Are you absolutely certain that all Medicare calls made by your agency are completely compliant with CMS regulations?
For many Medicare agents and agencies, following recording regulations, obtaining consent, and maintaining documentation has become increasingly difficult.A single missed recording or compliance gap can lead to audits, penalties, or carrier issues.
In this blog, we'll break down the latest CMS call recording requirements for 2026, who must comply, potential penalties, and how to build an audit ready compliance process with confidence.
What Are CMS Call Recording Requirements?
- According to CMS, Medicare plans and Third Party Marketing Organizations (TPMOs), which include independent agents, brokers, and lead generators, are expected to capture all marketing and sales calls in their entirety, including the audio portion of calls made using web based technologies such as Zoom or FaceTime.
- These calls should be securely stored in a manner that is HIPAA compliant and should be retained for a minimum of 10 years to ensure that they are accessible in the event of a CMS audit or in response to a complaint from a Medicare beneficiary.
Who must comply (carriers, agents, TPMOs, FMOs)
The reach of the CMS call recording requirements is intentionally broad. CMS defines a TPMO as any organization or individual compensated to perform lead generation, marketing, sales, or enrollment related functions as part of the chain of enrollment. This means:
- Independent Agents and Brokers: Even if you are a solo practitioner, you are a TPMO. There is no small business exemption for these rules.
- Captive Agents: Agents working directly for a single carrier must adhere to the same recording standards.
- FMOs and Agencies: Large organizations must provide the infrastructure and oversight to ensure their downstream agents are compliant.
- Lead Vendors: Any firm that collects beneficiary data for the purpose of selling it to an agent must record the initial outreach that established the permission to contact.

When the requirements apply
The mandate is triggered by the content of the conversation, not just the intent to enroll. If your discussion could influence a beneficiary's decision regarding a Medicare Advantage or Part D plan, the CMS call recording requirements apply.
- Marketing & Education: Explaining plan features, star ratings, or comparing two different Medicare Advantage plans.
- Needs Assessments: Asking a beneficiary about their doctors, current medications, or monthly budget.
- Enrollment: The actual telephonic application process.
- Retention: Retention marketing, or calls intended to persuade a client to stay with their current plan, must also be recorded.
Purely administrative calls, such as those made solely to schedule an in person appointment or to confirm a mailing address, do not strictly require recording. However, from a CEO’s perspective, I recommend recording every call.
A simple scheduling call can instantly turn into a marketing discussion if the client asks, Wait, does my doctor still take this plan? At that moment, the CMS call recording requirements go into effect, and if you aren't already recording, you are in violation.
Why CMS Call Recording Compliance Matters More Than Ever

