Stop Improper Marketing: A Guide to Part C & D Rules for Small Practice Outreach (42 CFR § 422.2260)

Medicare Advantage and Part D plans rely heavily on provider offices as a trusted point of contact for older adults, but that trust can turn into regulatory risk when small practices drift into improper marketing. Under 42 CFR 422.2260 and its Part D counterpart 42 CFR 423.2260, the Centers for Medicare & Medicaid Services (CMS) draw a sharp line between neutral communications and marketing designed to influence a beneficiary’s plan choice. For a small clinic, crossing that line without realizing it can trigger plan complaints, corrective action and even termination of contracts. At the same time, 42 CFR 422.2263 and 423.2263 impose general marketing requirements, including strict rules around gifts and inducements, that apply to the materials and activities you may be asked to participate in.

This article explains how these rules apply in real life when your staff talk with Medicare beneficiaries, hand out brochures or host events. It translates CMS definitions into everyday examples and then builds an operational playbook, self-audit checklist and culture plan that work for lean practices. The goal is simple: help you support your patients’ Medicare decisions without slipping into prohibited steering, misleading marketing or noncompliant outreach that could jeopardize your revenue relationships with plans.

Many small practices think “marketing rules” are a problem only for health plans, agents and brokers. In reality, CMS explicitly regulates what can and cannot happen in the healthcare setting when Medicare Advantage and Part D plans are discussed with beneficiaries. Under Part C and Part D communications and marketing regulations, your office can become part of a plan’s compliance story or part of a complaint file.

Because your team spends more time with patients than any plan call center, beneficiaries often ask staff which plan is “best,” whether a flyer is “a good deal,” or if they should switch coverage. In those moments, your employees may unintentionally cross the line into marketing activity that is tightly regulated by 42 CFR 422.2260, 422.2263 and related sections. Improper answers can be interpreted as steering or biased marketing, putting both the plan and your practice at risk.

This article will help your clinic understand where that line is, how to stay on the right side of it and how to design simple, low-cost controls, so even the busiest front desk can comply.

Understanding Legal Framework & Scope Under 42 CFR 422.2260

To manage outreach risk, you first need to understand how CMS defines communications and marketing in 42 CFR 422.2260 and parallel Part D rules in 42 CFR 423.2260. CMS uses these terms very precisely, and the definitions govern which rules apply.

At a high level, communications are any activities or materials that provide information to current or prospective enrollees about Medicare plans. Marketing is a subset of communications designed to draw attention to a specific plan or plans and to influence a beneficiary’s decision-making about enrollment or retention. Marketing also usually involves information about benefits, cost sharing or ranking of plans.

Other related sections flesh out what must happen when marketing occurs. 42 CFR 422.2262 and 422.2263 set general communication and marketing requirements for Medicare Advantage, including timing, content standards and prohibited practices such as certain inducements. Part D sponsors face parallel obligations under 42 CFR 423.2262 and 423.2263. Meanwhile, 42 CFR 422.2266 focuses specifically on activities with healthcare providers and in the healthcare setting, clarifying what clinics may and may not do in collaboration with plans.

These are federal floor requirements. States may also regulate marketing and unfair trade practices through insurance departments, but they cannot undercut CMS protections for beneficiaries. In practice, small clinics should treat CMS rules as the primary compliance anchor and treat any state rules as additional guardrails, especially when working with local agents or brokers.

Understanding this framework reduces denials, penalties and friction because it gives you a consistent basis for saying yes or no to requests from plans or agents. When a plan asks you to host an event, display a banner or allow one-on-one “reviews,” you can evaluate that request against the definitions and requirements in 42 CFR 422.2260, 422.2263 and 422.2266, rather than relying on the salesperson’s description.

CMS is the primary enforcement body for Medicare Advantage and Part D marketing and communication rules. The agency sets requirements in 42 CFR 422 and 423 and enforces them through routine monitoring, program audits, secret shopping, beneficiary complaints and review of marketing materials.

Several types of events commonly trigger scrutiny that can implicate your practice:

• Beneficiary complaints to CMS or to the plan, alleging they were pressured by someone at the doctor’s office to join or stay in a particular plan.

• Secret shopper calls or visits where CMS or plan staff test whether field representatives and provider offices follow scripted rules.

• Program audits that include a focus area on communications and marketing, including activities in provider offices and healthcare settings.

• Data showing unusual enrollment patterns for a specific plan concentrated in patients from a single clinic, which can suggest steering.

In parallel, the HHS Office of Inspector General (OIG) enforces anti-kickback rules and has issued guidance on nominal gifts and beneficiary inducements. If marketing activities involve gifts beyond nominal value or tie gifts to plan enrollment, they can raise anti-kickback concerns on top of CMS marketing violations.

