CMS Rules
The TPMO Disclaimer Rule Just Changed — Most Scripts Haven’t Caught Up
A timing rule this specific gets buried in a 400-page final rule, but it changes exactly where your agents have to speak on every call — and it took effect for the CY2027 marketing season.
Updated July 2026
The short answer
The old rule said read the TPMO disclaimer within the first 60 seconds of the call, no exceptions. The CY2027 Final Rule replaces that with a content-based trigger: the disclaimer must be read before any discussion of benefits begins, whenever that happens. A call can run three minutes of small talk and demographic questions before the disclaimer is required — but the moment benefits come up, it’s too late to say it after the fact.
The old rule: 60 seconds, no exceptions
For several contract years, CMS required TPMOs (third-party marketing organizations — any outside entity that markets or sells Medicare Advantage or Part D plans on a carrier’s behalf) to read a standard disclaimer within the first 60 seconds of a marketing or sales call. It named the entity, made clear it doesn’t represent every plan, and pointed the beneficiary to Medicare.gov, 1-800-MEDICARE, or a State Health Insurance Assistance Program.
The 60-second clock was easy to build a QA process around: pull the timestamp, check if the disclaimer landed before :60, pass or fail. It was also disconnected from what actually happened on the call. A fast-talking agent could read the disclaimer at second 40 and jump straight into benefits. A slower call — one that opened with ID verification or small talk — could blow past :60 before benefits ever came up, and still get flagged as non-compliant on a technicality.
The new rule: before benefits, whenever that is
The CY2027 Final Rule drops the fixed clock and replaces it with a content trigger: the disclaimer has to be read before any discussion of benefits begins. There’s no time limit — the requirement is about sequence, not seconds.
CMS clarified what does and doesn’t count as “discussing benefits”:
- •Basic demographic intake — confirming name, date of birth, ZIP code — is not a benefits discussion, and can happen before the disclaimer.
- •A passing mention of a benefit is not automatically a full “discussion” of it — CMS drew the line at substantive plan-benefit conversation, not any use of the word.
- •If a call never reaches benefits at all — a callback that turns into a request to transfer, a call that disconnects during intake — CMS does not expect the disclaimer to have been read.
In practice: the disclaimer trigger moved from a stopwatch to a script checkpoint. Your agents need to know exactly where in the conversation flow “benefits” starts, because that’s now the line that matters — not the clock on the wall.
Why this matters operationally
A 60-second rule and a before-benefits rule produce different failure modes, and your scripts and QA process need to catch the new one.
- •A call that spends its first three minutes on rapport, ID verification, or answering a beneficiary’s unrelated question can legally delay the disclaimer well past :60 — as long as benefits haven’t come up yet.
- •A call that jumps into benefits at second 20 needs the disclaimer at second 20, not at :60. The old rule would have called that compliant; the new rule calls it a violation if the disclaimer came after the pitch started.
- •QA can no longer just check “was the disclaimer read before :60.” It has to check sequence: did the disclaimer come before the first substantive mention of a specific plan’s benefits, regardless of when that happened.
Older content is still teaching the 60-second version
A lot of scripts, training decks, and QA rubrics still in circulation reference the old 60-second checkpoint, because that was the rule for years and it’s a simple thing to train. That content isn’t wrong about history — it’s wrong about the current rule. If your call center’s onboarding materials, dialer prompts, or QA scorecards still say “disclaimer by :60,” that’s the pattern to look for and correct, regardless of where the material came from.
How to rewrite your script and QA checklist
Three changes cover most of the rework:
- 1Move the disclaimer trigger in your script from a timestamp to a checkpoint — immediately before the first line that references a specific plan’s benefits, premium, or coverage.
- 2Retrain agents on the distinction between intake conversation and benefits conversation, using CMS’s own examples: demographic questions and small talk are fine before the disclaimer; naming a specific benefit is not.
- 3Update your QA scorecard to flag sequence violations — disclaimer-after-benefits — instead of a hard :60 cutoff. A call where the disclaimer lands at 2:15 is compliant if benefits didn’t come up until 2:16.
- Call script updated to trigger the disclaimer on content, not a timer
- Agent training refreshed with CMS’s intake-vs-benefits examples
- QA scorecard rewritten to check sequence, not a 60-second timestamp
- A sample of recent calls re-reviewed under the new standard before AEP volume hits
What happens if the timing is missed
A missed or late disclaimer is a documentation and audit problem before it’s anything else. If CMS or a carrier requests call records during an audit and the disclaimer landed after benefits were already being discussed, that call reads as non-compliant — and under the marketing/sales retention window, that record needs to be producible for years after the call happened, not just during the season it was made.
The exposure compounds when disclaimer timing isn’t tracked at the individual-call level. If an agency can only say “we trained everyone on the new rule” instead of showing where the disclaimer landed on a specific call, that’s a much weaker answer in an audit than a timestamped record tied to that call.
Logging disclaimer timing as part of your compliance record
The disclaimer trigger is one more timestamp that belongs next to the ones agencies already have to track — the Scope of Appointment (see whether the 48-hour SOA rule is really gone) and the call recording itself. ClaimFlow logs disclaimer timing alongside SOA capture and the audio record, so a single call has one auditable trail instead of three separate places to check. It also ties that same call back through to the policy it produced — commission, renewal, and chargeback included — so the compliance record and the attribution record come from the same log instead of two systems that have to be reconciled by hand.
If your call center is also handling recordings or transcripts through a vendor, confirm that vendor’s obligations are covered — see the BAA checklist for Medicare call center vendors.
Get your compliance stack AEP-ready
Start with the AEP compliance readiness checklist — scripts, retention, consent capture, and attribution tagging, reviewed before Oct 15 volume hits.