RPM Device Regulatory Pathway: FDA, CMS Reimbursement & EU MDR (2026)

RPM device regulation: FDA classification, CMS 2026 CPT codes (99445, 99470), reimbursement rates, SaMD, EU MDR pathway, and commercialization strategy for connected monitoring devices.

Remote Patient Monitoring Has Become a Regulatory and Commercial Discipline of Its Own

Remote patient monitoring (RPM) is no longer a niche category within digital health. It is the fastest-growing segment in connected healthcare, and in 2026 it occupies a distinct regulatory and reimbursement space that sits at the intersection of FDA device classification, CMS billing policy, EU MDR classification, data privacy law, and emerging AI regulation.

The numbers tell part of the story. The RPM market was valued at approximately $1.5 billion in 2023 and is projected to grow to $4.7 billion by 2032 according to IMARC Group, with some estimates placing the addressable market above $60 billion by 2030 when including all connected care infrastructure. Medicare has covered RPM as a billable service since 2018, and CMS has steadily expanded the CPT code framework -- adding two new codes effective January 1, 2026 (CPT 99445 and CPT 99470) and incorporating a 2.5% conversion factor increase legislated by Congress into the 2026 Medicare Physician Fee Schedule. The CMS ACCESS model, launching July 5, 2026, will further institutionalize technology-enabled chronic disease management for Medicare beneficiaries.

On the regulatory side, FDA's January 2026 update to its general wellness policy expanded enforcement discretion for wearable sensor-based products, clarifying the boundary between regulated RPM devices and unregulated wellness tools. EU MDR classifies most RPM devices as Class IIa or Class IIb. The EU AI Act applies to AI-enabled RPM algorithms classified as high-risk medical device AI. The EU Cyber Resilience Act and NIS2 directive impose cybersecurity obligations on connected devices. In the UK, the MHRA requires RPM apps to be registered, with classification mirroring the FDA approach.

This guide covers the complete regulatory, reimbursement, and commercialization landscape for RPM devices in 2026. It is written for regulatory affairs professionals, digital health founders, and market access teams who need to understand not just what rules apply, but how those rules interact and how to build a commercialization strategy around them.

What Qualifies as an RPM Device: Regulatory Definitions and the Device-Wellness Boundary

Before addressing classification and pathway, it is necessary to establish what is and is not an RPM device from a regulatory perspective. The category is broad -- it includes cellular-connected blood pressure monitors, glucometers, weight scales, pulse oximeters, spirometers, ECG monitors, and implantable hemodynamic sensors -- but not every connected health product that transmits physiological data qualifies as a medical device.

The FDA's Device-Wellness Boundary

The FDA draws a line between medical devices and general wellness products. This distinction was sharpened by the agency's January 2026 update to its General Wellness Policy, which expanded enforcement discretion for wearable sensor-based products that measure physiological parameters (heart rate, step count, blood oxygen saturation) without making clinical claims.

Products that fall on the wellness side of the line include fitness trackers, consumer-grade sleep monitors, and apps that display raw vital signs without clinical interpretation. These products may measure the same parameters as RPM devices, but they do not make claims about diagnosing, treating, or managing disease. The FDA does not regulate them as medical devices.

Products that cross the line into device territory include RPM systems that:

Transmit patient data to a clinician for the purpose of managing a diagnosed condition
Generate alerts or clinical notifications based on threshold-based analysis of patient data
Are intended for use in clinical decision-making about treatment adjustments
Are marketed for managing specific conditions such as hypertension, diabetes, heart failure, or COPD

The practical distinction is often determined by intended use as expressed in labeling, marketing materials, and promotional claims. A connected blood pressure cuff that simply displays readings on a smartphone app and stores them for the patient's reference may fall outside FDA enforcement. The same hardware, marketed to clinicians as a tool for managing hypertensive patients with automated alerts for readings above a clinical threshold, is a regulated medical device.

RPM Software and SaMD

RPM software that analyzes patient data to support clinical decisions is typically classified as Software as a Medical Device (SaMD). This includes algorithms that detect deterioration, recommend medication adjustments, or generate risk scores based on trends in physiological data. SaMD is regulated as a medical device in its own right, independent of any hardware component.

Conversely, RPM apps that display raw vitals without clinical interpretation -- presenting a blood pressure reading as a number without analysis, for example -- may fall outside FDA enforcement, provided they do not make clinical claims.

