CCW Vegas

Join us in Las Vegas, June 22–25 for live AI demos, roundtables & 1:1s

Book a 1:1

Table of contents

Reading progress

Summarize this content with AI:

ChatGPTPerplexityGemini

TL;DR

  • Every talk in the chain of enrollment must be recorded from the first hello to the final sign up. This rule covers all phone calls and web meetings where you talk about plan perks or drug costs.
  • Read the script in the first 60 seconds and wait 48 hours after the Scope of Appointment form before you meet. You also need to confirm you have the right to contact the person before the talk starts.
  • The cms call recording requirements say you must keep these files for 10 years in a safe and encrypted way. This is a major duty because you are keeping private health data that needs to stay away from bad actors for a long stay.
  • Thunai checks all calls for you to find missed scripts or bad plan data so you stay in a safe harbor. It also cleans out private facts from the text so you are ready for a check at any time. 

Are you absolutely certain that all Medicare calls made by your agency are completely compliant with CMS regulations? 

For many Medicare agents and agencies, following recording regulations, obtaining consent, and maintaining documentation has become increasingly difficult.A single missed recording or compliance gap can lead to audits, penalties, or carrier issues.

In this blog, we'll break down the latest CMS call recording requirements for 2026, who must comply, potential penalties, and how to build an audit ready compliance process with confidence.

What Are CMS Call Recording Requirements?

  • According to CMS, Medicare plans and Third Party Marketing Organizations (TPMOs), which include independent agents, brokers, and lead generators, are expected to capture all marketing and sales calls in their entirety, including the audio portion of calls made using web based technologies such as Zoom or FaceTime. 
  • These calls should be securely stored in a manner that is HIPAA compliant and should be retained for a minimum of 10 years to ensure that they are accessible in the event of a CMS audit or in response to a complaint from a Medicare beneficiary.

Who must comply (carriers, agents, TPMOs, FMOs)

The reach of the CMS call recording requirements is intentionally broad. CMS defines a TPMO as any organization or individual compensated to perform lead generation, marketing, sales, or enrollment related functions as part of the chain of enrollment. This means:  

  • Independent Agents and Brokers: Even if you are a solo practitioner, you are a TPMO. There is no small business exemption for these rules.  
  • Captive Agents: Agents working directly for a single carrier must adhere to the same recording standards.
  • FMOs and Agencies: Large organizations must provide the infrastructure and oversight to ensure their downstream agents are compliant.  
  • Lead Vendors: Any firm that collects beneficiary data for the purpose of selling it to an agent must record the initial outreach that established the permission to contact.

When the requirements apply

The mandate is triggered by the content of the conversation, not just the intent to enroll. If your discussion could influence a beneficiary's decision regarding a Medicare Advantage or Part D plan, the CMS call recording requirements apply.  

  • Marketing & Education: Explaining plan features, star ratings, or comparing two different Medicare Advantage plans.
  • Needs Assessments: Asking a beneficiary about their doctors, current medications, or monthly budget.
  • Enrollment: The actual telephonic application process.
  • Retention: Retention marketing, or calls intended to persuade a client to stay with their current plan, must also be recorded.

Purely administrative calls, such as those made solely to schedule an in person appointment or to confirm a mailing address, do not strictly require recording. However, from a CEO’s perspective, I recommend recording every call. 

A simple scheduling call can instantly turn into a marketing discussion if the client asks, Wait, does my doctor still take this plan? At that moment, the CMS call recording requirements go into effect, and if you aren't already recording, you are in violation.  

Why CMS Call Recording Compliance Matters More Than Ever

The market for Medicare Advantage plans is still expanding quickly.

There are millions of beneficiaries who depend on the services of agents and brokers to help them navigate through the plans’ intricacies.

More enrollment means more regulation.

CMS has increased scrutiny of:

  • Marketing practices
  • Beneficiary communications
  • TPMO activities
  • Enrollment conduct
  • Documentation processes

The result is simple.

  • If an auditor asks for proof of what happened during a sales interaction, your organization must be able to provide it quickly.
  • Compliance is no longer a back office function.
  • It is now a business survival requirement.

