Every fall, Medicare beneficiaries face a wave of mailers, phone calls, and door-to-door visits from insurance agents — many of them working not for a single insurance company, but for a Third-Party Marketing Organization (TPMO). TPMOs coordinate large networks of agents and brokers who sell Medicare Advantage and Part D plans on behalf of multiple carriers. They are legal. And during open enrollment, they are a primary vehicle for fraud.
Understanding how TPMO fraud works — and why CMS enforcement has structural limits — is essential for elder law attorneys protecting vulnerable beneficiaries.
What Is a TPMO?
A Third-Party Marketing Organization is an entity that contracts with one or more Medicare Advantage or Part D plans to market and enroll beneficiaries. TPMOs recruit, train, and deploy large networks of agents who sell plans across multiple carriers. They handle compliance oversight, marketing materials, and in many cases, the enrollment process itself.
TPMOs are regulated under CMS rules — specifically 42 CFR § 422.2272 and 42 CFR § 423.2272 — which establish standards for how they can approach beneficiaries, what disclosures they must provide, and how they must handle personal information. CMS requires TPMOs to be listed in the HPMS (Health Plan Management System) and to comply with Medicare marketing guidelines.
But compliance requirements and actual behavior don't always align. And the structure of TPMOs — large agent networks, commission-driven compensation, volume-based performance metrics — creates conditions where fraud is not an anomaly, it's a feature.
Common TPMO Fraud Tactics During Open Enrollment
The tactics used during open enrollment exploit the specific vulnerabilities of Medicare beneficiaries — particularly those with cognitive decline, limited health literacy, or language barriers. Elder law attorneys encounter these patterns regularly, often after irreversible harm has occurred.
Unauthorized Plan Switching
The most damaging TPMO tactic is completing a plan switch without the beneficiary's informed consent. Agents complete enrollment forms during uninvited home visits or phone calls, sometimes with the beneficiary not fully understanding what they agreed to. By the time the beneficiary realizes their original plan has been replaced — losing their doctor, their prescription coverage, or their specialists — the enrollment period has closed and the switch is locked in.
TPMOs defend these enrollments by claiming the agent had verbal consent. CMS requires written or recorded consent for Scope of Appointment (42 CFR § 422.2274) — but when no documentation exists, proving a violation is difficult unless there is a contemporaneous record of the beneficiary's actual preferences.
Misleading Plan Comparisons
TPMO agents are trained to present plans in ways that maximize switches. This often means highlighting premium savings while minimizing network restrictions, prior authorization requirements, and out-of-pocket costs. For beneficiaries managing chronic conditions, the hidden costs of a narrow network can be devastating — and by the time they discover them, the annual enrollment window has passed.
CMS prohibits disparagement of competing plans and requires balanced comparisons — but TPMO training programs that teach agents to frame comparisons in deliberately misleading ways operate in a gray zone that CMS enforcement has difficulty reaching.
Pressure Tactics and High-Pressure Sales Events
During AEP, TPMOs organize sales events — sometimes marketed as "Medicare workshops" or "educational seminars" — where agents apply social pressure to enroll on the spot. Beneficiaries are told the event is informational, then find themselves in one-on-one sales conversations with agents who use scarcity language ("this offer ends Friday") and implied urgency to push enrollment decisions.
CMS prohibits using educational events as a vehicle for sales pressure without clear disclosure — but enforcement is complaint-driven, and beneficiaries who don't know their rights rarely file.
Failure to Provide the Required Star Ratings and Formulary Information
CMS requires agents to provide beneficiaries with specific information before enrollment — including plan star ratings, formulary details for their medications, and provider network information. TPMO agents under volume pressure routinely skip this step, completing enrollments based on surface-level information without verifying that the plan actually fits the beneficiary's needs.
Why CMS Cannot Catch Every Violation
CMS has issued fines and terminated marketing contracts with TPMOs and the plans that use them. But CMS enforcement has structural limitations that attorneys and beneficiaries need to understand.
