6 Step Checklist for Medicare & ACA Compliance

Think compliance is something you can worry about later? Think again.

When AEP and OEP season hits, health insurance agents don’t just sell—they document, track, and follow CMS rules to the letter. And in 2025, the stakes (and scrutiny) are higher than ever.

Let’s break down some things that can help you to stay compliant and confident, without getting buried in red tape.

Why Compliance Matters More Than Ever in 2025

CMS continues to tighten up its oversight of Medicare Advantage and Original Medicare marketing activities—and agents who aren’t prepared can face costly consequences. From stricter call recording rules to more robust documentation of scopes of appointment (SOAs), it’s critical that your systems and strategy are locked in well before October rolls around.

Luckily, staying on the right side of CMS doesn’t mean working harder—it just means working smarter.

Your 2025 Medicare & ACA Compliance Checklist

Use this step-by-step guide to prepare for the season ahead and protect your clients and your license.

1. Complete Your Certifications Early

• AHIP Medicare Training – Most agents complete this as a prerequisite to sell MA and Part D plans.

• Carrier-Specific Certifications – Humana, UHC, Aetna, and others typically release certs between July and September. Start checking carrier portals now.

• FFM (Federally Facilitated Marketplace) Certification – Required to sell ACA plans on the Marketplace.

• Make sure you're up to date on any state-specific training or license requirements where you sell plans.

  Pro Tip: Use your CRM or project management tool to log certification completions and flag due dates for re-certification.

2. Understand the Latest CMS Rules

CMS rules for 2025 come with increased oversight and a strong focus on transparency and documentation. Stay in the loop with these latest updates:

• Call Recording Requirements – All sales and marketing calls related to MA/Part D must be recorded and stored for 10 years (CMS Guidelines).

• 48-Hour Scope of Appointment Rule – You must collect SOAs at least 48 hours before a Medicare marketing appointment (with some exceptions).

• Prohibition of Door-to-Door Cold Calls – Agents may not make unsolicited visits to a potential enrollee's residence.

• Event Restrictions – Informal events must remain educational; no marketing or plan-specific discussions are allowed.

• Disclaimer Language – Be sure your marketing materials (emails, social posts, flyers) include updated disclaimers when discussing Medicare Advantage plans.

• Third-Party Marketing Organization (TPMO) Oversight – If you’re working through an FMO or lead vendor, you must ensure they are registered with CMS and comply with the same call recording and disclaimer rules.

 Quotit’s platform can record calls, store e-SOAs, and helps to keep everything audit-ready.

3. Audit Your SOA and Compliance Processes

Ask yourself:

• Are you collecting SOAs digitally and securely?

• Do you have an automated timestamp for each SOA?

• Are you storing them in a way that’s easily accessible for 10+ years?

• Are you confirming the 48-hour SOA rule is consistently followed?

• Do you have a clear internal process for verifying SOA compliance before each Medicare marketing appointment?

• Are your agents trained on how to properly request, document, and follow up on SOAs?

If you're doing this manually, it's time to automate. Platforms like Quotit allow you to collect SOAs via email or text, automatically log time/date stamps, and file them securely —assisting you in staying compliant and audit-ready without the chaos.

4. Update Your Marketing & Outreach Materials

Now’s the time to review:

• Email templates

• Website content

• Print flyers

• Social media posts

Make sure everything is:

• Free from misleading claims

• Clearly labeled (e.g., "Not affiliated with the U.S. government")

• Featuring required disclaimer copy

Bookmark CMS’s full 2025 Medicare Communications and Marketing Guidelines and check your templates now.

5. Stay Compliant with Under-65 & Supplemental Sales

While CMS governs Medicare compliance, under-65 product lines like ACA, dental, vision, and supplemental plans come with their own rules and state-level oversight. Here are a few tips to help you with compliance:

• Review state-specific marketing rules for ACA and off-exchange plans.

• Always verify licenses and appointment statuses with each carrier.

• Avoid steering language or product comparisons without proper disclaimers.

• Ensure your quote presentations are accurate and include all applicable plan details.

• Use digital tools to securely store consent records, applications, and audit trails.

Remember, even if CMS doesn't regulate ACA marketing directly, state DOIs do—and penalties can be steep. Double-check your multi-line compliance strategy.

6. Use Technology to Simplify Compliance

You shouldn’t have to choose between staying compliant and staying productive. With the right software, you can:

• Automate call recordings

• Track and store SOAs

• Keep certification records up to date

• Schedule and segment compliant outreach

Quotit helps you to do all of the above—without leaving your workflow.

Compliance Isn’t Just a Box to Check

Compliance isn’t the most exciting part of AEP/OEP prep—but it’s non-negotiable. The good news? A few smart systems now can save you a ton of stress later.

Whether you’re a solo agent or managing a team, use this checklist to help protect your business, build trust with your clients, and hit your goals with confidence.

Want a tool that helps you stay helps you stay compliant without the headache? Schedule a demo to see how Quotit makes compliance a breeze.