Fill out the form below or call us at (800) 345-4125.
Telehealth is transforming healthcare, and remote patient monitoring (RPM) is leading the way. But in 2025, the Office of Inspector General (OIG) is zeroing in on RPM services—meaning that providers using RPM face audits and investigations from federal regulators, Medicare Administrative Contractors (MACs), and even private payors. Even small errors in documentation or coding can quickly snowball. The result? Major financial consequences for your practice.
At Health Law Alliance, we partner with telehealth providers to navigate the complicated legal landscape of telehealth regulations and RPM payor requirements. We help you get paid fairly and avoid big risks, giving you peace of mind to use and bill for RPM services with confidence.
Don't wait until the OIG comes knocking. Partner with Health Law Alliance today to keep your telehealth practice protected and compliant. Contact us now.
As Seen On
.avif)
Former CMS & OIG Insiders and Audit Experts: Our team includes ex-federal prosecutors, UPIC supervisors and MAC medical directors. Whether your practice is under audit by a private payor or Medicare, we use our insider knowledge to develop a time-tested, tailored strategy designed to protect your practice from unfair penalties or referrals to government agencies.
Tenacious Advocacy: Whether it’s an initial audit or an appeal of adverse findings, our attorneys never stop advocating for you and your practice. We know how to tell your story to auditors to protect your practice from unwarranted overpayments and reputational harm.
Developing Compliance Roadmaps that Last: RPM reimbursement requirements are always changing. Our attorneys are compliance experts who tailor compliance policies and strategies to identify and mitigate your risk while keeping your practice one step ahead.
Remote patient monitoring, or RPM, is a form of asynchronous telehealth delivery where providers use digital medical devices to collect a patient’s health data. RPM can be incredibly beneficial in assisting with care coordination, making it an easy way to collect real-time information to effectively monitor and manage a patient’s condition. RPM can also be a lucrative service for providers wanting to generate additional revenue for their practice. But ensuring your RPM billing practices are compliant is not without challenges. At Health Law Alliance, we can help you create billing policies and procedures to minimize your audit risk, allowing you to provide and bill for RPM services with confidence.
Most often, auditors are looking for missing or incomplete documentation—problems that can sink your ability to receive reimbursement for RPM services. Missing provider orders, a lack of documentation of patient consent, or patient records that fail to include information on medical necessity or details about the patient’s treatment plan are key areas of focus for auditors. But auditors also pay close attention to referral arrangements and the methods of RPM service delivery, both of which can leave practices vulnerable to significant fines and penalties.
Yes. While RPM is used in a number of specialties, internal medicine, family medicine, and cardiology practices may be more susceptible to audits, as these specialties bill for RPM more frequently. But any practice can be selected for an audit, particularly if practice data shows a pattern of excessive or unusual billing patterns for RPM services. No matter your practice area, having a team of experts with decades of audit defense and compliance experience is essential to protect your business.
Like other telehealth services, usage of RPM services has exploded since the beginning of the COVID-19 pandemic, drawing regulators’ attention as a potential hotbed for fraud. In 2024, OIG published a report indicating the need for increased oversight of RPM services in Medicare, indicating that approximately 43% of patients did not receive all of the components required for billing. This report led OIG to add auditing Part B RPM services to its 2025 Work Plan. Private payors have also taken notice, increasingly focusing on RPM claims in FWA audits.
Our healthcare attorneys are experienced audit experts, ready to help you every step of the way. From preparing a tailored audit response strategy to handling all communications with auditors and regulators, we help you prevent common mistakes that could place your practice under increased scrutiny. But we don’t stop there—we rigorously advocate for you even after audits end, challenging unwarranted findings and overseeing the appeal process from start to finish. We proactively investigate issues and help you develop compliance strategies to reduce your risk of an OIG or DOJ referral.
Absolutely. In fact, our attorneys have experience developing compliance strategies for all types of clients, from small healthcare companies and practices to some of the nation’s largest health insurers. We use that knowledge to help you identify your practice’s RPM risks, providing tailored recommendations for everything from billing practices to documentation procedures. With Health Law Alliance on your side, your practice is in excellent hands.
Speak to an experienced attorney today at no-cost to evaluate your situation and discuss how we can help.
