What this looks like in claims data: RPM enrollment from vendor call campaigns where MA capitation status is ignored; recurring denials that get rebilled instead of fixed.
How to fix / automate it: FairPath verifies eligibility across Medicare, MA, and Medicaid before enrollment, scores payer readiness, and blocks enrollment for capitated or excluded patients so the claim never goes out.
Download the OIG RPM Red Flags Checklist
Grab the 1-page PDF we use with compliance teams to prep for audits. Gate it with email + role so you can share internally.
Stop Hunting for Red Flags. Automate Your Defense.
Here’s the one-line fix for each red flag: cap time, enforce one-time setup, count device days, link every review to data, and block ineligible patients before they enroll.
Run a Free OIG-Style Scan on Last Year’s RPM Claims.
We’ll show you exactly where each red flag appears and how to remediate it without handing over PHI.
No PHI required CMS-style audit logic.
Transparent You see the findings first.
