Protection Architects · Compliance

Compliance Reference

TCPA, CMS, HIPAA, state rules — everything you need to stay clean and keep your license.

Call Window

8am – 8:30pm

Local time in prospect's state. No exceptions.

Consent Records

5 Years

Keep all TCPA consent documentation for 5 years minimum.

Recording Disclosure

Every Call

"This call may be recorded" — required on every single call.

Medicare SOA

48 Hours

Scope of Appointment must be completed 48 hrs before Medicare sales call.

TPMO Disclaimer

Required

Must be read on all Medicare calls. Script is in the Medicare section.

E&O Insurance

$1M / $1M

Minimum $1M per occurrence / $1M aggregate. COI on file with PIC.

📱

TCPA Consent Requirements

Telephone Consumer Protection Act — the most important compliance rule you have

Required

What TCPA Requires

Before contacting any lead via phone, text, or autodialer, you must have documented prior express written consent from that person. This means they opted in knowing they would receive calls/texts about insurance products.

✅ What You MUST Have

Written consent with date, time, and IP address logged
Consent language that specifically mentions insurance calls/texts
Opt-in checkbox that was NOT pre-checked
Statement that consent is not required to receive service
Records kept for minimum 5 years
Consent verified before first contact on every lead

❌ What You CANNOT Do

Call leads where you cannot document consent
Use a pre-checked consent box on any form
Require consent as a condition of service
Contact anyone on the National DNC Registry without consent
Call before 8am or after 8:30pm local time
Continue calling after someone requests to be on your internal DNC

Penalty: TCPA violations carry fines of $500–$1,500 per call/text. Class action lawsuits are common. This is the #1 legal risk in telesales. PIC requires full TCPA compliance — any violation is grounds for immediate termination.

📝

Compliant Opt-In Language

Exact language required on all lead capture forms

Required

Required Form Language

"By checking this box (optional), I agree to receive SMS text messages and phone calls from Priority Insurance Concepts at the number provided above. Message and data rates may apply. I understand this consent is not required to receive a quote or purchase insurance. Reply STOP to opt out at any time."

Rules for the Checkbox

Checkbox must be unchecked by default
Checkbox must be optional — form submits without it
Language must say "consent is not required"
Must include opt-out instructions (STOP)
Must specify the business name

SMS Opt-In Confirmation Message

"You're confirmed for SMS updates from Priority Insurance Concepts. Msg & data rates may apply. Reply STOP to cancel, HELP for help."

⏰

Calling Hours — State by State

8am–8:30pm local time in the prospect's state — always

Critical

PIC Time Zone Rules (n8n Enforced)

State	Time Zone	Call Window (Local)	Call Window (Las Vegas)
Virginia (VA)	America/New_York (ET)	8:00am – 8:30pm ET	5:00am – 5:30pm PT
North Carolina (NC)	America/New_York (ET)	8:00am – 8:30pm ET	5:00am – 5:30pm PT
South Carolina (SC)	America/New_York (ET)	8:00am – 8:30pm ET	5:00am – 5:30pm PT
Texas (TX)	America/Chicago (CT)	8:00am – 8:30pm CT	6:00am – 6:30pm PT
Nevada (NV)	America/Los_Angeles (PT)	8:00am – 8:30pm PT	8:00am – 8:30pm PT

Important: These windows are enforced in all n8n automation workflows. AVA will not dial outside these windows. However, if you are manually dialing, you are personally responsible for checking the time in the prospect's state before calling.

🏛️

CMS / TPMO Requirements

PIC operates as a Third Party Marketing Organization — these rules are non-negotiable

Required

TPMO Disclaimer — Read on Every Medicare Call

"We do not offer every plan available in your area. Currently we represent [number] organizations which offer [number] products in your area. Please contact Medicare.gov, 1-800-MEDICARE, or your local State Health Insurance Program (SHIP) to get information on all of your options."

This disclaimer is required by CMS on ALL Medicare sales and marketing calls. If you skip this, you are out of compliance. Period.