Legal challenges can be complex and stressful. Our experienced attorneys are dedicated to offering personalized guidance and effective solutions to help you navigate your legal journey with confidence
An RPM audit is a systematic review of a healthcare provider’s records, billing, and procedures for Remote Patient Monitoring (RPM) services for compliance with federal and state regulations, as well as payor-specific policies. These audits are conducted by government agencies like the Office of Inspector General (OIG) and the Centers for Medicare & Medicaid Services (CMS), as well as by private payors. Adverse findings like medically billing irregularities and incomplete documentation can lead to financial penalties and even legal action.
RPM audits are designed to combat fraud, waste, and abuse within telehealth. The rapid expansion of RPM services, and the associated increase in Medicare payments, has led to greater regulatory scrutiny. Auditors are looking to ensure providers are adhering to new and complex billing rules, and certain “red flags”—like an unusually high volume of claims, irregular billing patterns, or tips from whistleblowers—often trigger scrutiny of your practice.
Auditors look for specific patterns or errors that may indicate non-compliance. Common red flags include:
Proactive preparation is the best defense. This includes:
Anticipating an RPM audit? Health Law Alliance can help. With comprehensive compliance experience at all levels of the healthcare system, our attorneys have the expertise you need to assess your practice’s risks, creating a specialized compliance roadmap before auditors come knocking.
An adverse RPM audit can be severely detrimental to a practice. Private payors often demand recoupments for billed services that failed to adhere to all requirements, and may trigger a referral to government agencies for further FWA investigation. For government payors, non-compliance with RPM billing requirements can result in financial penalties, False Claims Act lawsuits, and potential exclusion from federal health care programs—not to mention severe reputational harm.
With stakes this high, it’s never been more crucial to have experienced attorneys in your corner. We guide you through the audit process and help you build a comprehensive audit strategy to preserve the integrity of your practice.
Our firm specializes in helping healthcare providers navigate the complex regulatory landscape of remote patient monitoring. We can assist you by:
Call Now for a free consultation (800) 345 - 4125
CVS Caremark one of the three major PBMs that control nearly 90% of the market for prescription claims processing.
Learn More
Optum is one of three major PBMs that control nearly 90% of the market for prescription claims processing.
Learn More
ESI is one of the three major PBMs that control nearly 90% of the market for prescription claims processing.
Learn More
Prime has a relationship with ESI that provides for joint provider networks and oversight by both companies.
Learn More
Medicare and Medicaid use agencies like OIG or OMIG and outside contractors to audit prescription drug claims.
Learn More
Humana is a payor that uses PBMs and other contractors to audit government and commercial drug claims.
Learn More
Qlarant is contracted with Medicare to perform fraud, waste, and abuse audits and investigations.
Learn More
Safeguard is contracted with Medicare to perform fraud, waste, and abuse audits and investigations.
Learn More
To design an effective PBM audit response strategy, providers must understand the chain of events both prior to the initiation of a PBM audit and afterwards. For example, Special Investigative Units (SIUs) are often the genesis of a pharmacy audit, and the presence or absence of "audit risk factors" is informative on potentially broader exposure beyond the claims under audit. Any decision to resolve an audit should be informed and result in a full and final settlement of all liability, but PBM audit settlements need to be structured carefully to achieve this goal.
CVS Caremark, OptumRx, and Express Scripts, control at least 80% of the market, making them the three biggest PBMs. Humana also ranks among the largest. In addition, these PBMs regulate access to networks for smaller competitors, such as ESI's partnership with Prime. Plan sponsors, such as United Health, Cigna and Aetna, are vertically integrated with these PBMs, increasing audit risk for pharmacies because network sanctions are more likely to affect a significant aspect of a pharmacy's business across both government and commercial claims.
PBMs and payors use artificial intelligence and data mining across medical and pharmacy claims to identify areas of potential inquiry. Among other areas, these inquiries typically involve high-reimbursing medicines, brand/generic substitution, inventory discrepancies, co-payment collection, prior authorization, and telehealth relations. Separately, DEA conducts audits and inspections for compliance to controlled substance regulations.
Common types of PBM audits include desk audits; on-site audits; invoice audits; and prescription audits. Irrespective of the type of PBM audit, all interactions with PBMs should be taken extremely seriously and can lead to severe consequences if not handled appropriately. For example, there has been a sharp increase in the federal prosecution of pharmacists for audit-related conduct, including answering PBM questions incorrectly. Accordingly, pharmacies should consider using outside audit counsel to avoid these pitfalls.