This distinction matters because SaMD classification triggers different regulatory requirements: IEC 62304 compliance for the software lifecycle, clinical evaluation under a defined protocol, and post-market surveillance obligations that go beyond what applies to display-only software.

FDA Regulatory Pathway for RPM Devices

Classification

The FDA classifies most RPM devices as Class II medical devices. This classification applies to connected physiological monitoring devices that are intended for use in diagnosing or managing disease and that present moderate risk to patients. Class II devices require 510(k) clearance -- the manufacturer must demonstrate that the device is substantially equivalent to a legally marketed predicate device.

Common RPM device types and their typical FDA classification:

RPM Device Type	Typical FDA Class	Regulatory Pathway	Examples
Connected blood pressure monitors	Class II	510(k)	Multiple cleared devices
Continuous glucose monitors (CGM)	Class II	510(k) / De Novo	Abbott FreeStyle Libre, Dexcom G7
Connected weight scales (for HF monitoring)	Class I or Class II	510(k) or exempt	Various
Pulse oximeters	Class II	510(k)	Various
Spirometers	Class II	510(k)	Various
ECG monitors (remote/ambulatory)	Class II	510(k)	GE Healthcare Portrait Mobile
Implantable hemodynamic monitors	Class II or Class III	510(k) or PMA	Abbott CardioMEMS
RPM software platforms (SaMD)	Class II (typically)	510(k) or De Novo	Various
Wearable wellness trackers	Not classified (enforcement discretion)	None	WHOOP (consumer), various

The 510(k) pathway requires the manufacturer to identify a predicate device -- a legally marketed device with the same intended use and similar technological characteristics -- and demonstrate substantial equivalence. For RPM devices, predicates are typically earlier-generation connected monitors or telemetry systems that were cleared by FDA.

When De Novo or PMA May Be Required

Most RPM devices follow the 510(k) pathway, but certain situations may require the De Novo classification process or, in rare cases, a Pre-market Approval (PMA) application:

De Novo: Applicable when the RPM device uses a novel technology or has a new intended use for which no adequate predicate exists. The De Novo process creates a new classification regulation and can be used for Class I or Class II devices. AI-enabled RPM algorithms that introduce fundamentally new analytical capabilities may require this pathway.
PMA: Required for Class III devices. In the RPM space, this is uncommon but may apply to implantable monitoring devices that support or sustain life, such as certain implantable cardiac monitors with remote data transmission.

RPM Software and the 510(k)

An RPM platform that consists of both hardware (a connected sensor) and software (a cloud-based analytics and clinician dashboard) may require a 510(k) for the complete system. The software component is evaluated as part of the device submission. FDA expects documentation of the software development lifecycle under IEC 62304, a risk analysis following ISO 14971, and evidence of software validation and verification testing.

For RPM platforms where the software is the primary innovation -- for example, an AI algorithm that analyzes data from multiple connected devices to predict patient deterioration -- the software itself may be the subject of the 510(k) or De Novo submission, even if the connected hardware devices are already separately cleared.

FDA General Wellness Policy Update (January 2026)

The FDA's January 6, 2026 update to its General Wellness guidance expanded the scope of products that qualify as non-devices, particularly for wearable sensor-based products. This is directly relevant to RPM because it clarifies that certain consumer-facing connected sensors fall outside FDA regulation entirely.

Under the updated policy, products that measure physiological parameters (heart rate, activity levels, sleep patterns, blood oxygen) and present this information to users without making disease-specific clinical claims are not considered medical devices. This creates a clear regulatory gradient:

Consumer wellness products (not devices): Display raw physiological data, no clinical claims, no clinical decision support. Not regulated by FDA.
RPM devices with enforcement discretion: Transmit data to clinicians but do not analyze it or generate clinical recommendations. FDA may exercise enforcement discretion.
Regulated RPM devices (Class II): Intended for clinical monitoring, generate alerts or recommendations, used in disease management. Require 510(k) clearance.

Manufacturers building RPM products should map their intended use and marketing claims to this gradient early in development, as the classification determination drives every subsequent regulatory decision.

