Remote Patient Monitoring: What Compliance Professionals Need to Know


Post By: Saskia Olczak, Risk Intern, Institute at MagMutual, and Raj Shah, Senior Regulatory Attorney, Institute at MagMutual

As healthcare technology continues to improve, telehealth and remote patient monitoring (“RPM”) are becoming popular with many clinicians and their patients. RPM is a method of healthcare delivery that uses the latest advances in digital technology and wearable medical devices to gather patient data outside of traditional healthcare settings. RPM allows providers to track healthcare data for a patient once they are released home, reducing inpatient readmission rates and outpatient visits. Often combined with videoconferencing, RPM allows providers to check on patients from afar.

RPM programs can collect a wide range of data such as vital signs, weight, blood pressure, blood sugar, blood oxygen levels, and heart rate. RPM technology varies from handheld medical devices distributed from medical facilities, such as glucose meters and heart rate monitors, to consumer-grade wearables, like Fitbits, Garmins, and Apple Watches. Most RPM technology is geared towards patients of all ages and accommodates all levels of technical familiarity.

RPM uses technology that makes patients feel comfortable with managing their own health, which leads to better patient engagement, ultimately improving their care. Clinicians are also better equipped to manage their patients’ health with RPM as they have a constant stream of data providing a clearer picture of the patient’s health. RPM enables practitioners to know what is actually occurring with their patients on a daily basis and the continuous tracking of patient’s symptoms allows early intervention, before any problems become acute.

While RPM techniques vary between devices, most use similar components. The first is a wireless-enabled sensor that measures specific physiological parameters and stores data which can connect with healthcare provider databases and related applications. Applications usually feature an interface to track or analyze the data and display treatment recommendations. The data is then sent and stored in a relational database, allowing providers to examine the data as individual instances or within the patient’s entire health history.

Electronic Medical Records (“EMR”) integration is an especially beneficial component to RPM. When the EMR and RPM application are integrated, they communicate with each other through a bidirectional workflow. When biometric data is recorded on a RPM device, it will integrate into the EMR, facilitating record collection by eliminating the need to copy the data into the EMR separately, and ensuring that all patient data is integrated in one place.

A challenge with consumer RPM devices is the potential for unsolicited patient data. Patient-Generated Health Data (“PGHD”) refers to data generated by a patient, such as biometric data collected on an Apple Watch. However, patients and physicians may differ as to what’s important information, and patients may send data without thinking about what the influx of it will do to the organization and management of their EMR. Additionally, physicians may feel skeptical about the reliability of PGHD as it is collected in nonstandard ways, by nonprofessionals. Also, PGHD must be systematically processed and analyzed before it can confidently be used. However, providers should establish standard protocols for what information should be added to the patient’s EHR, keeping information used for the patient’s diagnosis or treatment.

Providers must review the PGHD thoroughly, even if it seems irrelevant. There may be legal consequences if inadequate review of received unsolicited health information creates ill-informed medical decisions or missed diagnoses. Providers may consider ordering new or additional testing if they are questioning the reliability or accuracy of the PGHD.

Since RPM is still a rapidly growing industry, there are limited standards and guidelines available for the appropriate utilization and monitoring of wearable technology. Also, no medical malpractice suits have been filed yet, but will surely be forthcoming. Therefore, it is important to be aware of the potential liability risks and to ensure correct implementation of RPM technology. Here are five key tips from a risk management and compliance perspective to keep in mind with RPM:

  1. Consider the Security

Before starting, consider the RPM system’s security. RPM uses a variety of devices, applications, and communication technologies to connect the RPM device to the provider’s office. These complex communication systems may also require using the vendor’s system, incorporating more vendors and suppliers. This complex, multistep process increases the risk for a potential cyberattack on the RPM system. Ensure that the vendor you choose to work with and related third parties maintain a sound security posture to limit vulnerabilities in the host system and other interconnected systems.

  1. Keep the Anti-Kickback Statute In Mind

Analyze whether the Anti-Kickback Statute, the Physician Self-Referral Prohibition law (Stark), and the Civil Monetary Penalty law apply. Ensure that whatever RPM device company you select, your healthcare professionals do not have any sort of financial interest in the business.

  1. Keep HIPAA In Mind

HIPAA compliance and patient data security still apply. Ensure the RPM device company has HIPAA compliant processes, such as encrypting patient information both when the device is at rest and when the information is in transit. Also, ensure that you and the RPM business have a Business Associate Agreement (BAA) in place before you share protected health information of any patients.

  1. Ensure Correct Billing

Before you begin implementing RPM, explore the reimbursement options in your practice area and with each payor so that implementing RPM provides financial value for your organization. Ensure that any providers or coding staff in your practice familiarize themselves with the frequently used codes for billing RPM services as well as the requirements for these codes.

  1. When In Doubt, Bring Them In

If you are unsure of the patient’s diagnosis or if there are indicators reported from the patient’s device, for example, spikes in blood pressure or heart rate, consider bringing the patient in for a visit. Also, continue with your documentation standards, and ensure that you fully document your patient’s concerns on a timely basis.

RPM, when appropriately implemented, offers many benefits for both clinicians and patients. RPM can help reduce the number of hospitalizations, inpatient re-admissions, and the lengths of stay in hospitals, ultimately improving the quality of care while also minimizing costs. Although RPM is still a growing field, follow these steps to ensure compliance and to contain potential risks for your healthcare practice.