Scope of Appointment (SOA)

SOA must be completed at least 48 hours before a Medicare Advantage or Part D sales appointment
SOA must be documented — PIC uses GHL forms for this
You may only discuss products that were listed on the SOA
Exception: walk-in appointments and the beneficiary requests the meeting

Medicare Marketing Rules

Do NOT call Medicare beneficiaries without a documented lead or referral
Do NOT conduct sales at educational events
Do NOT use the Medicare name/logo in misleading ways
Do NOT claim to be calling from Medicare or the government
Do NOT market door-to-door or in common areas of care facilities
Do NOT send unsolicited emails or texts about Medicare plans

Annual Requirements

Complete AHIP certification annually before AEP (typically July)
Complete all required carrier certifications annually
Maintain active appointments with all carriers you sell

📅

Medicare Enrollment Periods

Know when you can and cannot enroll clients

Reference

Period	Dates	What's Allowed
Initial Enrollment Period (IEP)	3 months before / month of / 3 months after 65th birthday	Any Part A, B, C, D plan
Annual Enrollment Period (AEP)	Oct 15 – Dec 7	Switch MA plans, add/drop Part D
Open Enrollment Period (OEP)	Jan 1 – Mar 31	Switch MA plans once
Special Enrollment Period (SEP)	Triggered by qualifying event	Varies by SEP type
Med Supp Open Enrollment	6 months after Part B effective	Any Med Supp, no underwriting

🔒

HIPAA — Health Information Privacy

Protecting client health information — required by federal law

Required

What is PHI (Protected Health Information)

Any health information that can identify a specific person — including names combined with health conditions, diagnoses, medications, medical history, or treatment information collected during the sales process.

✅ What You Must Do

Keep all client health information strictly confidential
Only share PHI with carriers as required for underwriting
Use PIC-approved systems (GHL, Airtable) — never personal email or notes apps
Lock your device when not in use
Report any suspected data breach to Jason immediately

❌ What You Cannot Do

Share client health information with anyone not involved in their coverage
Discuss client health details in public places
Store health information in unencrypted personal files
Use client information for any purpose other than their insurance
Leave client information visible on screen in public

Penalty: HIPAA violations range from $100 to $50,000 per violation with a maximum of $1.9M per year for repeated violations. Criminal penalties include up to 10 years imprisonment for intentional misuse.

🗺️

PIC Active States — Rules & Requirements

VA, NC, SC, TX, NV — know the rules for each state you work

Reference

State	License Required	Key Rules	Priority
Virginia (VA)	Life & Health	Two-party consent for recordings. 8am–9pm call window (state rule, PIC uses 8:30pm).	Priority
North Carolina (NC)	Life & Health	One-party consent for recordings. Standard TCPA rules apply.	Priority
Texas (TX)	Life & Health	One-party consent. State DNC list in addition to federal. High volume market.	Volume
Nevada (NV)	Life & Health	One-party consent. PIC home state. Standard federal rules.	Supplemental
South Carolina (SC)	Life & Health	One-party consent. Pending scale — apply same standards as NC.	Pending Scale

Virginia Two-Party Consent: In VA, all parties must consent to being recorded. Your recording disclosure at the start of every call ("this call may be recorded") handles this — but you must get their verbal acknowledgment before proceeding. If they object to recording, you may not record that call.

🎙️

Recording Requirements

All calls must be recorded — no exceptions

Required

PIC Recording Policy

ALL phone-based marketing, sales, and enrollment calls must be recorded
ALL video closes (Whereby) must be recorded and stored
Recording disclosure required at the start of every call
Recordings stored in R2 and accessible for audit at any time
Unrecorded business may result in forfeiture of commissions

Required Disclosure — Every Call

"Thank you for calling [department] at Priority Insurance Concepts — this is [Your Name]. Just so you know, this call may be recorded for quality and training purposes."

Virginia — Two-Party Consent Additional Step

"Before we get started — do I have your consent to record this call for quality purposes?"

In VA only — if the prospect says no, you cannot record. Proceed with the call unrecorded and note it in GHL. Do not proceed with an application on an unrecorded VA call without documenting the refusal.

🚫

Do Not Call (DNC) Requirements

Federal and internal DNC — both must be honored

Required

National DNC Registry

You cannot call numbers on the National DNC Registry unless you have prior express written consent from that specific number. PIC scrubs all purchased leads against the DNC registry before distribution.

Internal DNC — Immediate Action Required

If a prospect says "don't call me" or "put me on your do not call list" — stop the call immediately
Add the DNC tag in GHL immediately after the call
Never call or text that number again from any PIC system
Internal DNC requests must be honored within 30 days (PIC honors immediately)

Script — When Someone Requests DNC

"Absolutely — I'll make sure you're added to our do not contact list right now and we will not reach out again. I apologize for any inconvenience. Have a good day."

Texas State DNC

Texas maintains its own state DNC list in addition to the federal registry. TX leads must be scrubbed against both the federal and Texas state DNC lists before contact.

Penalty: Violating DNC rules carries fines up to $43,792 per call (federal) and additional state penalties. Three violations can result in license revocation.