EU MDR Classification and Pathway for RPM Devices

The European Union regulates RPM devices under the Medical Device Regulation (MDR, Regulation (EU) 2017/745). The EU MDR classification framework is rules-based rather than predicate-based, meaning the classification is determined by the device's characteristics and intended use according to the classification rules in Annex VIII.

Classification Under EU MDR

Most RPM devices are classified as Class IIa or Class IIb under the MDR:

RPM Device Type	Typical EU MDR Class	Applicable Rule(s)
Connected vital signs monitors (BP, SpO2, temperature)	Class IIa	Rule 10 (active therapeutic/measuring devices)
Continuous glucose monitors	Class IIb	Rule 10, Rule 8
Remote ECG monitors	Class IIa or Class IIb	Rule 10
Connected spirometers	Class IIa	Rule 10
RPM software platforms (SaMD)	Class IIa or Class IIb	Rule 11 (standalone software)
Implantable hemodynamic monitors	Class III	Rule 8 (implantable devices)

Rule 11 is particularly important for RPM software. Under the MDR, standalone software is classified based on the significance of the decisions it informs. Software used to guide treatment decisions, provide diagnosis, or triage patients is generally classified as Class IIa at minimum, and Class IIb if the decisions could directly endanger patient safety.

Conformity Assessment Pathway

For Class IIa RPM devices, the conformity assessment is typically carried out by the manufacturer under a quality management system certified by a Notified Body (Annex IX, Chapter I and III, or Annex XI). The Notified Body reviews the quality management system and the device technical documentation on a sampling basis.

For Class IIb RPM devices, the conformity assessment is more rigorous. The Notified Body examines the technical documentation for each device type (Annex IX, Chapter II and III) or conducts examination of a production quality assurance system (Annex XI). This includes review of clinical evaluation data, risk management documentation, and post-market surveillance plans.

Key steps in the EU MDR pathway for RPM devices:

Classification: Determine the appropriate class using the rules in Annex VIII
Quality Management System: Implement ISO 13485-certified QMS
Technical Documentation: Prepare full technical file per Annex II and Annex III, including clinical evaluation report
Clinical Evaluation: Conduct clinical evaluation per Article 61, including systematic review of clinical data and post-market clinical follow-up plan
Notified Body Engagement: Select and contract with a Notified Body designated for the relevant device type
Conformity Assessment: Undergo the assessment procedure appropriate to the device class
CE Marking: Affix the CE mark and issue the EU Declaration of Conformity
EUDAMED Registration: Register the device in the European Database on Medical Devices
Post-Market Surveillance: Establish ongoing post-market surveillance, vigilance reporting, and periodic safety update report (PSUR) system

UK MHRA Requirements

The UK MHRA requires RPM apps to be registered, with classification mirroring the FDA approach. Following Brexit, the UK operates under the UKCA (UK Conformity Assessed) marking regime, though the MHRA continues to accept CE-marked devices under transitional provisions. RPM manufacturers targeting both EU and UK markets should plan for dual conformity assessment.

CMS Reimbursement Framework: CPT Codes, Billing Requirements, and 2026 Changes

Regulatory clearance is necessary but not sufficient for RPM commercialization. Without a reimbursement pathway, providers have no financial incentive to adopt RPM technology. CMS reimbursement for RPM has existed since 2018, and the coding framework has expanded substantially.

The Existing RPM CPT Code Framework

Medicare reimbursement for RPM services is built on a set of CPT codes that cover the three components of an RPM program: device setup and patient onboarding, device supply and data transmission, and clinical monitoring and management.

CPT Code	Description	Billing Requirements	Approximate Payment
99453	Remote monitoring of physiologic parameters -- setup and patient education	One-time per episode of care	~$20
99454	Device(s) supply with daily alert recording or programmed alert transmission -- 16+ days of data in a 30-day period	Requires at least 16 days of data transmission within the billing period	~$47
99457	Remote physiologic monitoring treatment management services -- 20 minutes or more per month	Requires 20+ minutes of clinical staff time reviewing data, communicating with patient, or adjusting treatment	~$50
99458	Remote physiologic monitoring treatment management services -- each additional 20 minutes	Second and subsequent 20-minute increments	~$40

These codes are billed by the treating physician or qualified healthcare professional (or clinical staff under general supervision). They are not billed by the device manufacturer -- the manufacturer's role is to build devices and software that make it possible for providers to meet the billing requirements.

