Theta Lake Blog

Regulatory Perspectives From Theta Lake

Posted by Stacey English on Oct 3, 2022 6:45:00 AM
Stacey English
Find me on:

How to Comply With the New CMS Communications and Marketing Requirements for Medicare Advantage and Part D Conversations

New recording, disclosure, and compliance rules

New electronic communications recording, disclosure, and oversight rules from the Centers for Medicare &Medicaid Services (“CMS”), effective 1 October 2022, highlight the heightened scrutiny around the sale of complex healthcare products, to promote transparency and protect consumers.  In a digital age where prospects are bombarded with telemarketing calls, online advertising, social media, and promotions from celebrities and influencers, it’s more important than ever that they receive accurate information about sophisticated products.  Clarity is particularly critical when it relates to the purchase of essential healthcare services.

The new CMS rules can be viewed as part of a broader global trend toward increased disclosure for complex healthcare, financial, or insurance products directly marketed to customers.  Complaints about misleading advertising and sales of Medicare Advantage (“MA”) plans and Part D were the key catalyst for the CMS regulatory updates.  In the one year period between 2020 and 2021 the number of complaints submitted to CMS soared from less than 16,000 to over 39,000 – a staggering increase.

The new CMS obligations consist of three core components:

1. The first, and most impactful, is the requirement for third party marketing organizations (“TPMOs”) to record or capture any electronic communications of sales conversations about MA plans or Part D.  This includes telephone calls and any other interactions including emails, chats, and video conferences on platforms like Microsoft Teams, Zoom, RingCentral or Webex.

2. Next, CMS mandates the provision of specific disclaimer language during the first minute of a telephone call or within the relevant electronic communication.

3. Finally, TPMOs must report monthly disciplinary actions or violations to the “first tier entities,” such as insurance providers.

The obligations are critical to ensuring the regulators and “first tier entities” can review communications with customers to determine what information and advice was given in the event of a complaint or investigation. 

The challenge for TPMOs

The requirements could create significant challenges for TPMOs not previously subject to mandates to record calls or other electronic communications, provide routine disclaimers, or report on compliance issues.  The basic tasks of recording, archiving, and supervising communications for compliance and disciplinary purposes are compounded by the fact that they occur across multiple modern platforms like Zoom, Slack, Microsoft Teams, RingCentral as well as mobile applications, SMS, and WhatsApp.

Here’s what you need to know about the new rules and the steps you can take to comply:

The new rules at a glance

  • Agents making calls or using any electronic communications platforms (email, chat, collaboration tools) for Medicare Advantage and Part D sales are required to record all conversations.
  • The call recordings need to be stored for a minimum of 10 years. 
  • The rules apply to calls with existing patients as well as prospective clients.
  • This new disclaimer:  “I/We do not offer every plan available in your area. Please contact or 1-800-MEDICARE to get information on all your options” must be: 
    • Said within the first 60 seconds of a sales call
    • Displayed when communicating through email, online chat, or other electronic methods.
    • Displayed prominently on all third-party marketing organization websites and marketing materials.
  • Monthly reports of disciplinary actions or violations must be provided to first tier entities.
  • Effective from 1 October 2022

How to comply 

  • Ensure that you are able to record all calls or electronic communications, whether they are made through platforms like Zoom, Slack, Microsoft Teams, RingCentral, mobile phones, or WhatsApp.
  • You need to be able to retain the growing volumes of records for at least 10 years.
  • Make sure you can easily search and retrieve records so that they can be provided without delay when requested by regulators.
  • You must be able to review the conversations to identify instances of where inappropriate or non-compliant behavior occurred.
  • Retaining your records in a way that meets HIPAA compliance is important to ensure that sensitive medical or personal data is protected.
  • Ensure that you have a way of including the mandated disclaimer into all communications. That includes written communications like chat messages.

How Theta Lake can help

Theta Lake’s multi-award winning product suite provides patented compliance and security for modern communications utilizing over 100 frictionless partner integrations that include RingCentral, Webex by Cisco, Microsoft Teams, Slack, Zoom, Movius and more. Here’s some of the ways we can help you comply with new CMS rules:

  • Theta Lake captures and compliantly archives communications including video, voice, and chat to comply with CMS rules.  It also acts as an archive connector, enabling existing archives and data storage to be utilized without disruption.
  • Analyze telephone calls and written electronic communications to validate that the CMS Disclaimer has been provided.
  • AI-enabled automated detection of problematic behavior requiring reporting under the CMS rule, such as profanity, abuse, and complaints.  Identified risks are surfaced in an AI-assisted review workflow providing an efficient and effective review process for compliance teams.
  • There’s complete flexibility to set retention periods to suit your needs, e.g. 10 years+ to comply with the CMS rules
  • Easily search and retrieve content, as well as apply legal-holds, manage cases, and export raw data with auditor friendly reports
  • Theta Lake’s Suite is SOC 2, Type II audited and maps controls to ISO 27001 and HIPAA. Confidential, sensitive, PII or health data can be automatically redacted to meet data privacy obligations.
  • The ability to automatically insert a disclaimer into communications like  Microsoft Teams chat conversations.

Stacey English
Director of  Regulatory Intelligence

Learn more:
For additional insights follow Theta Lake on LinkedIn and Twitter


Topics: compliance, healthcare, record-keeping, electronic communications, archiving

Comment Here

Theta Lake provides security and compliance for modern collaboration platforms using frictionless partner integrations with Cisco Webex, Microsoft Teams, RingCentral, Slack, Zoom, and more. Using patented machine learning and NLP, Theta Lake detects risks in: video, voice, chat, and document content across what is shared, shown, spoken, and typed. Those risks are surfaced in an AI-assisted, patent-pending review workspace that adds consistency, efficiency, and scale for security and compliance teams. All of this enables organizations to safely realize the full ROI of a collaboration-first workplace while reducing the cost of security and compliance.

Subscribe here to stay up to date!