Medicare’s one to one consent rules have become increasingly more complex in recent years. Both the Centers for Medicare & Medicaid Services (CMS) and the Federal Communications Commission (FCC) have imposed rules to safeguard consumers.
One-to-One Consent
One-to-one consent refers to requirements that each individual must provide consent for specific interactions, particularly with regard to healthcare and telecommunication interactions.
At its core, “one-to-one consent” means each individual interaction requires separate and specific consent. This applies to businesses that gather, use, or share personal information, which includes sensitive data related to healthcare or communication preferences. For organizations subject to CMS and FCC rules, failure to obtain the correct form of consent can lead to penalties, litigation, or loss of trust with clients and consumers.
For CMS, consent standards often pertain to healthcare communications. CMS oversees programs like Medicare and Medicaid, its regulations ensure that beneficiaries’ personal health information is protected and that there is explicit consent before using or sharing it.
The FCC and consent
In general, the FCC regulations focus on telecommunications and includes phone calls, texts and email communications. The FCC requires individuals to give permission before a company can contact them for marketing purposes.
The FCC’s regulation on consent comes from the Telephone Consumer Protection Act (TCPA), is in place to prevent unsolicited robocalls, telemarketing, and other unwanted communications. The TCPA mandates that individuals must provide prior express consent before businesses or organizations contact them via certain channels, including:
Telemarketing calls require written consent if they’re automated or involve a pre-recorded message. For non-telemarketing calls, prior express consent is sufficient, but it must be clear and documented.
Text Messaging follows the same standards as calls; organizations need explicit consent to send promotional or transactional messages.
Learn how to manage your book of business
The TCPA incorporates the Do-Not-Call registry requirements and allows individuals to opt-out of telemarketing calls.
The TCPA allows consumers to revoke consent at any time. It must be easy for the consumer to opt out and honored immediately by the organization. Non-compliance can result in fines or lawsuits. The increased use of automated dialing systems makes it more important for businesses to ensure they follow the regulations closely.
The CMS and consent
Due to concerns about patient privacy and data security, CMS consent requirements are even more strict. In particular, the Health Insurance Portability and Accountability Act (HIPAA) plays a significant role in setting the privacy standards enforced by CMS. HIPAA requires protected health information (PHI) be treated with a high level of confidentiality, and patients give specific consent for each use or disclosure of their PHI.
Any provider, organization or individual under CMS jurisdiction must have documented consent for communications to share personal information with third parties, except under certain treatment or operational exceptions.
Anyone using digital communication (emails, texts, or calls) must obtain explicit consent to do so.
Individuals must have the right to withdraw (opt out) their consent to communications. CMS requires those who contact potential clients to clearly explain how to revoke consent, usually through a simple opt-out option or written request.
Additionally, CMS enforces the need for clear explanations regarding what individuals are consenting to. This ensures no information is hidden in fine print or hard-to-understand language.
How FCC and CMS regulations differ
FCC Regulations primarily focus on consumer privacy in communication channels for marketing or solicitation purposes. The purpose is to avoid unwelcome communications and provide consumers control over who can contact them. The new FCC rules go into effect as of January 27, 2025.
CMS Regulations focus more on healthcare privacy, ensuring that information remains private and that individuals are fully aware of and agree to any sharing of their data.
Impact on Businesses and Consumers
One-to-one consent regulations are essential for both protecting consumers and clarifying business obligations. This empowers Individuals to make informed decisions about their private data. For telecommunication, consumers benefit from reduced unsolicited marketing and better control over their contact preferences.
For businesses, these regulations require meticulous record-keeping, clear communication protocols, and potentially, investment in new technology to capture, document, and manage consent. Companies that fail to comply face financial penalties and potential legal action, but more importantly, they risk damaging their relationship with consumers.
How this effects agents
After October 1, 2024, agents who make outbound calls can only contact leads that need provide a CMS-compliant One-to-One consent.
Lead companies that supply inbound warm transfers must have written consent from the consumer. They can also get a real-time one-time verbal consent to transfer the call to another TPMO. Please note: the verbal consent must be recorded clearly state the TPMO’s name. A generic permission to transfer is not acceptable.
Learn how to choose the right type of lead
The CMS rule restricts sharing consumer information with affiliates or other entities without prior written consent from the consumer.
What about inbound calls
This rule does not apply to direct inbound calls.
Agents who use Medicare leads
Agents using Medicare leads must be sure their lead company has recorded written consent specifically in your name for the warm transfer.
Leave a Comment