New CPT Codes Effective January 1, 2026

CMS introduced two new CPT codes effective January 1, 2026, expanding the granularity of RPM billing and addressing gaps in the existing framework:

CPT Code	Description	Billing Requirements	Approximate Payment
99445	Device supply for 2-15 days of monitoring in a 30-day period	Covers the scenario where a patient uses the device for fewer than 16 days -- previously a gap in coverage	~$47
99470	Remote physiologic monitoring treatment management -- 10-19 minutes	Covers clinical management that does not reach the 20-minute threshold of CPT 99457	~$26

CPT 99445 is significant because it addresses a long-standing gap. Under the previous coding structure, providers could not bill for device supply unless the patient transmitted data for at least 16 of 30 days. If a patient was on-boarded mid-month, was non-adherent, or experienced a device issue, the provider could not recover costs for the partial period. CPT 99445 covers the 2-to-15-day window at approximately $47, ensuring that RPM programs can be reimbursed even when patient adherence is imperfect.

CPT 99470 fills a similar gap on the management side. Under the previous framework, clinical staff who spent 10 to 19 minutes reviewing RPM data and communicating with patients could not bill for their time because it fell below the 20-minute threshold of CPT 99457. CPT 99470 covers this 10-to-19-minute range, ensuring that even brief clinical interactions are reimbursable.

The 2026 Medicare Physician Fee Schedule Update

Congress provided a 2.5% payment increase for the 2026 Medicare Physician Fee Schedule through the reconciliation package, which CMS incorporated into the final fee schedule. This increase applies across the fee schedule, including RPM CPT codes. While the absolute dollar impact on individual RPM codes is modest, the positive adjustment is notable because it offsets the conversion factor reduction that CMS had initially proposed and signals continued legislative support for RPM reimbursement at a time when many physician services face downward payment pressure from budget neutrality requirements.

Billing Compliance Requirements

RPM billing under Medicare is subject to specific requirements that device manufacturers should understand, because their products and workflows must support provider compliance:

Patient consent: Providers must obtain and document informed patient consent for RPM services
16-day data requirement: For CPT 99454, the patient must transmit data on at least 16 days within a 30-day billing period. CPT 99445 covers the 2-to-15-day alternative
Clinical staff time documentation: For CPT 99457, 99458, and 99470, the provider must document the time spent on RPM management activities
General supervision: Clinical staff providing RPM management services may do so under the general supervision of a physician or qualified healthcare professional
Established patient relationship: RPM services generally require an established patient-physician relationship
Telehealth flexibilities: RPM telehealth flexibilities have been extended through 2029 under CMS rules, allowing RPM services to be provided without requiring an in-person visit

Device manufacturers should design their platforms to automate documentation of data transmission days, generate reports that support clinical time tracking, and produce audit-ready records that align with CMS billing requirements.

The CMS ACCESS Model and Its Implications for RPM Manufacturers

The CMS ACCESS (Advancing Chronic Care with Effective, Scalable Solutions) model, launching July 5, 2026, creates a new reimbursement framework that is directly relevant to RPM manufacturers. ACCESS is a CMS Innovation Center initiative designed to expand technology-enabled integrated care for Medicare beneficiaries with chronic conditions across four clinical tracks: early cardio-kidney-metabolic conditions, established cardio-kidney-metabolic conditions, musculoskeletal conditions, and behavioral health conditions.

What ACCESS Means for RPM

Under ACCESS, CMS provides outcome-aligned recurring payments tied to measurable health outcomes rather than service volume. Clinicians participating in the model can integrate technology-supported care for chronic disease management, and CMS monitors clinician performance with published risk-adjusted outcomes.

For RPM manufacturers, ACCESS creates several implications:

