Exploring the interaction between CMS and TCPA one-to-one consent requirements

In the recent webinar “Harmonized Compliance: Consent Strategies for CMS Medicare and TCPA”, our Director of Privacy, Security, and Compliance, Benjamin Farrar delves into the complexities inherent in the new Federal Communications Commission’s (FCC) one-to-one consent and Centers for Medicare and Medicaid Services (CMS) Medicare rules.

His guests, John Henson, Attorney at Troutman Amin, and Chris Deatherage, General Counsel at Apollo Interactive, add their invaluable expertise to unravel these intertwining regulations.

Understanding the CMS ecosystem

As Chris explains, health insurance carriers that have direct contracts with the Centers for Medicare and Medicaid Services (CMS) often outsource their enrollment marketing activities to sales agents, brokerages, or marketing agencies. Most carriers do not manage these processes internally. CMS exercises its regulatory authority over these carriers, as they are the contracted parties. 

Although CMS does not have direct control over the marketing affiliates or field marketing organizations associated with these carriers, it extends its influence by imposing regulatory requirements on the carriers. These carriers are then responsible for ensuring that the third-party marketing organizations (TPMOs) they work with also adhere to these stipulations.

What are the new CMS requirements?

According to our expert speakers, a significant shift looms on the horizon for TPMOs. By October 1, they will be required to acquire the express written consent of beneficiaries before disclosing their personal data to other TPMOs.

As John explains, TPMOs are “any organizations or individuals that are compensated to perform lead generation, marketing, sales, and enrollment-related functions as part of the chain of enrollment in a Medicare Advantage (MA) or Part D plan.”

This deadline is four months before the TCPA one-to-one consent deadline on January 27. It’s crucial to address this now, not just because of the looming October 1 deadline, but also because any leads you contact or data you share after this date must have prior express consent.

Waiting until October to implement this means you’ll need consent in real time as new leads come in, essentially starting with a clean slate. If your sales cycle lasts 6 to 8 weeks, you should start preparing now to ensure you have a ready pool of contacts and can transfer their information by October 1, as John suggests.

Similarities and differences between CMS and TCPA one-to-one consent requirements

As John expresses, the TCPA one-to-one consent requirement mandates that each consumer explicitly grants permission to individual sellers (lead buyers or goods and service providers), often facilitated through selectable checkboxes labeled with options like “I consent to have seller A, seller B, seller C contact me.” This requirement is set to take effect on January 27.

Similarly, CMS has introduced a rule that aligns with the TCPA’s changes, even referencing them directly. However, a key difference lies in the scope of these regulations: the TCPA’s changes primarily govern the conditions under which consumers can be contacted by phone or text message, while the CMS rule pertains to if and how consumer data can be shared with other TPMOs.

This distinction is crucial as it extends beyond mere consent for communication technologies.

As Chris highlights, it’s also crucial to note that the TCPA and CMS rules differ significantly in their definitions of key terms. The TCPA specifically defines a “seller,” which often does not align with the definition of a “TPMO” under CMS regulations.

Typically in the insurance industry, the “seller” refers to the entity issuing the insurance policies, such as Humana, United Healthcare, Anthem, Elevance – these are the carriers. On the other hand, a TPMO is not a carrier; it is the agency or individual responsible for enrolling the beneficiary. This distinction marks a significant point of divergence between the two sets of regulations.

Uncovering critical unknowns for individuals and the marketplace

According to Chris, it’s crucial to align closely with your lead buyer base, and if you’re a lead aggregator, your lead source base as well.

This is particularly important because, unlike the TCPA, which requires only the end consent for a seller regardless of who else is involved, CMS focuses heavily on data transfer. You must consider how many TPMOs are involved in your chain and determine how many entities in your current funnel require explicit consent.

If the chain between the initial point of generation and the final caller includes too many entities, obtaining one-to-one TPMO consent for all involved may not be practical. Therefore, it’s essential to critically evaluate your funnel to determine which entities need to be included and whose names need to be disclosed.

According to Chris, inbound calls provide some flexibility in sourcing information from the caller, but are not as available for onward data sharing. The drawback is the lack of immediate access to consumer data, which can be more convenient for organizations wanting to initiate outbound contact at a time that suits them best.

Thus, while both inbound calls and data  leads offer distinct advantages, they also come with very different requirements.