For a small practice, this means your name may show up in a plan’s corrective action plan or even in CMS audit work papers if staff behavior or office events contributed to noncompliance. You are not the primary regulated entity, but you can quickly become part of the evidence.

Although these rules sit in Medicare regulations, not HIPAA, the discipline you build for privacy audits can be reused for marketing and communication compliance. The goal is to set up a few clear, repeatable controls that govern every Medicare-related outreach or conversation in your practice, all aligned with 42 CFR 422.2260, 422.2263 and 422.2266.

Below are core controls you can implement without new headcount or expensive tools.

First, create a simple outreach classification and logging process. This ensures every Medicare-related interaction is treated as either communication or marketing based on CMS definitions.

• Build a one-page “MA outreach intake” template in your EHR or shared drive where staff quickly record date, patient, plan name if applicable, and whether the contact was informational (communication) or included plan-specific benefit discussions (marketing) under 42 CFR 422.2260.

• Add a checkbox to flag any interaction involving discussions of premiums, copays or comparisons between specific plans, which clearly triggers marketing rules under 42 CFR 422.2260 and 422.2263.

• Require that any marketing-designated contact be supported by plan-approved materials or a contracted agent who is responsible for compliance with CMS marketing standards.

Together, these steps give you an immediate log to produce if a plan or CMS ever asks how marketing occurred in your practice and who was involved.

Second, standardize what staff can and cannot say when patients ask about plans. Clear scripts reduce the risk of casual steering.

• Develop a short script for front-desk and clinical staff that focuses on neutral support, such as helping patients contact 1-800-MEDICARE or the State Health Insurance Assistance Program, instead of recommending specific plans, consistent with provider activity limits in 42 CFR 422.2266.

• Include explicit “do not say” examples, such as “This plan is better for you” or “Most of our patients are happier with Plan X,” which would likely be considered marketing and potential steering under 42 CFR 422.2260 and general marketing requirements.

• Require annual sign-off from staff acknowledging the script and confirming they understand they cannot recommend specific plans unless they are acting in a clearly identified, compliant agent role.

These scripts protect your staff from improvising under pressure and show CMS and plans that you take communications rules seriously.

Third, control in-office materials and events. Because your clinic is a healthcare setting, 42 CFR 422.2266 treats it differently than other venues.

• Require written approval from a designated compliance lead before allowing any plan flyers, posters or tablecloths in the waiting room, and only accept materials that are plan-approved and consistent with 42 CFR 422.2263 and 423.2263 general marketing requirements.

• Limit educational events in your office to truly educational content such as explaining the basics of Medicare, and ensure events that qualify as marketing activities follow CMS event rules for sign-in sheets, sales discussions and enrollment.

• Maintain a small file (physical or digital) that lists all plans that have permission to display materials, with dates and contacts, in case a plan or CMS asks how you manage equity and avoid favoritism.

As you embed these controls, you are building a mini marketing-compliance system that can withstand plan or CMS review, just as your HIPAA safeguards help you survive a privacy audit.

Case Study

Consider a small primary care clinic that serves many Medicare beneficiaries and happens to have a strong relationship with one local Medicare Advantage plan. The plan’s representative drops off branded flyers, pens and tote bags several times a year, and the office allows the representative to set up a table in the waiting room once a month.

Over time, staff start to tell patients, “Most of our patients are on this plan, and they really like it,” or “You should probably switch to this plan, because they always pay us on time.” The representative occasionally meets one-on-one with interested patients in a side office immediately after their appointments. There is no outreach log, no classification of communication versus marketing, and no written script for staff.

Eventually, a patient feels pressured after being repeatedly told by staff to join that particular plan and calls 1-800-MEDICARE to complain. The complaint triggers a review of the plan’s marketing activities, including those in the clinic. CMS reviewers examine whether activities in the healthcare setting complied with provider-related rules in 42 CFR 422.2266 and whether the plan’s materials and events met general marketing requirements under 42 CFR 422.2263.

The investigation finds that staff statements went beyond neutral communication and crossed into marketing designed to influence enrollment, as defined in 42 CFR 422.2260 and 423.2260. They also find inconsistent access for competing plans, since only one plan’s materials are displayed. CMS issues a corrective action plan to the plan sponsor, which in turn requires the clinic to:

• Remove certain in-office materials.

• Train staff using CMS-compliant scripts.

• Maintain a log of all future events and outreach activities in the clinic.

The plan also warns the clinic that repeated issues could lead to termination from the network. The clinic’s leaders are surprised; they thought they were simply helping patients “find a good plan” and did not realize they had been pulled into the marketing compliance framework.