Expanded adoption incentive: Providers participating in ACCESS have a direct financial incentive to adopt RPM technology because CMS is paying for technology-enabled care. This is a stronger adoption driver than the traditional fee-for-service RPM codes, which require providers to invest in RPM infrastructure and then bill incrementally.
Outcome measurement requirements: ACCESS focuses on patient outcomes, not just process compliance. RPM manufacturers whose platforms can demonstrate outcome improvement -- reduced hospital readmissions, improved medication adherence, better glycemic control -- will be positioned favorably with ACCESS participants.
WHOOP selection: WHOOP was selected for the CMS ACCESS model in 2026, marking a significant milestone. A consumer wellness company being selected for a CMS chronic disease management program signals that the boundary between consumer health technology and clinical RPM is blurring -- and that CMS is willing to embrace wearable sensor platforms for Medicare beneficiaries.
Alignment with FDA TEMPO pilot: The FDA TEMPO (Technology-Enabled Meaningful Patient Outcomes) pilot for digital health devices is explicitly linked to the ACCESS model. TEMPO provides enforcement discretion for premarket requirements while manufacturers collect real-world performance data, and ACCESS provides the payment infrastructure. RPM manufacturers considering TEMPO should coordinate their regulatory and reimbursement strategy around both programs.

ACCESS Timeline

Date	Milestone
January 12, 2026	ACCESS model applications opened
April 1, 2026	Application deadline for first performance period
July 5, 2026	ACCESS model launches (first performance period begins)

HIPAA Compliance in the United States

RPM programs must comply with the Health Insurance Portability and Accountability Act (HIPAA) for data handling. HIPAA applies to covered entities (healthcare providers, health plans, healthcare clearinghouses) and their business associates. For RPM manufacturers, HIPAA compliance typically arises in two contexts:

As a business associate: If the RPM manufacturer receives, stores, processes, or transmits protected health information (PHI) on behalf of a covered entity, the manufacturer is a business associate and must execute a Business Associate Agreement (BAA). This is the most common scenario for cloud-based RPM platforms that store patient data.
As a provider of tools used by covered entities: Even when the manufacturer is not a business associate, the RPM platform must support the covered entity's HIPAA compliance by providing appropriate technical safeguards (encryption, access controls, audit logging) and administrative safeguards (policies, training, incident response).

Key HIPAA requirements for RPM platforms include:

Privacy Rule: Limits on the use and disclosure of PHI; minimum necessary standard; patient rights to access and amend their records
Security Rule: Administrative, physical, and technical safeguards for electronic PHI (ePHI), including access controls, encryption in transit and at rest, integrity controls, and audit controls
Breach Notification Rule: Requirements for notifying affected individuals, HHS, and (in some cases) the media following a breach of unsecured PHI

In the EU, RPM devices that process personal data of EU residents must comply with the General Data Protection Regulation (GDPR). Health data is classified as a special category of personal data under GDPR (Article 9), which imposes stricter processing requirements:

Legal basis for processing: Explicit consent or another valid legal basis under Article 6 and Article 9
Data protection impact assessment (DPIA): Required for processing that is likely to result in high risk to individuals, which includes health data processing at scale
Data minimization: Only collect data that is necessary for the specified purpose
Right to erasure: Patients can request deletion of their data, subject to certain exceptions
Cross-border data transfers: Transfer of health data outside the EU requires adequate safeguards (Standard Contractual Clauses, adequacy decisions, or other mechanisms)

RPM manufacturers targeting both the US and EU markets must build data architectures that satisfy both HIPAA and GDPR simultaneously, which is achievable but requires deliberate design choices around data residency, encryption, access controls, and consent management.

Cybersecurity Under EU MDR, EU CRA, and NIS2

The EU MDR requires connected devices to address cybersecurity risks. This obligation is reinforced by the EU Cyber Resilience Act (CRA) and the NIS2 directive, which impose cybersecurity obligations on manufacturers of products with digital elements and on operators of essential and important services (including healthcare).

For RPM manufacturers, the overlapping cybersecurity requirements create a layered compliance framework:

EU MDR: Cybersecurity risk management integrated into the device design and risk management file; requirements for IT security measures in the technical documentation; post-market surveillance for cybersecurity vulnerabilities
EU CRA: Requirements for products with digital elements, including vulnerability handling processes, security updates, and Software Bill of Materials (SBOM) obligations
NIS2: Cybersecurity risk management measures for entities in the healthcare sector; incident reporting obligations; supply chain security requirements

The practical impact is that RPM manufacturers targeting the EU market must incorporate cybersecurity into the entire product lifecycle -- from design (secure-by-design principles, threat modeling) through development (secure coding practices, penetration testing) through deployment (security updates, vulnerability monitoring) through decommissioning.