2026 CMS Call Recording Rule: What Changed?

CMS has continued strengthening oversight of Medicare marketing and enrollment activities through updates to Medicare Communications and Marketing Guidelines (MCMG) and regulations governing Medicare Advantage and Part D organizations.

Several requirements remain especially important in 2026.

1. Greater Accountability for Medicare Sales Conversations

  • CMS expects organizations to maintain documentation supporting beneficiary interactions.
  • This includes conversations that influence enrollment decisions, plan comparisons, benefit discussions, and marketing activities.
  • The objective is transparency.
  • CMS wants a verifiable record showing what information was provided to beneficiaries and whether marketing practices followed approved standards.

2. Extended Record Retention Expectations

Organizations participating in Medicare sales activities must maintain records for extended periods.

For many organizations, retention obligations can extend to 10 years depending on regulatory and contractual requirements.

Records may include:

  • Call recordings
  • Enrollment records
  • Scope of Appointment forms
  • Consent documentation
  • Marketing materials
  • Agent communications

3. Increased TPMO Oversight

Third Party Marketing Organizations remain one of CMS's primary enforcement priorities.

TPMOs include:

  • Independent agents
  • Agencies
  • FMOs
  • Lead generators
  • Enrollment vendors
  • Call centers

Organizations are expected to maintain stronger documentation and oversight procedures than ever before.

4. Faster Audit Response Requirements

  • When CMS investigates a complaint, organizations must often provide supporting documentation quickly.
  • Without a centralized compliance process, finding recordings, transcripts, and consent records can become extremely difficult.
  • This is why automation is becoming essential for Medicare agencies.

Who Must Comply With CMS Call Recording Requirements?

Many agents believe these rules only affect large call centers.

That is incorrect.

The compliance scope is much broader.

Organization Must Comply?
Medicare Advantage Plans Yes
Medicare Part D Sponsors Yes
TPMOs Yes
FMOs Yes
Independent Agents Yes
Captive Agents Yes
Lead Vendors Often
Enrollment Centers Yes
Medicare Advantage Plans
Must Comply? Yes
Medicare Part D Sponsors
Must Comply? Yes
TPMOs
Must Comply? Yes
FMOs
Must Comply? Yes
Independent Agents
Must Comply? Yes
Captive Agents
Must Comply? Yes
Lead Vendors
Must Comply? Often
Enrollment Centers
Must Comply? Yes

Which Calls Need Recording?

The most common compliance question is:

"What exactly should be recorded?"

It really depends on the tone and type of conversation.

Call Type Recording Recommended Retention Required
Enrollment Calls Yes Yes
Medicare Sales Calls Yes Yes
Marketing Calls Yes Yes
Benefit Discussions Yes Yes
Plan Comparison Calls Yes Yes
Agent Training Calls Internal Policy Internal Policy
Team Meetings Internal Policy Internal Policy
Scheduling Calls Best Practice Best Practice
Enrollment Calls
Recording Recommended Yes
Retention Required Yes
Medicare Sales Calls
Recording Recommended Yes
Retention Required Yes
Marketing Calls
Recording Recommended Yes
Retention Required Yes
Benefit Discussions
Recording Recommended Yes
Retention Required Yes
Plan Comparison Calls
Recording Recommended Yes
Retention Required Yes
Agent Training Calls
Recording Recommended Internal Policy
Retention Required Internal Policy
Team Meetings
Recording Recommended Internal Policy
Retention Required Internal Policy
Scheduling Calls
Recording Recommended Best Practice
Retention Required Best Practice

When uncertainty exists, recording the interaction is generally the safer compliance approach.

State Consent Requirements

  • Federal CMS recording rules do not erase state wiretapping laws. 
  • For some states in the US, one party consent may be sufficient for audio recording, while others require the consent of all parties, so you need to take into account the more strict requirement.
  • Those states which are considered all party consent states are: California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington. 
  • The rest of the states, including Washington D.C., are regarded as one party consent states.
  • A practical rule is this: if you sell across state lines, use a consent script and recording notice every time. 
  • That helps reduce risk when the beneficiary and the agent are in different states with different consent rules.

