Consent & TCPA
The $990K Lead-Vendor Mistake: You Own the Calls You Buy
Health Insurance Associates LLC didn't make a single one of the calls that cost it $990,000. Its lead vendor did. Under the TCPA, that distinction didn't save it — and it usually won't save you either.
Updated July 2026
The short answer
The Telephone Consumer Protection Act (TCPA) lets a buyer of leads be held liable for calls a vendor made on its behalf, under a legal theory called vicarious liability. A small Florida Medicare agency learned this the expensive way — a $990,000 class settlement over calls its lead vendor placed to numbers on the Do-Not-Call registry. Statutory damages run $500 to $1,500 per call, uncapped, and insurance is one of the most-sued verticals under this law. Documented, per-lead consent isn’t paperwork overhead — it’s the only real defense.
The case: a small agency, a vendor's calls, a $990,000 bill
Health Insurance Associates LLC was not a national call center — it was a Florida-based Medicare agency operating at a scale plenty of readers here will recognize. According to the class action settlement summary, the underlying claim was that a lead vendor the agency used — Leads Mogul — placed telemarketing calls to numbers on the National Do-Not-Call Registry, then warm-transferred those calls to Health Insurance Associates’ agents. The agency settled the resulting TCPA class action for $990,000.
The agents on those transferred calls didn’t place the offending calls. They received a warm transfer — a call that had already been placed, already connected, and was simply handed to them mid-conversation. That distinction did not insulate the agency from liability.
Why 'my vendor made the call, not me' doesn't work
The TCPA doesn’t require you to have dialed the phone yourself to be liable for a call. Courts apply vicarious liability — ordinary agency-law principles that ask whether the vendor was acting on your behalf, under your apparent authority, or with your ratification, even if you never touched the phone.
The case that put this on the map at scale is Krakauer v. DISH Network. A jury found DISH liable for roughly $61 million — later affirmed by the Fourth Circuit in 2019 — entirely for calls made by a third-party retailer, not DISH itself. DISH didn’t dial a single one of the calls at issue. It was still on the hook because the retailer was acting as its agent. A second appellate decision, Bilek v. Federal Insurance(7th Circuit, 2021), reinforced the same principle in a different fact pattern: buying leads or transfers from a vendor doesn’t create legal distance from what that vendor does to generate them.
The math that makes this an existential number, not a cost of doing business
TCPA statutory damages run $500 per violation, and treble to $1,500 per violation if the violation is found willful or knowing — and there’s no cap on the number of violations in a class action. A single vendor running an aggressive dialing campaign against a Do-Not-Call list can generate thousands of violations before anyone notices. Do the multiplication once and it’s obvious why a $990,000 settlement came out of a lead-buying relationship, not a courtroom fight over a single disputed call.
- •$500 per call — the baseline statutory damage, with no need to prove actual financial harm to the recipient.
- •Up to $1,500 per call — if the calls are found willful or knowing.
- •No cap on total violations — a class of a few thousand improperly called numbers turns a per-call number into a seven-figure exposure fast.
Why insurance keeps showing up in this litigation
This isn’t a fluke risk that happened to land on one Florida agency. Litigation trackers consistently place insurance among the most-sued verticals under the TCPA — roughly 28% of federal TCPA filings by some estimates, according to aggregated TCPA lawsuit statistics. That figure comes from litigation-tracking data, not a government agency, so treat it as an industry-reported estimate rather than an official count — but it’s directionally consistent with how much of this litigation names insurance defendants specifically. The reason isn’t mysterious: Medicare and other insurance sales rely heavily on third-party-generated leads and warm transfers, which is exactly the fact pattern that creates vicarious liability exposure.
It's not just the agency — individual agents have been named personally
The exposure doesn’t stop at the entity level. In Matthews v. Senior Life (E.D. Va., 2025), an individual insurance agent was personally named as a defendant in a TCPA class action for accepting a warm transfer — and the court denied the agent’s motion to dismiss. That means the case proceeded against the individual, not just the agency employing them. If you’re an agent who takes transferred calls without knowing how the lead upstream was generated, this is the fact pattern that names you specifically, not just your employer.
This niche attracts serial plaintiffs, not just one-off complaints
TCPA litigation in this space isn’t only opportunistic beneficiaries who happened to get a call they didn’t want. Some plaintiffs file TCPA suits repeatedly, professionally, specifically trawling for violations in verticals — insurance among them — where third-party lead generation is common and documentation is often thin. That changes the risk calculus: you’re not just exposed to one angry consumer. You’re exposed to plaintiffs whose business model is finding exactly this gap.
What actually protects you: documented consent, not a vendor's word
None of the cases above turn on whether the agency believed its vendor was compliant. They turn on whether documented, recipient-specific consent existed for the specific call at issue. “The vendor told us their leads were TCPA-compliant” is not a defense a court credits on its own — it’s a claim, and claims aren’t evidence.
- Get and keep documented consent per lead— not a vendor’s blanket assurance that their list is “TCPA-compliant,” but a retrievable, timestamped consent record tied to the specific number called.
- Keep a lead-source paper trail— which vendor, which campaign, which date — so you can answer “where did this lead come from” in minutes if a complaint or subpoena arrives.
- Don’t accept warm transfers blind — Matthews v. Senior Life shows the transfer-receiving agent can be named personally; know how the call in front of you was generated before you take it.
- Scrub against the Do-Not-Call registry independently— don’t outsource that check entirely to a vendor whose incentive is volume, not your liability.
This is the same documentation discipline that determines whether a complaint against your agency escalates or closes quietly — see the full enforcement chain from complaint to termination. And it’s the exact defense a federal appeals court just credited in a 2026 ruling — see how documented vendor oversight won a TCPA case outright.
What this doesn't mean
This isn’t an argument to stop buying leads or transfers — that’s most of the industry’s acquisition model and it isn’t going away. It’s an argument that the documentation has to exist on your side of the relationship, not just the vendor’s, because when a plaintiff’s attorney or a class action names your agency, “ask the vendor” is not going to be a fast enough answer.
See this on your own numbers
ClaimFlow ties every recorded, SOA-timestamped call to the lead source and the commission it produced — compliance record and ROI answer from the same log. Founding members get 50% off setup and a rate locked for life.
Sources
- Top Class Actions — Health Insurance Associates $990K TCPA settlement summary
- Troutman Pepper — Fourth Circuit affirms $61M vendor-liability verdict, Krakauer v. DISH
- Claim.supply — TCPA lawsuit statistics, insurance-vertical share (litigation-tracker data)
- National Law Review — Matthews v. Senior Life, individual agent named personally
- ActiveProspect — serial TCPA plaintiffs targeting lead-generation-heavy verticals