CY 2026 Medicare Physician Fee Schedule • Effective Jan 1, 2026

RPM and RTM After 2026: Shorter Thresholds, Same Compliance Burden

Q: What new RPM codes were adopted for 2026?

CMS adopted new RPM codes 99445 (for <16 days / the 2–15 day supply bucket) and 99470 (for <20 minutes / first 10 minutes of management time).

Q: What new RTM codes were adopted for 2026?

CMS adopted new RTM codes for the short supply bucket (98984, 98985, 98986) and a short management-time code (98979).

Q: Do I still have to track 16 days?

Yes for the traditional 16–30 day supply codes; 2026 adds a separate 2–15 day option. The compliance requirement is choosing the code whose unit definition matches your evidence.

Q: Can I bill both the 2–15 day and the 16–30 day device supply codes in the same 30-day period?

The bucket structure is explicitly presented as an either/or selection based on actual days of transmission (2–15 vs 16–30). Treat dual billing as non-defensible without extraordinary justification.

Q: Does RPM require an established patient relationship?

Yes for remote physiologic monitoring; RTM does not, per CMS guidance.

Q: Can two clinicians bill RPM for the same patient in the same 30-day period?

No. CMS states only one practitioner can bill RPM per patient in a 30-day period.

Q: Can I bill RPM and RTM together?

No. CMS states you can’t bill remote physiologic monitoring and RTM together.

Q: Can I bill RPM/RTM at the same time as CCM/APCM/BHI/TCM?

CMS permits concurrency with specified care management services provided time/effort is not counted twice. Treat this as an evidence-separation requirement, not a billing hack.

Q: What does OIG think is risky about RPM billing?

OIG found rapid growth, that about 43% of enrollees did not receive all RPM components, and that Medicare lacks key oversight information (including who ordered monitoring). OIG recommended safeguards and improved claim information.

Q: How is CMS valuing remote monitoring costs now?

CMS finalized using OPPS data to inform cost assumptions for some remote monitoring services, and the final-rule summary describes using OPPS geometric mean cost data to inform practice expense valuation for the RPM supply codes.

CMS adopted new RPM and RTM CPT codes for 2026 that pay for shorter monitoring windows (2–15 days) and shorter management time (first 10 minutes), but the underlying audit logic does not get easier.

The biggest practical risk is misreading these new codes as a “looser RPM era.” OIG has already signaled RPM oversight concerns, and CMS is simultaneously shifting payment methodology toward more auditable cost inputs.

Last updated: December 18, 2025

Audience: Practice owners, medical directors, billing/RCM leaders, compliance officers, RPM/RTM operators

How to use this page: This is a regulatory-anchored operational guide for Medicare billing and compliance planning. It is not legal advice. Medicare Advantage and commercial payers may impose additional rules.

Quick Read

Regulatory badge

CY 2026 PFS Final Rule

Audit posture

Shorter thresholds do not soften documentation or attribution requirements.

Operational risk

Mis-mapping bucketed codes to evidence
Missing attribution locks (one RPM practitioner per 30 days)
Under-documented time and interaction logs

Use this page for

Encoding 2–15 vs 16–30 day logic
Time-bucket gating (<20 vs ≥20 minutes)
Month-level audit packets

Key Takeaway in One Sentence

2026 adds new RPM/RTM codes for 2–15 days of monitoring and for management under 20 minutes, but you still must meet medical necessity, practitioner attribution constraints, device requirements, and documentation that matches the unit of service; shorter thresholds don’t “wash out” weak controls.

2. What changed in 2026

A) RPM: two new codes for “shorter than the old cliff”

A final-rule summary of the CY 2026 PFS explains that the CPT Editorial Panel created two new RPM codes to describe:

<16 days of data transmission in a 30-day period
<20 minutes of interactive communication/time per month

and CMS adopted them for 2026 (codes 99445 and 99470).

B) RTM: new short-window supply codes and a first-10-minute management code

For RTM, the same final-rule summary describes four new RTM codes covering:

2–15 day device/data supply buckets (RTM supply)
<20 minutes interactive communication/time per month (RTM management)

and identifies the relevant code structure including 98984, 98985, 98986 (2–15 day supply) and 98979 (short management time).

C) The 2026 “bucket structure” is now explicit

The final-rule summary spells out the practical bucket split you must encode:

2–15 day codes: 99445 (RPM) and 98984/98985/98986 (RTM)
16–30 day codes: 99454 (RPM) and 98976/98977/98978 (RTM)

If your systems can’t enforce “correct code for the measured bucket,” you will generate technically unsupported claims.

D) CMS also changed how it values remote monitoring supply costs

CMS finalized a broader policy of using Medicare Hospital OPPS data to inform cost assumptions for some technical services, including some remote monitoring services.

The final-rule summary describes CMS using OPPS geometric mean cost data to inform practice expense valuation for 99445 and 99454, including treating them similarly because the device is supplied for the full 30-day period regardless of number of days transmitted.

3. What didn’t change: the rules auditors use

Even after 2026, these remain foundational—and they are exactly where denial/audit risk concentrates:

RPM (physiologic), but not RTM, requires an established patient relationship.
Data threshold logic still exists (16 days out of 30 for the traditional device supply codes; management codes are exempt from the day threshold).
Only one practitioner can bill RPM per patient in a 30-day period.
You can’t bill RPM and RTM together.
Medical necessity remains required.
Device must meet FDA “medical device” definition; data must be electronically collected and automatically uploaded for analysis; services may be furnished under general supervision.
Concurrency with other care management is allowed only if time/effort is not counted twice.
OIG’s posture makes these rules more—not less—important.