The market for Medicare Advantage plans is still expanding quickly.
There are millions of beneficiaries who depend on the services of agents and brokers to help them navigate through the plans’ intricacies.
More enrollment means more regulation.
CMS has increased scrutiny of:
- Marketing practices
- Beneficiary communications
- TPMO activities
- Enrollment conduct
- Documentation processes
The result is simple.
- If an auditor asks for proof of what happened during a sales interaction, your organization must be able to provide it quickly.
- Compliance is no longer a back office function.
- It is now a business survival requirement.
2026 CMS Call Recording Rule: What Changed?
CMS has continued strengthening oversight of Medicare marketing and enrollment activities through updates to Medicare Communications and Marketing Guidelines (MCMG) and regulations governing Medicare Advantage and Part D organizations.
Several requirements remain especially important in 2026.
1. Greater Accountability for Medicare Sales Conversations
- CMS expects organizations to maintain documentation supporting beneficiary interactions.
- This includes conversations that influence enrollment decisions, plan comparisons, benefit discussions, and marketing activities.
- The objective is transparency.
- CMS wants a verifiable record showing what information was provided to beneficiaries and whether marketing practices followed approved standards.
2. Extended Record Retention Expectations
Organizations participating in Medicare sales activities must maintain records for extended periods.
For many organizations, retention obligations can extend to 10 years depending on regulatory and contractual requirements.
Records may include:
- Call recordings
- Enrollment records
- Scope of Appointment forms
- Consent documentation
- Marketing materials
- Agent communications
3. Increased TPMO Oversight
Third Party Marketing Organizations remain one of CMS's primary enforcement priorities.
TPMOs include:
- Independent agents
- Agencies
- FMOs
- Lead generators
- Enrollment vendors
- Call centers
Organizations are expected to maintain stronger documentation and oversight procedures than ever before.
4. Faster Audit Response Requirements
- When CMS investigates a complaint, organizations must often provide supporting documentation quickly.
- Without a centralized compliance process, finding recordings, transcripts, and consent records can become extremely difficult.
- This is why automation is becoming essential for Medicare agencies.
Who Must Comply With CMS Call Recording Requirements?
Many agents believe these rules only affect large call centers.
That is incorrect.
The compliance scope is much broader.
Which Calls Need Recording?
The most common compliance question is:
"What exactly should be recorded?"
It really depends on the tone and type of conversation.
When uncertainty exists, recording the interaction is generally the safer compliance approach.
State Consent Requirements
- Federal CMS recording rules do not erase state wiretapping laws.
- For some states in the US, one party consent may be sufficient for audio recording, while others require the consent of all parties, so you need to take into account the more strict requirement.
- Those states which are considered all party consent states are: California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington.
- The rest of the states, including Washington D.C., are regarded as one party consent states.
- A practical rule is this: if you sell across state lines, use a consent script and recording notice every time.
- That helps reduce risk when the beneficiary and the agent are in different states with different consent rules.
Penalties for Non Compliance
CMS can take enforcement action when plans or their downstream entities fail to follow Medicare marketing and communication rules.
CMS training guidance says the consequences for inappropriate or prohibited marketing activities can include reporting requirements, disciplinary action, termination, and other contractual consequences.
The risk is not just a fine. Missing recordings can damage your carrier relationships, trigger audits, and create problems with commissions, contracting, and downstream oversight.
The best way to think about this is that recording is evidence. If you cannot produce the file, CMS and carriers may treat the call as if it never met the rule.onpage+1
CMS Call Recording Compliance Checklist
Use this checklist before every Medicare sales or enrollment call:
- Confirm the call is Medicare related and should be recorded.onpage+1
- Turn on automatic recording before the first greeting.play.google+1
- Confirm verbal consent to record at the start of the call.
- Read the required TPMO disclaimer within the first minute.
- Verify the beneficiary understands you are not the government.
- Keep the recording on for the full marketing, sales, or enrollment conversation.onpage+1
- Save the audio from web based calls.onpage+1
- Attach the recording to the beneficiary record in your CRM.
- Store the file securely with access controls.
- Keep the recording for 10 years.onpage+1
- Make the file easy to retrieve for audits or complaints.
- Review missed call reports and fix gaps fast.
A downloadable version of this checklist can be offered as a lead magnet or placed directly on the page as a free resource.
CMS Recording vs HIPAA
CMS recording rules and HIPAA do different jobs. CMS focuses on Medicare marketing, sales, and enrollment conduct, while HIPAA governs the privacy and security of protected health information.onpage+1
If your call includes health details, both sets of obligations can matter at the same time. That is why storage, access control, and retention should be handled as part of one compliance workflow.
How Thunai Helps

Thunai helps Medicare teams automate compliance so agents do not have to rely on manual follow up. Thunai Reflect can monitor calls in real time, flag missed disclosures, and help teams catch compliance gaps before they become audit issues.
Thunai Brain can support agents with verified plan information during the conversation, which reduces the risk of giving incorrect benefit details.
Thunai is also helpful in terms of recording workflows, transcription, and searchable call reviews, making the storage of evidence and retrieval of files much simpler.
If you require additional language capabilities within your agency, Thunai’s multilingual option will help your team manage calls in more than 200 languages.
Book your Thunai demo today and see how effortless CMS call recording compliance can be.
FAQs on CMS Call Recording Requirements
Does CMS require call recording for all Medicare agents?
CMS requires recording of all marketing, sales, and enrollment calls for Medicare Advantage organizations, Part D sponsors, and TPMOs acting on their behalf. Informational calls outside those categories do not need to be recorded.onpage+1
How long must Medicare call recordings be kept?
CMS training guidance says the recordings must be maintained for 10 years.
What happens if a Medicare agent does not record calls?
Disciplinary action, termination, reporting obligations, and many other contract obligations may follow.
Is it necessary for me to notify callers that I am recording their conversation?
Yes, it is necessary since you will have to get consent from callers before the beginning of a call.
Can I store recorded calls in the cloud?
Yes, but only if it is done in a safe manner and if your compliance process will meet all obligations.





.webp)