⚠ Know This Cold
Dial Domination · Compliance

Compliance Reference

TCPA, CMS, HIPAA, ACA, state rules — everything you need to stay licensed and keep your business clean.

Call Window
8am – 8:30pm
Local time in prospect's state. No exceptions.
Consent Records
5 Years
Keep all TCPA consent documentation minimum 5 years.
Recording Disclosure
Every Call
"This call may be recorded" — required on every single call.
Medicare SOA
48 Hours
Scope of Appointment required 48 hrs before Medicare sales call.
TPMO Disclaimer
Required
Must read on all Medicare calls before presenting any plan.
ACA SEP Window
60 Days
Special Enrollment Period must be used within 60 days of qualifying event.
E&O Insurance
Required
Maintain active E&O. Minimum $1M per occurrence recommended.
DNC Honor Window
Immediate
Add to internal DNC immediately when requested. Federal law allows 30 days — we don't wait.
📱
TCPA Consent Requirements
The most important compliance rule in telesales — know it cold
Required
+
What TCPA Requires
Before contacting any lead via phone, text, or autodialer, you must have documented prior express written consent from that person. They must have opted in knowing they would receive calls and texts about insurance products.
✅ What You Must Have
  • Written consent with date, time, and IP address logged
  • Consent language specifically mentioning insurance calls/texts
  • Opt-in checkbox that was NOT pre-checked by default
  • Statement that consent is not required to receive service
  • Opt-out instructions included (STOP keyword)
  • Records kept minimum 5 years
  • Consent verified before first contact on every lead
❌ What You Cannot Do
  • Call leads where you cannot document consent
  • Use a pre-checked consent checkbox on any form
  • Require consent as a condition of service or information
  • Contact anyone on the National DNC Registry without consent
  • Call before 8am or after 8:30pm local time
  • Continue contacting anyone after a DNC request
Penalty: TCPA violations carry fines of $500–$1,500 per call/text. Class action lawsuits are extremely common in telesales. This is the #1 legal risk for independent agents. A single class action can end your business.
📝
Compliant Opt-In Language
Exact language required on all lead capture forms
Required
+
Required Form Language
"By checking this box (optional), I agree to receive SMS text messages and phone calls from [Your Agency Name] at the number provided. Message and data rates may apply. Consent is not required to receive a quote or purchase insurance. Reply STOP to opt out."
Rules for the Checkbox
  • Unchecked by default — always
  • Optional — form must submit without it checked
  • Must say "consent is not required"
  • Must include STOP opt-out language
  • Must include your agency name
SMS Confirmation Message
"You're confirmed for SMS updates from [Agency Name]. Msg & data rates may apply. Reply STOP to cancel, HELP for help."
Calling Hours by Time Zone
8am–8:30pm local time in the prospect's state — always
Critical
+
US Time Zone Reference
Time ZoneStates (Examples)Call Window (Local)
Eastern (ET)VA, NC, SC, FL, NY, PA, OH, GA, MI8:00am – 8:30pm ET
Central (CT)TX, IL, MN, MO, TN, AL, LA, WI8:00am – 8:30pm CT
Mountain (MT)CO, AZ (no DST), NM, UT, ID (south)8:00am – 8:30pm MT
Pacific (PT)CA, WA, OR, NV, ID (north)8:00am – 8:30pm PT
Always confirm the prospect's state before dialing. When in doubt, err on the side of calling later rather than earlier. A call made 5 minutes outside the legal window is still a violation.
🏛️
CMS / TPMO Requirements
Required for all agents selling Medicare Advantage or Part D plans
Required
+
TPMO Disclaimer — Read on Every Medicare Call
"We do not offer every plan available in your area. Currently we represent [number] organizations which offer [number] products in your area. Please contact Medicare.gov, 1-800-MEDICARE, or your local State Health Insurance Program (SHIP) to get information on all of your options."
Non-negotiable: This disclaimer is required by CMS on every Medicare sales and marketing call. Skip it and you are out of compliance — period. Your carrier appointments can be terminated for this.