Pharmacies can take various steps to prepare to meet PBM audits, including routine self-audits. In fact, the government publishes comprehensive guidance and a checklist to assist pharmacies in their audit planning, including self-audits around prescribing practices, controlled substance management, invoice management, and billing practices. If you need assistance designing or implementing an audit protection plan, please do not hesitate to contact us.
Defending against a PBM audit requires comprehensive knowledge of the rights, responsibilities, and intricacies of pharmacies and their laws and regulations. If your pharmacy has been identified for a PBM audit, there are a number of potential defenses available to you. The first defense against a PBM audit is to be proactive, and audit planning can lessen the chance of unfavorable findings. That said, it is often necessary to involve an attorney to hold PBMs to their obligations under law and provider agreements. For this reason, national audit services and pharmacy audit consultants are often ineffective.
Audit discrepancies and findings can be appealed based on the specific procedures outlined in the provider manuals. It is important to follow these requirements exactly, within the timeframes established, or your appeal rights could be lost and further review denied. In an appeal, it is critically important to make a complete record of why the audit findings or sanctions should be reversed, including through documentation, legal arguments, and corrective actions, if any. Depending on the outcome of the appeal, you may have further legal recourse against the PBM.
PBM audits can have severe repercussions depending on the results of the pharmacy audit, including recoupments, network sanctions, and criminal, civil and administrative investigations involving jail time, significant fines, and license revocation or exclusion. We publish a 10-part PBM Audit Guide that discusses the overlap between PBM audits and government investigations and how to successfully manage audit risk. This resource is complimentary to subscribers HERE.
Government investigations may come in many forms, but criminal matters involving potential jail time, mandatory exclusion, loss of licensure, and reputational harm are the most severe and scary scenarios that anyone can face. Unfortunately, it often is not clear, particularly at the outset, whether an investigation involves criminal violations or what your status might be in the investigation. For example, our clients might be informed that the FBI is interviewing patients, or that their partners have received subpoenas. The uncertainty that results from these types of events is particularly difficult for our clients to manage, and typically involves sleepless nights, loss of appetite, anxiety and potential depression.
Our experienced healthcare defense attorneys understand what clients are going through, and focus on providing them with insight into the government’s investigation and how best to defend it. There are a variety of potential outcomes, many of them involving far less severe ramifications than might be contemplated. Indeed, in healthcare, parallel criminal, civil, and administrative laws provide an opportunity for potential resolution of government investigations under terms that do not involve loss of liberty or livelihood. The range of outcomes that might be available depends on the evidence available to the government, but cases involving patient harm typically receive more focus from a criminal perspective than run-of-the-mill billing irregularities, particularly when the federal government is involved.
That said, there are several notable exceptions. At Health Law Alliance, our healthcare defense attorneys have decades of federal and state prosecutorial experience, and we rely on that background to highlight areas of increased risk. In particular, the below agencies focus on the prosecution of criminal healthcare fraud.
The Medicare Fraud Strike Force, operated by the U.S. Department of Justice (DOJ) in regions across the country, is particularly adept at prosecuting healthcare fraud criminal matters. Medicare Fraud Strike Force Teams harness data analytics and the combined resources of federal, state, and local law enforcement entities to prevent and combat healthcare fraud, waste, and abuse. More specifically, the Strike Force uses advanced data analysis techniques to identify aberrant billing levels in healthcare fraud “hot spots” – cities with high levels of billing fraud – combined with traditional investigative techniques to target suspicious billing patterns in addition to emerging schemes and fraudulent practices that move from one location to another.First established in March 2007, prosecutors operate in 16 Strike Forces, including the National Rapid Response Strike Force based in Washington, DC. The Strike Force Model centers on a cross-agency collaborative approach, bringing together the investigative and analytical resources of DOJ’s Fraud Section, the Federal Bureau of Investigation (FBI), the U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG), the Centers for Medicare & Medicaid Services (CMS), Drug Enforcement Administration (DEA), Defense Criminal Investigative Service (DCIS), Federal Deposit Insurance Corporation Office of the Inspector General (FDIC-OIG), Internal Revenue Service (IRS), Department of Labor-OIG, United States Postal Service – Office of the Inspector General (USPS-OIG), Veterans Administration – Office of the Inspector General (VA-OIG), and other agencies. Strike Force Health Care Fraud and Prescription Opioid teams are located across the country, as depicted by the chart below:
The Medicare Strike Force has filed thousands of criminal actions and indictments and recovered billions of dollars in assets resulting from healthcare fraud. The Strike Force teams bring together the Office of Inspector General (OIG), the Department of Justice (DOJ), Offices of the United States Attorneys (USAOs), the Federal Bureau of Investigation (FBI), local law enforcement, and others. These attorneys and investigators have a proven record of success in analyzing data and investigative intelligence to quickly identify fraud and bring prosecutions. The interagency collaboration also enhances the effectiveness of the Strike Force model. For example, OIG refers credible allegations of fraud to the Centers for Medicare & Medicaid Services (CMS) so that it can suspend payments to the alleged healthcare fraud perpetrators, thereby preventing losses to federal programs. Finally, the Medicare Strike Force does not focus exclusively on healthcare fraud but also prosecutes wire fraud, mail fraud, bank fraud, money laundering offenses, violations of the Anti-Kickback Statute (AKS), false statements offenses, Title 42 offenses, Title 26 offenses, and Title 21 offenses, in the highest intensity regions.