OIG found that a significant share of RPM enrollees did not receive all three RPM components and that Medicare lacks key oversight information (including who ordered the monitoring).

4. Common failure patterns / traps

Trap 1: Treating the 2–15 day code as a “fallback” when adherence fails

Operational reality: patients transmit sporadically, and billing teams are incentivized to “salvage” the month. What breaks: code selection becomes a revenue patch, not an evidence-based reflection of what happened. The 2026 structure makes bucket selection a first-class compliance rule (2–15 vs 16–30).

Trap 2: Counting “days” incorrectly

Counting multiple readings on one day as multiple “days”
Counting days outside the 30-day period
Treating “device shipped” as “days monitored”

CMS materials consistently frame the requirement as days of data in a 30-day period (not number of readings).

Trap 3: Logging management time without a defensible clinical action trail

Shorter time codes lower the cliff, but they don’t eliminate the requirement that the work be clinically meaningful, medically necessary, and supported by the record. The 2026 changes explicitly create a “<20 minutes” bucket; they do not create a “time without care management” bucket.

Trap 4: Violating the “one practitioner” rule through vendor + practice co-billing

If a vendor is “running RPM” and the practice is also billing, you can easily end up with duplicate RPM billing in the same 30-day window—especially when multiple devices are involved. This is directly called out in CMS guidance (one practitioner per 30 days; cannot bill RPM and RTM together).

Trap 5: Treating RPM/RTM as “telehealth”

RPM/RTM are inherently non-face-to-face, but CMS has clarified they are not Medicare telehealth services under the statutory telehealth definitions. If your organization’s compliance logic is “telehealth rules,” you will miss RPM/RTM-specific constraints.

5. Why these behaviors are non-compliant

CMS defines discrete units of service (days-in-30 supply codes; month-based management time buckets) and now added explicit short buckets for both.
CMS defines hard attribution and concurrency limits (one RPM practitioner per 30 days; no RPM+RTM together; no double-counting time across services).
OIG has documented program integrity vulnerabilities in RPM—especially incomplete component delivery and weak ordering/oversight information—meaning claims that “look like activity” but don’t demonstrate intended use are already enforcement-sensitive.

So the compliance question is not “Can we bill something now that thresholds are shorter?” It is: “Is the specific code we billed the one whose unit definition and constraints match the evidence in the record?”

6. Edge cases & clarifications

Does 16 days still matter in 2026?

Yes. The traditional supply codes still correspond to a 16–30 day bucket, and 2026 introduces a distinct 2–15 day bucket. You must pick the code that matches the bucket.

Can a patient be monitored for 30 days but transmit only 8 days?

That’s exactly the scenario the new 2–15 day bucket is designed to describe. But you still need medical necessity, valid device/data evidence, and clean attribution.

Can audio-only interactions count toward the “interactive communication” portion?

CMS explicitly notes it is adopting the CPT language regarding whether audio-only communication (for example, telephone calls) can count toward the interactive communication portion for relevant RPM/RTM management codes. Operationally: you should treat this as “allowed if it meets the CPT definition,” and you should store the modality in your time log.

Does virtual direct supervision change RPM/RTM billing?

Only in narrow incident-to / diagnostic test contexts where “direct supervision” is required; it changes how “immediate availability” can be satisfied (real-time audio-video), not what counts as RPM time or device days.

7. Forward-looking policy changes

More granular billing options for remote monitoring (short buckets) paired with increased expectations of clean evidence and better oversight signals (OIG recommendations: ordering provider information on claims; methods to identify what data are monitored; monitoring companies).
More auditable cost valuation through OPPS data rather than unverifiable invoice-style inputs, which can shift national payment dynamics and increases the importance of tracking “what was actually furnished.”

The likely result: compliance systems that fail to encode attribution + bucket selection + component completeness will look increasingly “out of family” relative to CMS and OIG expectations.

8. Practical implications for practices

Evidence-first code selection: your billing system should select codes from actual day/time buckets, not from operator preference.
Attribution enforcement: one RPM practitioner per patient per 30 days means your workflows must designate an owner, especially when vendors are involved.
Separate artifacts for concurrency: if you bill RPM alongside CCM/APCM/BHI/TCM, separate time logs and ensure time isn’t counted twice.
Oversight-proof your ordering and history: OIG is explicitly focused on “no prior history with the medical practice” patterns and missing ordering/oversight information.

9. Planning checklist

Implement day-bucket logic:
- 2–15 vs 16–30 days (RPM + RTM supply codes)
Implement time-bucket logic:
- <20 vs ≥20 minutes (RPM + RTM management codes)
Enforce hard constraints:
- One RPM practitioner per 30 days
- No RPM + RTM together
Store modality and interaction evidence (including audio-only where it meets CPT language) with timestamps.
Generate a month-level audit packet per billed patient: medical necessity statement + monitoring plan; device attestation (FDA medical device) + data capture evidence; day counts with dates; management time log + interaction trail; attribution owner + “no duplicates” check.

10. How FairPath encodes/enforces this

Bucket gating: 2–15 vs 16–30 supply codes are suggested only when day evidence supports them; management codes are gated by recorded time buckets.
Hard locks: one RPM practitioner per patient per 30 days; block RPM+RTM concurrency.
Non-duplication checks: prevent double-counting time when RPM is billed alongside CCM/APCM/BHI/TCM.
Program integrity telemetry: flag OIG-sensitive patterns (high share of “no prior history” enrollees; incomplete component delivery; missing ordering/ownership signals).

11. FAQ

1) What new RPM codes were adopted for 2026?