Enforcement is complaint-driven. CMS investigates violations it learns about through complaints. If no one reports a violation — because the beneficiary didn't know it was a violation, lacks the capacity to file, or doesn't know how — the violation doesn't surface. The complaint data CMS uses to identify patterns is incomplete precisely because so many violations go unreported.
The scale of the Medicare market is enormous. More than 65 million Americans are enrolled in Medicare. During AEP, hundreds of thousands of enrollment interactions occur daily. CMS does not have the resources to proactively audit more than a fraction of them — the agency relies on a system of plan oversight, agent self-reporting, and complaint-based investigation that leaves large gaps.
TPMOs and plans share liability in ways that create accountability gaps. CMS holds plans responsible for TPMO conduct — but plans often claim an agent was operating outside their scope. The result is that individual bad actors can continue operating even after formal complaints, unless an attorney builds a documented case that clearly establishes what happened, when, and who authorized it.
How to Protect Yourself or Your Clients
For attorneys managing Medicare beneficiary clients — especially those with cognitive decline or complex health situations — the protection starts before a violation occurs.
Document Everything in Advance
A client registered in PlanShield's do-not-contact system before open enrollment has a timestamped record of their wishes. If a TPMO agent contacts them afterward, the attorney has a documented foundation: the client was protected, the notice was sent, the broker knew contact was prohibited. That documentation is the difference between a CMS complaint that gets logged and one that triggers action.
Register with PlanShield to Create a Legal Paper Trail
PlanShield allows attorneys to register clients in a documented, timestamped system that generates formal do-not-contact notices with correct CFR citations. The notices establish that the broker was explicitly notified — and the audit log records any subsequent contact. When a violation occurs, the attorney has everything needed to file a credible CMS complaint and a state DOI complaint.
File CMS Complaints — and State DOI Complaints
CMS enforcement and state Department of Insurance enforcement are complementary tracks. Every clear violation — unauthorized plan switch, uninvited home visit, misleading comparison — should be reported to both. The attorney's complaint carries more weight than a beneficiary's, especially when it includes the documentation PlanShield produces.
The best protection is a documented record before a violation occurs. If a broker contacts a client who is already registered and formally notified, the attorney has the paper trail that makes every complaint actionable.
PlanShield's Role: The Registry CMS Needs for Enforcement
CMS enforcement depends on documentation — not allegations, but records. PlanShield gives attorneys the infrastructure to produce those records: client registration with timestamps, formal do-not-contact notices with CFR citations, and a complete audit log of broker contact attempts.
The pattern PlanShield prevents is simple: a beneficiary is targeted, the attorney has no prior record of the client's protection wishes, the violation occurs, and the complaint is a verbal allegation with no supporting documentation. With PlanShield, the attorney has registration, notice, and documented contact — a case that CMS can act on.
As TPMO networks expand and AEP solicitation intensifies, the attorneys who have this infrastructure in place are the ones who can protect their clients and contribute to enforcement that benefits the entire beneficiary community.
For Attorneys: Register Free and Build Your Client Protection System
If you represent Medicare beneficiaries — especially those in assisted living, memory care, or situations where cognitive decline makes them targets — the time to act is now, before open enrollment, not after violations occur. PlanShield is free during early access.
Register at planshield.polsia.app/register. Add clients, issue do-not-contact notices, and maintain the audit trail that protects them.
For Beneficiaries and Families
If you or a family member have been switched into a Medicare Advantage plan without consent — or contacted aggressively during open enrollment by agents you didn't request — you have rights. Contact an elder law attorney who works with Medicare beneficiaries. If you are already working with an attorney, ask them about PlanShield's do-not-contact registry and whether it makes sense for your situation.
The TPMO fraud that exploits open enrollment is not inevitable. CMS enforcement depends on documented complaints. The paper trail you build now — with the right attorney and the right tools — is what makes enforcement possible.
For more on the regulatory framework governing Medicare marketing, see our explainer on Medicare open enrollment solicitation rules. For how to file a formal complaint, see our guide on filing a CMS complaint against a Medicare agent. And for the foundation of do-not-contact protection, see how attorneys build their own Medicare do-not-contact registry.