For example, imagine you’re handling a call in Alabama and can’t assist the consumer, but you know Chris in California can. You could ask the consumer, “I’m unable to help you, but I can connect you to Chris who can. May I transfer you to him?” If the consumer agrees, you can proceed with the transfer. However, what you must not do is add, “If Chris can’t help you, I’ll also send your information to Ben.” This is not permissible because the assistance must be immediate.

You cannot plan to transfer the consumer’s information down a chain; it must be a direct connection to the person who can provide immediate help.

John also highlights how crucial it is to have a thorough understanding of your lead flow and its trajectory. It’s no longer just about knowing that the lead will eventually reach a major lender or insurance company. The focus should also be on the pathway it takes to get there, ensuring that both the consumers and you, as the lead generator, are protected throughout the process.

According to Chris, It’s also crucial to understand that in the context of the TCPA, you might think that avoiding the use of auto-dialers, pre-recorded messages, or artificial voices, and scrubbing against the DNC list makes any contact permissible if the number isn’t listed. 

However, this isn’t the case with CMS regulations.

One last thing to note, as John explains, is that many companies in this sector depend on independent contractor agents, which poses challenges under the new CMS rule. This rule treats TPMOs at the entity level.

For instance, if John and Chris are both agents or brokers at Apollo Insurance, John can share your information with Chris if you’ve consented. However, if they are independent contractors at Apollo, John will need your explicit consent to share your information with Chris, even though they are under the same parent company.

John notes that many firms are reevaluating their strategies due to this. Some of John’s clients are moving away from using data leads for their divisions that utilize independent contractors, opting instead to rely on warm transfers.

Exploring consent considerations for inbound calls and transfer scenarios

For an inbound call, when the consumer initiates contact, transferring is permissible, as John says. Under CMS guidelines, you can transfer the call as long as the recipient is able to immediately resolve the consumer’s issue.

The TCPA also allows for this transfer, but the person receiving the transfer isn’t authorized to call the individual back without their consent. So, in the case of an inbound call, you have to ask for the consumer’s consent in order to call them back.

What about outbound calls?

As Chris explains, for outbound calls, regulations from both TCPA and CMS are relevant. The caller must have obtained prior express written consent under TCPA before making the call to the consumer, unless exceptions related to “regulated technology” or Do Not Call (DNC) scrubbing apply.

If the call involves transferring the consumer to another party, such as in scenarios where your service acts as an agency connecting consumers with agents or brokers, you must also secure CMS consent during the call before making that transfer. Essentially, this situation requires dual consent: one from TCPA and another from CMS.

Capture and store documentation of consent with TrustedForm

TrustedForm is the ultimate compliance solution for documenting TCPA consent on digital lead capture forms.

TrustedForm helps brands:

• Document TCPA consent and capture exactly when and where your contacts have requested communication.
• Access and store proof of consent for five years in case they need it to address potential litigation.
• Optimize the consent capture process by enabling users to identify and categorize TCPA consent language for different lead vendors.
• Know if consent was properly presented by a lead publisher/seller.

Takeaways

The webinar “Harmonized Compliance: Consent Strategies for CMS Medicare and TCPA” discussed the implications of the CMS Medicare and TCPA one-to-one consent capture on lead generation. While the new CMS requirements were announced in April and will go live in October, the panelists stressed the need for companies to understand these changes and implement compliance measures promptly.

The webinar also delved into the challenges and potential solutions for capturing consent in lead generation, especially in the context of the new CMS one-to-one consent requirements. Whether companies are focusing on data leads, outbound transfers, or inbound calls, the panelists stressed the importance of obtaining appropriate consent before sharing data.

The panelists highlighted the high stakes of non-compliance, urging companies to take these regulations seriously and implement rigorous compliance measures.

In conclusion, while the CMS Medicare and TCPA one-to-one consent capture rules present significant challenges for lead generation and performance marketing industries, they also provide an opportunity for companies to review and enhance their compliance measures.

As Benjamin noted, this is a key time for companies to “start proactively reaching out and having those conversations for either outside legal advice or internally with their technology groups.”

DISCLAIMER: This page and all related links are provided for general informational and educational purposes only and are not legal advice. ActiveProspect does not warrant or guarantee this information will provide you with legal protection or compliance. Please consult with your legal counsel for legal and compliance advice. You are responsible for using any ActiveProspect Services in a legally compliant manner pursuant to ActiveProspect’s Terms of Service. Any quotes contained herein belong to the person(s) quoted and do not necessarily represent the views and/or opinions of ActiveProspect.