1. MediMatch
  2. Compliance
Compliance Knowledge Center

Medicare AI Compliance Resources

Source-driven guides to the regulatory framework governing AI-assisted Medicare programs — for brokers, carriers, compliance teams, and TPMOs.

We cite primary sources, separate legal requirements from industry practice, and acknowledge uncertainty where regulations are unsettled. Not legal advice.

Canonical Reference

Start here

The comprehensive guide covers all major regimes in one place.

Comprehensive Guide · Version 1.0

Medicare AI Compliance Guide: HIPAA, TCPA, TPMO & Consumer Health Privacy

Seven sections covering every regulatory regime that governs AI-assisted Medicare lead generation — with executive answer blocks, 20 FAQs, and 8 primary-source citations. The canonical reference for all other content on this hub.

Sections: 7 FAQs: 20 Sources: 25 primary Published: June 2026
Read the guide →

Topic Guides

Deep dives by regulation

Each topic guide focuses on one regulatory regime — with a practical focus for Medicare programs.

🛡️

HIPAA & Medicare Lead Generation

When HIPAA actually applies to Medicare programs, the Covered Entity / Business Associate analysis, and what a BAA does and doesn't cover.

Read guide →
📱

TCPA & Medicare Text Messaging

Prior express written consent requirements, the 2024 one-to-one consent rule, opt-out obligations, and why TCPA is often the higher-velocity litigation risk.

Read guide →
🌲

Washington My Health My Data Act

Opt-in consent requirements, the private right of action, extraterritorial reach, and what it means for nationally-marketed Medicare programs.

Read guide →
⚕️

CMS Medicare Marketing & TPMO Rules

TPMO classification, required disclaimers, 10-year recording retention, Scope of Appointment requirements, and the technology vendor analysis.

Read guide →
🗺️

State Consumer Health Privacy Laws

Washington MHMDA, Nevada SB 370, CCPA/CPRA sensitive data, and an overview of other state frameworks — compared and mapped to Medicare programs.

Read guide →
🔒

Need Full HIPAA? How We Handle It

Message channel options (managed by Side Nerd or your org), HIPAA-eligible infrastructure, AI model handling, and vendor BAA chain — plus a full compliance package available on request.

Read overview →

White Paper

For carriers, insurers & compliance teams

The full compliance and regulatory framework document — structured for CISOs, procurement, and legal review.

White Paper · June 2026

Compliance & Regulatory Framework for AI-Assisted Medicare Communication

Four-section analysis covering HIPAA scope and the covered-entity path, state consumer-health privacy laws (WA, NV, CA, CO), TCPA consent requirements and the 2024 one-to-one rule, and CMS Medicare marketing requirements for TPMOs. Includes a responsibility allocation summary and 24 primary-source citations. Intended for CISOs, compliance officers, and carrier procurement teams.

Sections: 4 Sources: 24 primary Audience: CISOs, compliance teams, carriers Published: June 2026
Read white paper →

Editorial Principles

1
Cite primary sources — statutes, regulations, and agency guidance — wherever possible.
2
Separate legal requirements from industry best practice. Label each clearly.
3
Distinguish HIPAA from non-HIPAA privacy laws. Most compliance conversations conflate them.
4
Acknowledge uncertainty when regulations are evolving or agency guidance is absent.
5
Encourage corrections and discussion. Compliance is a collective knowledge problem.
6
Prioritize accuracy over marketing language. Never claim legal certainty where regulators haven't provided it.
7
Verify and update sources quarterly. Note the last-verified date on every citation.
8
Nothing on this hub is legal advice. Consult qualified counsel for program-specific determinations.