Scope of Appointment (SOA)
  • SOA must be completed at least 48 hours before a Medicare Advantage or Part D sales appointment
  • SOA must be documented — use your CRM or carrier's SOA form
  • You may only discuss products listed on the SOA
  • Exception: walk-in appointments where the beneficiary initiates the meeting
Medicare Marketing Prohibitions
  • Do NOT call Medicare beneficiaries without a documented lead or referral
  • Do NOT conduct sales at educational events
  • Do NOT claim to be calling from Medicare or the government
  • Do NOT market door-to-door or in care facility common areas
  • Do NOT send unsolicited texts or emails about Medicare plans
  • Do NOT use the Medicare name or logo in misleading ways
Annual Requirements
  • Complete AHIP certification annually before AEP (typically July–August)
  • Complete all required carrier certifications annually
  • Maintain active appointments with all carriers you sell
📅
Medicare Enrollment Periods
Know when you can and cannot enroll clients
Reference
+
PeriodDatesWhat's Allowed
Initial Enrollment (IEP)3 mo before / mo of / 3 mo after 65th birthdayAny Part A, B, C, D plan
Annual Enrollment (AEP)Oct 15 – Dec 7Switch MA plans, add/drop Part D
Open Enrollment (OEP)Jan 1 – Mar 31Switch MA plans once
Special Enrollment (SEP)Triggered by qualifying eventVaries by SEP type
Med Supp Open Enrollment6 months after Part B effectiveAny Med Supp, no underwriting
💊
ACA / Marketplace Compliance Rules
Key rules for agents selling ACA Marketplace and off-exchange plans
Required
+
FFM Agent Registration
  • Must be registered on the Federally Facilitated Marketplace (FFM) to enroll clients on Healthcare.gov
  • Complete annual FFM training through CMS — typically available July/August each year
  • Must have active NPN (National Producer Number) registered with CMS
  • Must maintain E&O insurance to maintain FFM registration
ACA Enrollment Rules
  • Verify qualifying life event documentation before enrolling on SEP
  • Accurately report household income — errors can cause subsidy repayment issues at tax time
  • Confirm the client understands their premium, deductible, and out-of-pocket maximum
  • Disclose your role as an agent/broker and that you receive compensation
  • Never enroll someone in a plan without their knowledge or full understanding
❌ ACA Prohibitions
  • Never enroll a client without their explicit consent and full participation
  • Never misrepresent plan benefits, network, or costs
  • Never switch a client's plan without their knowledge
  • Never claim a plan is "free" without clarifying that the premium is offset by subsidies
  • Never enroll someone in Medicaid without confirming they meet eligibility requirements
Ghost Broking Alert: CMS has been aggressively pursuing agents who enroll clients without consent or change plans without authorization. This is a federal violation — not just a state licensing issue. Penalties include FFM deregistration, fines, and criminal charges.
📊
ACA Subsidy & Income Rules
Accurate income reporting protects your clients at tax time
Critical
+
MAGI Income Definition
For ACA purposes, income is Modified Adjusted Gross Income (MAGI) — not just wages. MAGI includes wages, self-employment income, rental income, Social Security benefits (if taxable), and investment income. Help clients account for all income sources to avoid a tax bill from subsidy repayment.
FPL Thresholds (2026 — 48 Contiguous States)
Household Size100% FPL138% FPL (Medicaid)400% FPL
1$15,060$20,783$60,240
2$20,440$28,207$81,760
3$25,820$35,632$103,280
4$31,200$43,056$124,800
Under ARPA (extended through 2025), PTC is available above 400% FPL with a cap on the premium percentage of income. Check current year rules — these change annually.
🔒
HIPAA — Health Information Privacy
Protecting client health information is your legal and ethical obligation
Required
+
What is PHI
Protected Health Information includes any health information that can identify a specific person — names combined with health conditions, diagnoses, medications, medical history, or treatment information collected during the sales process.
✅ What You Must Do
  • Keep all client health information strictly confidential
  • Only share PHI with carriers as required for underwriting
  • Use only compliant systems to store health data — not personal email or notes apps
  • Lock your device when not in use
  • Report any suspected data breach to your E&O carrier immediately
❌ What You Cannot Do
  • Share client health information with anyone not involved in their coverage
  • Discuss client health details in public places or shared spaces
  • Store health information in unencrypted personal files or cloud storage
  • Use client health information for any purpose other than their insurance
Penalty: HIPAA violations range from $100 to $50,000 per violation. Criminal penalties include up to 10 years imprisonment for intentional misuse. As an independent agent you are personally liable.