AI-Enabled RPM and the EU AI Act

A growing number of RPM platforms incorporate AI or machine learning algorithms that analyze patient data to detect deterioration, predict adverse events, or recommend clinical interventions. These AI-enabled RPM systems face an additional layer of regulation under the EU AI Act.

Classification of AI-Enabled RPM Under the EU AI Act

The EU AI Act classifies AI systems by risk level. AI-enabled RPM algorithms that are themselves classified as medical devices -- or that are safety components of medical devices -- are classified as high-risk AI systems under the Act. This means that an RPM algorithm that is part of a Class IIa or Class IIb medical device under the MDR is simultaneously a high-risk AI system under the AI Act.

High-risk AI systems must comply with the AI Act's requirements for:

Risk management system: Ongoing identification, analysis, and mitigation of risks
Data governance: Training data must meet quality criteria, including relevance, representativeness, and bias assessment
Technical documentation: Comprehensive documentation of the AI system's design, development, and performance
Transparency and information provision: Users must be informed that they are interacting with an AI system, and the system's capabilities and limitations must be documented
Human oversight: Design must enable effective human oversight, including the ability to override or stop the system
Accuracy, robustness, and cybersecurity: Demonstrated performance metrics, resilience to errors, and cybersecurity protections
Post-market monitoring: Ongoing monitoring of the AI system's performance in real-world use
Conformity assessment: Assessment by a Notified Body or through internal controls, depending on the classification

Compliance Timeline

The EU Digital Omnibus extended the compliance deadline for high-risk AI systems that are medical devices to August 2028. This gives RPM manufacturers additional time to comply with the AI Act's requirements, but the complexity of dual compliance (MDR + AI Act) should not be underestimated. Manufacturers should begin integrating AI Act requirements into their quality management systems and technical documentation well before the deadline.

Impact on FDA Strategy

The FDA does not have an equivalent to the EU AI Act's prescriptive requirements for high-risk AI systems. However, the FDA does expect AI-enabled RPM devices to address bias, generalizability, and performance monitoring through its existing device regulatory framework -- including 510(k) or De Novo submissions, post-market surveillance, and the Predetermined Change Control Plan (PCCP) framework for adaptive algorithms. RPM manufacturers pursuing both US and EU market access should design their AI governance frameworks to satisfy both jurisdictions from the outset, rather than attempting to layer EU requirements onto an FDA-only compliance architecture later.

RPM Device Examples and Their Regulatory Pathways

Examining specific RPM products that have navigated the regulatory process provides practical context for manufacturers developing new devices.

Abbott FreeStyle Libre (Continuous Glucose Monitor)

Abbott's FreeStyle Libre family of continuous glucose monitors is one of the most commercially successful RPM device platforms in the world. The FreeStyle Libre system consists of a wearable sensor that continuously measures glucose levels in interstitial fluid and a compatible smartphone app or reader that displays the data. The system is classified as a Class II medical device by the FDA and was cleared through the 510(k) pathway. Abbott expanded the platform with the Libre Duo, which received CE marking for dual glucose and ketone sensing. The FreeStyle Libre ecosystem demonstrates the RPM model at scale: the device transmits patient data to a cloud platform that clinicians can access, enabling remote monitoring of diabetic patients.

Dexcom G7 (Continuous Glucose Monitor)

Dexcom's G7 continuous glucose monitoring system is another FDA-cleared Class II RPM device. Like the FreeStyle Libre, it was cleared through the 510(k) pathway. The G7 transmits glucose data to a smartphone app and cloud platform, where it can be reviewed by clinicians. Dexcom has also pursued integration with automated insulin delivery systems, expanding the RPM functionality from passive monitoring to active treatment management.

GE Healthcare Portrait Mobile (Remote Patient Monitoring)

GE Healthcare's Portrait Mobile is a wireless wearable patient monitoring system that enables continuous monitoring of vital signs (including SpO2, heart rate, respiratory rate, and pulse rate) in hospital and post-discharge settings. The device received FDA 510(k) clearance as a Class II medical device. Portrait Mobile is designed to extend hospital-grade monitoring into the home, bridging the gap between inpatient telemetry and traditional RPM.