The Medicare Strike Force is a specialized department within the DOJ’s Health Care Fraud Unit, based in Washington, D.C., with operations across the country. DOJ’s Health Care Fraud Unit is led by over 80 experienced white-collar prosecutors who focus solely on prosecuting the nation’s most complicated healthcare fraud matters and the illegal prescription, distribution, and diversion of opioids and other controlled substances. The Health Care Fraud Unit’s mission is to protect the public treasury from wide-scale healthcare fraud, protect patients from significant fraudulent schemes that result in patient harm, and to detect, limit, and deter fraud and illegal prescription, distribution, and diversion of controlled substance offenses. The Health Care Fraud Unit endeavors to prosecute defendants who orchestrate schemes that result in the loss of hundreds of millions or billions of dollars, the distribution of tens of millions of opioids or controlled substances, and complex money laundering, tax, and other financial crime offenses.
The Health Care Fraud Unit prides itself on conducting the most trials of any DOJ component, including the U.S. Attorney's Offices. DOJ prosecutors, referred to as “Trial Attorneys,” have participated in the largest and most complex healthcare fraud and opioid distribution trials in the country. Notably, the Health Care Fraud Unit is a leader in using advanced data analytics and algorithmic methods to identify newly emerging healthcare fraud schemes and to target the most egregious fraudsters. The Health Care Fraud Unit’s team of dedicated data analysts works with prosecutors to identify, investigate, and prosecute cases using data analytics. At the Health Law Alliance, our healthcare defense attorneys have extensive experience in the use of data analytics to identify potential fraud, waste, and abuse, having served as the Chief Compliance Officer and Executive Leadership Team member for UnitedHealth Group, with oversight of Optum and UnitedHealthcare, including Special Investigative Units (SIUs) within those platforms.
The Health Care Fraud Unit’s cases are complex and wide-reaching. In particular, the National Rapid Response Strike Force was created in 2020 to investigate and prosecute fraud cases involving major healthcare providers that operate in multiple jurisdictions. The National Rapid Response Strike Force coordinates with the Civil Division’s Fraud Section and Consumer Protection Branch, U.S. Attorneys’ Offices across the country, state Medicaid Fraud Control Units (MFCUs), the FBI, HHS-OIG, and other agency partners to investigate and prosecute multi-jurisdictional and corporate healthcare fraud. The National Rapid Response Strike Force’s recent successes include the conviction of owners of a multi-state network of rural hospitals in a $1 billion billing fraud matter; the $500 million global resolution with Tenet Healthcare Corporation and related individual prosecutions for a hospital kickback scheme; the prosecution of billions of dollars in telemedicine fraud; prosecution of over $1 billion in fraudulent addiction rehabilitation facility fraud as part of the Sober Homes Initiative; and leadership of the Unit’s efforts to prosecute those seeking to criminally exploit the COVID-19 pandemic, including the conviction at trial of the President of a Silicon Valley technology company for healthcare fraud, illegal kickback, and securities fraud related to the announcement of purportedly revolutionary testing for COVID-19 using only a few drops of blood, i.e., Elizabeth Holmes and associates.