Penalties for Non Compliance

CMS can take enforcement action when plans or their downstream entities fail to follow Medicare marketing and communication rules. 

CMS training guidance says the consequences for inappropriate or prohibited marketing activities can include reporting requirements, disciplinary action, termination, and other contractual consequences.

The risk is not just a fine. Missing recordings can damage your carrier relationships, trigger audits, and create problems with commissions, contracting, and downstream oversight.

The best way to think about this is that recording is evidence. If you cannot produce the file, CMS and carriers may treat the call as if it never met the rule.onpage+1

CMS Call Recording Compliance Checklist

Use this checklist before every Medicare sales or enrollment call:

  • Confirm the call is Medicare related and should be recorded.onpage+1
  • Turn on automatic recording before the first greeting.play.google+1
  • Confirm verbal consent to record at the start of the call.
  • Read the required TPMO disclaimer within the first minute.
  • Verify the beneficiary understands you are not the government.
  • Keep the recording on for the full marketing, sales, or enrollment conversation.onpage+1
  • Save the audio from web based calls.onpage+1
  • Attach the recording to the beneficiary record in your CRM.
  • Store the file securely with access controls.
  • Keep the recording for 10 years.onpage+1
  • Make the file easy to retrieve for audits or complaints.
  • Review missed call reports and fix gaps fast.

A downloadable version of this checklist can be offered as a lead magnet or placed directly on the page as a free resource.

CMS Recording vs HIPAA

CMS recording rules and HIPAA do different jobs. CMS focuses on Medicare marketing, sales, and enrollment conduct, while HIPAA governs the privacy and security of protected health information.onpage+1

Topic CMS Recording Rules HIPAA
Main Focus Medicare marketing, sales, and enrollment calls Protected health information
What It Requires Record required calls and retain them properly Protect privacy, access, and disclosure
Why It Matters CMS audits and carrier oversight Privacy and security compliance
Main Focus
CMS Recording Rules Medicare marketing, sales, and enrollment calls
HIPAA Protected health information
What It Requires
CMS Recording Rules Record required calls and retain them properly
HIPAA Protect privacy, access, and disclosure
Why It Matters
CMS Recording Rules CMS audits and carrier oversight
HIPAA Privacy and security compliance

If your call includes health details, both sets of obligations can matter at the same time. That is why storage, access control, and retention should be handled as part of one compliance workflow.

How Thunai Helps

Thunai helps Medicare teams automate compliance so agents do not have to rely on manual follow up. Thunai Reflect can monitor calls in real time, flag missed disclosures, and help teams catch compliance gaps before they become audit issues.

Thunai Brain can support agents with verified plan information during the conversation, which reduces the risk of giving incorrect benefit details.

Thunai is also helpful in terms of recording workflows, transcription, and searchable call reviews, making the storage of evidence and retrieval of files much simpler. 

If you require additional language capabilities within your agency, Thunai’s multilingual option will help your team manage calls in more than 200 languages.

Book your Thunai demo today and see how effortless CMS call recording compliance can be.

FAQs on CMS Call Recording Requirements

Does CMS require call recording for all Medicare agents?

CMS requires recording of all marketing, sales, and enrollment calls for Medicare Advantage organizations, Part D sponsors, and TPMOs acting on their behalf. Informational calls outside those categories do not need to be recorded.onpage+1

How long must Medicare call recordings be kept?

CMS training guidance says the recordings must be maintained for 10 years.

What happens if a Medicare agent does not record calls?

Disciplinary action, termination, reporting obligations, and many other contract obligations may follow.

Is it necessary for me to notify callers that I am recording their conversation?

Yes, it is necessary since you will have to get consent from callers before the beginning of a call.

Can I store recorded calls in the cloud?

Yes, but only if it is done in a safe manner and if your compliance process will meet all obligations.

Jegan Selvaraj is the CEO of Thunai AI, Entrans Inc, and Infisign Inc, with a career spanning enterprise AI, agentic AI, and workforce identity. A tech serial entrepreneur and angel investor, he brings product engineering depth and a founder's instinct for solving real enterprise problems at scale.

Let AI Handle the Busywork.

Try Thunai yourself with a 16-day free trial

Get Started for Free
Get Started