Abbott CardioMEMS (Implantable Hemodynamic Monitor)

Abbott's CardioMEMS is an implantable pulmonary artery pressure sensor that enables remote hemodynamic monitoring of heart failure patients. The sensor is implanted in the pulmonary artery and transmits pressure data wirelessly to a bedside unit, which forwards the data to a clinician portal. CardioMEMS is one of the most advanced RPM devices on the market -- an implantable sensor with remote data transmission and clinical decision support. It was approved through the PMA pathway as a Class III device, reflecting the higher risk associated with an implantable monitoring system.

RhythMedix RhythmStar SL (Cardiac Monitoring)

RhythMedix launched the RhythmStar SL cardiac monitoring wearable with built-in 4G connectivity, eliminating the need for a paired smartphone for data transmission. The device provides continuous cardiac rhythm monitoring and transmits data directly over cellular networks to a clinician portal. This approach simplifies the RPM workflow by removing the smartphone dependency that limits adoption among elderly patients -- a significant consideration given that Medicare is the primary payer for RPM services.

ProSomnus RPMO2 Mandibular Jaw Device

ProSomnus received FDA clearance for the RPMO2 Mandibular Jaw Device with remote monitoring capability. This device illustrates the expanding scope of RPM beyond traditional vital signs monitoring into therapeutic devices with integrated remote monitoring. The device treats obstructive sleep apnea while incorporating sensors that enable remote monitoring of patient adherence and therapeutic efficacy.

Biotronik and MiCare Path Partnership

In February 2026, Biotronik partnered with MiCare Path for RPM in cardiology. This partnership illustrates an emerging trend in the RPM market: device manufacturers partnering with specialized RPM platform providers rather than building their own software infrastructure. For regulatory purposes, the combination of a Biotronik cardiac device with MiCare Path's RPM software may constitute a system that requires evaluation under both hardware and software regulatory frameworks.

Philips and Medtronic RPM Collaboration

Philips expanded its RPM collaboration with Medtronic in June 2025, combining Philips' patient monitoring platform with Medtronic's respiratory and surgical care devices. This collaboration reflects the convergence of hospital-grade monitoring technology with RPM, and the regulatory strategy must account for the combination product aspects of integrating multiple device types into a unified monitoring platform.

Commercialization Strategy: From FDA Clearance to CMS Coverage

The commercialization of an RPM device requires simultaneous execution across regulatory, reimbursement, and clinical adoption workstreams. The most common mistake RPM manufacturers make is treating regulatory clearance as the finish line rather than the starting line.

The RPM Commercialization Timeline

Phase	Activities	Timeline
1. Regulatory Planning	Classification determination; predicate identification; 510(k) strategy; SaMD assessment	Pre-submission
2. FDA Submission	510(k) or De Novo submission; software documentation; clinical evidence	3-12 months (submission to clearance)
3. Reimbursement Planning	CPT code mapping; coverage analysis; payer engagement; health economics evidence development	Concurrent with Phase 2
4. Market Access	Provider engagement; RPM platform integration; billing workflow support; clinical evidence generation	Post-clearance
5. Scale and Expansion	ACCESS model participation; TEMPO pilot (if applicable); outcome data collection; private payer contracting	Ongoing

Building the Reimbursement Case

For RPM devices, the reimbursement case is built on three pillars:

Coding fit: Does an existing CPT code adequately describe the service your device enables? For most RPM devices, the answer is yes -- the existing RPM CPT codes (99453, 99454, 99457, 99458) and the new 2026 codes (99445, 99470) cover the core RPM services. If your device enables a fundamentally new type of monitoring that is not captured by existing codes, you may need to pursue a new Category III CPT code through the AMA CPT Editorial Panel.
Coverage evidence: Does clinical evidence support a coverage determination? Medicare Administrative Contractors (MACs) may issue Local Coverage Determinations (LCDs) for RPM services, and CMS may issue National Coverage Determinations (NCDs) for specific RPM technologies. Building the evidence base through clinical studies, real-world data, and health economics outcomes research is essential.
Payment adequacy: Are the payment rates sufficient to drive provider adoption? The RPM CPT codes have established payment amounts, but these amounts may not cover the full cost of an RPM program that includes device provisioning, data platform fees, and clinical staff time. Manufacturers should model the provider economics to ensure that the RPM program is financially viable at current reimbursement rates.