In addition, in 2022, the DOJ Criminal Division announced the formation of the New England Prescription Opioid (NEPO) Strike Force, a joint law enforcement effort to investigate and prosecute healthcare fraud schemes in the New England region, and to prosecute individuals involved in the illegal distribution of prescription opioids and other controlled substances. NEPO leverages the success of the October 2018 formation of the Appalachian Regional Prescription Opioid (ARPO) Strike Force, a joint effort between DOJ, FBI, HHS-OIG, DEA, and state and local law enforcement to combat healthcare fraud and the opioid epidemic in locations that have been harmed significantly by addiction. ARPO has partnered with federal and state law enforcement and U.S. Attorneys’ Offices throughout Alabama, Kentucky, Ohio, Virginia, Tennessee, and West Virginia to prosecute medical professionals involved in the illegal prescription and distribution of opioids.
In addition to DOJ’s Strike Forces and Health Care Fraud Units, all of the U.S. Attorneys’ Offices are staffed by federal prosecutors, referred to as Assistant United States Attorneys (AUSAs), who investigate and prosecute healthcare fraud crimes in their respective jurisdictions. There are 93 U.S. Attorneys’ Offices in the country, and the U.S. Attorney in each district is the chief federal law enforcement officer, reporting to the Attorney General of the United States. The U.S. Attorneys’ Offices are coordinated by the Executive Office for U.S. Attorneys, which oversees the DOJ’s Health Care Fraud and Abuse Act Program, established as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). To most, HIPAA is better known for privacy and nondiscrimination rules, but the statute also created a number of healthcare offenses and enforcement tools, including the “HIPAA subpoena,” and mandated that the DOJ and HHS-OIG coordinate to support efforts to investigate and prosecute healthcare fraud.
To this end, HIPAA provided a funding source, specifically requiring that amounts equaling recoveries from healthcare fraud investigations be deposited in or transferred to the Federal Hospital Insurance Trust Fund. Recoveries are then appropriated from the Trust Fund to the Health Care Fraud and Abuse Control Account in an amount the Attorney General and HHS Secretary certify annually are necessary to finance healthcare fraud enforcement activities. Appropriations from the Control Account fund attorneys, investigators, and litigation support to combat healthcare fraud. Since 1997, over $57 billion has been collected by the DOJ and HHS. Of that, nearly $40 billion has been returned to the Medicare Trust Funds, an average of approximately $1.5 billion per year, and Medicaid, Tricare, the Veteran’s Administration, among others. In the same period, 13,628 defendants have been convicted of healthcare fraud offenses, an average of 545 every year. These numbers are startling, to be sure.
All states also operate Medicaid Fraud Control Units (MFCUs), typically within the State Attorney General’s Office, to investigate and prosecute Medicaid-related fraud. The Social Security Act (SSA) requires each state to effectively operate an MFCU unless the Secretary of Health and Human Services (HHS) determines that (1) the operation of a Unit would not be cost-effective because minimal Medicaid fraud exists in a particular state; and (2) the state has other adequate safeguards to protect enrollees from abuse or neglect. MFCUs are funded jointly by the federal and state governments. Each Unit receives a federal grant award equivalent to 90 percent of total expenditures for new Units and 75 percent for all other Units.
MFCU cases often begin as referrals from external sources or are generated from data mining. MFCU staff review referrals of possible fraud to determine the potential for criminal prosecution or civil action. If the Unit accepts a referral, the case may result in various outcomes. Criminal prosecutions may result in convictions; civil actions may result in civil settlements. Both criminal prosecutions and civil actions routinely include the assessment of monetary recoveries. The approach of the MFCUs varies state-by-state, with some offices, such as Pennsylvania’s MFCU, that pursue criminal cases exclusively. In other words, the Pennsylvania MFCU will either bring a criminal case or decline the matter completely; that office does not interpret its enabling statutes to permit the resolution of investigations on civil terms. Other state MFCUs, however, investigate and prosecute both criminal and civil cases. The OIG has the authority to exclude convicted individuals and entities from any federally funded healthcare program, such as Medicaid, on the basis of convictions referred from MFCUs. In addition to achieving these outcomes, MFCUs may also make recommendations to their state governments to strengthen program integrity.
%402x.svg){kind=icon}