If the clinic had already implemented the controls in the survival guide above, its scripts would have prevented staff from making plan-specific recommendations, and its outreach log and approval process would have shown that in-office events and materials were being managed in line with 42 CFR 422.2260, 422.2263 and 422.2266. Instead of being a weak point in the plan’s audit, the clinic could have been cited as a strength.

Use this table as a quick internal review tool. Each row corresponds to a focused control that helps you stay within communications and marketing rules under 42 CFR 422.2260 and related provisions.

If your clinic can honestly check off these tasks on a recurring basis, you will have a strong foundation to demonstrate that your outreach respects CMS definitions and avoids improper marketing.

Common Audit Pitfalls to Avoid Under 42 CFR 422.2260

Because marketing and communication happen in real time, errors tend to be behavioral and situational. Each pitfall below maps to a specific regulatory expectation so you can train staff and monitor for issues.

• Allowing staff to recommend specific Medicare Advantage or Part D plans during casual conversations, effectively engaging in untracked marketing activity under 42 CFR 422.2260 without plan-approved materials or oversight, which can be viewed as steering.

• Displaying materials from only one or two favored plans in the waiting room without a clear, objective process, creating the appearance of bias and potential marketing violations related to provider activities in 42 CFR 422.2266.

• Hosting enrollment-focused events in the clinic without following CMS rules for marketing events, including sign-in practices and required disclaimers, which may breach general marketing requirements under 42 CFR 422.2263 and 423.2263.

• Allowing agents or brokers to meet one-on-one with patients in exam rooms or immediately post-visit, which can blur clinical and sales roles and conflict with provider-setting rules in 42 CFR 422.2266 if not carefully managed.

• Providing gifts or raffles at outreach events that exceed nominal value or appear tied to plan enrollment, raising compliance issues under 42 CFR 423.2263 and OIG beneficiary inducement guidance.

• Failing to distinguish educational materials that explain Medicare generally from plan-specific marketing materials, leading to misclassification of activities that should comply with marketing regulations under 42 CFR 422.2260.

By explicitly addressing these pitfalls in your policies, training and monitoring, you reduce the chance that a complaint, audit or secret shopper will uncover improper marketing linked to your practice under 42 CFR 422.2260 and related rules.

Compliance with marketing rules cannot be a once-a-year slide deck. Small practices need a simple but explicit governance structure around Medicare outreach. One physician owner or senior clinician should be named as the overall compliance sponsor for communications and marketing, with a practice manager handling day-to-day oversight under 42 CFR 422.2260 and associated provisions.

Training should be brief, recurring and scenario-based, with annual refreshers that incorporate script review and updated examples of permitted and prohibited staff statements. Metrics can be simple, such as tracking the number of documented outreach contacts, the share classified as marketing and the number of complaints or concerns received from beneficiaries or plans.

Most importantly, reinforce that staff should never “freelance” when talking about Medicare Advantage or Part D. Instead, cultivate a culture where the safest answer is often to direct patients to neutral resources and licensed experts, while your team focuses on clinical care and accurate information sharing within the boundaries of CMS communication and marketing rules.

Improper marketing is not just a problem for call centers and insurance agents. Because CMS definitions in 42 CFR 422.2260 and 423.2260 treat many common office interactions as communications and sometimes marketing, your small practice is already part of the compliance story. By proactively classifying outreach, controlling in-office materials and training staff, you can support patients’ Medicare decisions without drifting into steering or biased promotion.

Here are concrete next steps your clinic can take in the next 30 to 60 days:

1. Map where and how Medicare Advantage and Part D plans are discussed in your practice today, including front desk, clinical areas and any events, and classify those touchpoints as communication or marketing under 42 CFR 422.2260.

2. Build and deploy a simple outreach log and neutral staff scripts that align with CMS definitions and provider-setting rules in 42 CFR 422.2260, 422.2263 and 422.2266.

3. Review all in-office materials, events and gifts for compliance with general marketing and nominal-gift limits under 42 CFR 422.2263 and 423.2263, removing or replacing anything that does not clearly meet current standards.

Recommended compliance tool:

A shared “Medicare outreach playbook” that bundles your scripts, outreach log template and materials approval checklist into one short, easily updated document.

Advice: 

Do a quick walkthrough of your waiting room and exam rooms this week, and remove any plan materials you cannot immediately tie to a compliant process under 42 CFR 422.2260 and 422.2266.

• 42 CFR 422.2260 – Definitions for communications and marketing under Medicare Advantage
  

• 42 CFR 423.2260 – Definitions for communications and marketing under Part D
  

• 42 CFR 422.2263 – General marketing requirements for Medicare Advantage organizations
  

• 42 CFR 423.2263 – General marketing requirements for Part D sponsors
  

• 42 CFR 422.2266 – Activities in the healthcare setting and with providers
  

• CMS Medicare Communications and Marketing Guidance – Communications and marketing definitions and standards