🗺️
State-Specific Rules — Recording Consent
One-party vs. two-party consent varies by state — know before you dial
Critical
+
Two-Party (All-Party) Consent States
In these states, ALL parties must consent to being recorded. Your recording disclosure at the start of every call handles this — but you must get verbal acknowledgment before proceeding. If they object, you may not record that call.
StateConsent RequiredAction Required
California (CA)All-partyGet verbal consent before recording
Florida (FL)All-partyGet verbal consent before recording
Illinois (IL)All-partyGet verbal consent before recording
Maryland (MD)All-partyGet verbal consent before recording
Massachusetts (MA)All-partyGet verbal consent before recording
Michigan (MI)All-partyGet verbal consent before recording
Montana (MT)All-partyGet verbal consent before recording
Nevada (NV)All-partyGet verbal consent before recording
New Hampshire (NH)All-partyGet verbal consent before recording
Oregon (OR)All-partyGet verbal consent before recording
Pennsylvania (PA)All-partyGet verbal consent before recording
Washington (WA)All-partyGet verbal consent before recording
All Other StatesOne-partyYour disclosure is sufficient
Two-Party Consent Disclosure Script
"Before we get started — do I have your consent to record this call for quality purposes?"
If they say no in a two-party state — do not record. Note it in your CRM. You can still proceed with the call and the sale. Do not apply for coverage on an unrecorded call without documenting the refusal.
📋
Licensing Requirements
You must be licensed in the state where the client is located at time of sale
Required
+
The Basic Rule
Your license must be active in the state where the client resides at the time of the sale — not where you are located. If you're in Nevada calling a prospect in Texas about a Final Expense policy, you need an active Texas Life & Health license.
License Lines by Product
ProductLicense Line Required
Final Expense / Life / IULLife
Medicare SupplementLife & Health (or Health only in some states)
Medicare Advantage / Part DHealth + AHIP certification + carrier appointment
Hospital Indemnity / Cancer / CIHealth (or Accident & Health)
Dental / Vision / HearingHealth (or Accident & Health)
ACA / MarketplaceHealth + FFM registration
Home Health CareHealth (or Long Term Care in some states)
Unlicensed sales are a felony in most states. Before dialing into any new state, confirm your license is active and appointed with the carrier. Your license number and status can be verified at NIPR.com.
🎙️
Recording Requirements & Best Practices
Record every call — your recordings protect you as much as your clients
Required
+
Why Recording Protects You
Recordings are your primary defense against client complaints, carrier disputes, and regulatory investigations. An agent with clean recordings and proper disclosures survives almost every complaint. An agent without recordings is entirely at the mercy of the client's version of events.
What Must Be Recorded
  • All marketing and sales calls — inbound and outbound
  • All enrollment and application calls
  • Video closes and consultations
  • Any call where you discuss coverage, benefits, or costs
Standard Disclosure — Every Call
"Thank you for calling — this is [Your Name]. Just so you know, this call may be recorded for quality and training purposes."
Two-Party States — Additional Step
"Before we get started — do I have your consent to record this call for quality purposes?"
Storage
Store recordings for a minimum of 3 years. Medicare calls — store for 10 years per CMS requirements. Use cloud storage with access controls. Never store recordings on personal devices only.
🚫
Do Not Call Requirements
Federal and internal DNC — both must be honored immediately
Required
+
National DNC Registry
You cannot call numbers on the National DNC Registry unless you have prior express written consent from that specific number. Scrub all purchased leads against the federal DNC registry before your first contact. Several states maintain their own DNC lists in addition to the federal registry.
Internal DNC — Immediate Action
  • If a prospect says "don't call me" or "put me on your do not call list" — stop immediately
  • Add to internal DNC in your CRM immediately after the call ends
  • Never call or text that number again from any system or number you control
  • Federal law allows 30 days — honor it immediately
DNC Script
"Absolutely — I'll add you to our do not contact list right now and we will not reach out again. I apologize for the interruption. Have a good day."
State DNC Lists
The following states maintain their own DNC registries in addition to the federal list: Texas, Indiana, Wyoming, Colorado, Florida, Louisiana, Massachusetts, Minnesota, Missouri, Montana, Tennessee, and Wisconsin. If you work these states, scrub against both.
Penalty: Federal DNC violations carry fines up to $51,744 per call. State DNC violations carry additional penalties. Three federal violations can trigger FTC investigation and potential license revocation.