Provider Adoption Strategy

RPM adoption by providers is driven by clinical utility, financial viability, and workflow integration. Manufacturers should:

Demonstrate clinical value: Provide evidence that RPM improves patient outcomes -- reduced hospitalizations, better chronic disease control, improved medication adherence
Simplify billing compliance: Design the RPM platform to automatically track data transmission days, clinical staff time, and patient consent documentation -- the data elements required for CMS billing
Support workflow integration: Integrate with electronic health records (EHRs) and clinical workflows to minimize the burden on clinical staff
Address the elderly patient population: Medicare is the primary payer for RPM services, which means the patient population skews older. RPM devices and apps must be designed for patients who may not be comfortable with smartphones, Bluetooth pairing, or app-based interfaces. The RhythMedix RhythmStar SL's built-in 4G connectivity is a good example of designing around this constraint.

International Market Access

For RPM manufacturers targeting both the US and EU markets, the regulatory strategy should be designed for parallel execution:

FDA 510(k) + EU MDR conformity assessment: These can be pursued concurrently, with the technical documentation structured to satisfy both regulatory frameworks
Clinical evidence: Clinical evaluation data can be designed to meet both FDA requirements (substantial equivalence) and EU MDR requirements (clinical evaluation per Article 61)
Quality management system: ISO 13485 certification supports both FDA QMSR compliance and EU MDR Annex IX requirements
Data privacy: Build for both HIPAA and GDPR compliance from the outset, rather than attempting to retrofit one framework onto the other
AI governance: For AI-enabled RPM, design the AI risk management framework to address both FDA expectations (bias assessment, generalizability) and EU AI Act requirements (data governance, human oversight, transparency)

Market Outlook and Trends

The RPM market in 2026 is characterized by rapid growth, expanding reimbursement, and increasing regulatory sophistication. Several trends will shape the market over the next several years:

Reimbursement expansion will continue. CMS has consistently expanded RPM coverage and payment since 2018, and the addition of CPT 99445 and 99470 in 2026 demonstrates continued momentum. The ACCESS model, with its outcome-aligned payments, represents a shift from fee-for-service RPM reimbursement to value-based RPM reimbursement. RPM manufacturers should prepare for a reimbursement landscape that increasingly rewards clinical outcomes rather than volume of monitoring.

The device-wellness boundary will continue to blur. WHOOP's selection for the CMS ACCESS model in 2026 is a signal that consumer wearable companies are moving into clinical RPM territory. FDA's expanded general wellness enforcement discretion in January 2026 creates a larger zone of products that can operate without premarket clearance. RPM manufacturers should expect increasing competition from consumer health companies that are moving upmarket into clinical applications.

AI-enabled RPM will face dual regulation. The EU AI Act's requirements for high-risk AI systems in medical devices will impose significant compliance obligations on AI-enabled RPM manufacturers targeting the EU market, with compliance deadlines extended to August 2028. Manufacturers that build AI governance into their development processes now will be better positioned than those that attempt to comply retroactively.

Cybersecurity will be a market access requirement, not an afterthought. FDA Section 524B, EU MDR cybersecurity requirements, the EU Cyber Resilience Act, and NIS2 all impose cybersecurity obligations on connected medical devices. RPM devices, which by design transmit patient data over networks, face heightened cybersecurity scrutiny. Manufacturers that treat cybersecurity as a core design requirement rather than a compliance checkbox will have a competitive advantage.

Partnerships and collaborations will accelerate. The Biotronik-MiCare Path partnership (February 2026) and the Philips-Medtronic expansion (June 2025) illustrate a trend toward device manufacturers partnering with specialized RPM platform providers. This allows device companies to focus on hardware and sensor technology while leveraging established RPM software infrastructure. For regulatory purposes, these partnerships create combination product considerations that must be addressed in the regulatory strategy.

Implantable RPM will grow. Abbott's CardioMEMS demonstrated that implantable sensors with remote data transmission are commercially viable and clinically effective. As sensor miniaturization advances and the clinical evidence base grows, expect more implantable devices with integrated RPM capabilities, particularly in cardiology, endocrinology, and neurology.

The RPM market is at an inflection point in 2026. The regulatory framework is maturing, reimbursement is expanding, and the technology is advancing rapidly. For manufacturers, the opportunity is significant, but success requires simultaneous excellence across regulatory strategy, reimbursement planning, clinical evidence generation, and provider workflow integration. The companies that navigate all four dimensions effectively will define the next decade of connected healthcare.