Compliance June 28, 2026

Short-Term Medical at Insurance Agencies: 2026 Compliance Map

Rachel Nguyen
Sr. Compliance Analyst

Short-term medical is the single most state-fragmented health product an agency can sell in 2026. Federal rules establish the floor — and three years of regulatory whiplash since the 2024 final rule have left half the country at one duration cap and the other half at another. State DOIs have layered their own restrictions on top, and several states have banned the product outright. For agency compliance officers, STM is not a product to wing. It is a product that requires a state-by-state operational framework, written down, with the disclosure script enforced at the call level.

The 2026 STM Compliance Landscape

4 mo
Federal initial-term cap (45 CFR 144.103)
5+
States with outright STM prohibitions or near-bans
15+
States with stricter-than-federal duration limits
100%
Of STM applications require the federal disclosure

The Federal Floor: HHS and 45 CFR 144.103

Every STM compliance program starts with the federal definition. Under 45 CFR 144.103, short-term limited-duration insurance is defined as health coverage with an initial contract term of less than four months and a maximum total duration — including renewals or extensions — of no more than four months. That is the federal ceiling agencies have to operate under in any state that has not adopted its own (more restrictive or, in a handful of cases, less restrictive) framework. The companion regulation at 45 CFR 146.145 exempts STM from the major individual-market group health plan requirements precisely because of those duration limits.

The federal framework also requires a specific consumer disclosure — in 14-point font, displayed prominently on the application and any marketing material — explaining that the coverage is not minimum essential coverage, does not satisfy the individual mandate (in states that have one), and may exclude pre-existing conditions. This is non-negotiable. Every STM application your agency processes, in every state, must carry the federal disclosure.

The Disclosure Is Not Optional in Any State

Even in STM-friendly states, the federal disclosure under 45 CFR 144.103 must appear on the application. Carrier-supplied applications usually include it, but agencies that build their own intake flows or transcribe applications from telesales calls have failed audits when the disclosure was abbreviated or omitted.

The State Patchwork: Three Tiers

From a compliance-officer standpoint, the cleanest way to manage STM is to bucket states into three tiers. The exact list shifts as DOIs adopt or relax rules — your compliance program should refresh the bucket assignments at least quarterly — but the structure stays stable.

STM State Tiers (Operational Buckets)

Tier Posture Examples (verify quarterly)
Tier 1: Prohibited / Near-Banned Do not write STM at all CA, NY, NJ, MA, CO (subject to change)
Tier 2: Restricted Stricter duration, additional disclosure, special licensing CT, IL, MD, OR, RI, VT, WA
Tier 3: Federal Floor 4-month cap, federal disclosure Most remaining states

The mistake most agency compliance officers make is treating Tier 1 states as "we just won't sell there." That is correct in principle but operationally insufficient. Lead-vendor data does not respect state lines, dialer lists drift, and agents in adjacent states pick up cross-border calls. The Tier 1 list has to be enforced in the routing layer, not in the agent's head. The same goes for Tier 2 — agents who routinely write Tier 3 applications will default to the Tier 3 disclosure script unless the system catches the state and forces a different script.

The NAIC Model and What It Tells State DOIs to Do

The NAIC Short-Term Limited-Duration Insurance Model Act is the source most state DOIs draw from when they layer additional STM rules. Common state-level overlays you will see — and the disclosure language varies by state — include: stricter duration caps (some states allow only 90 days or even 30 days initial term), prohibitions on automatic renewal, mandatory state-specific disclosure language above and beyond the federal disclosure, and producer-licensing surcharges or specific endorsements.

Several state DOIs also require carriers (and by extension, contracting agencies) to file STM marketing materials for prior approval. That includes telesales scripts in some states. If your agency is running an STM telesales floor, the script must match what the carrier filed. Do not improvise.

Building the Compliance Framework

The Five Layers of an Agency STM Compliance Program

1
State eligibility gate. The agent's call interface should refuse to advance an STM workflow when the prospect is in a Tier 1 state. Compliance cannot rely on the agent remembering the prohibition list.
2
State-specific disclosure script. The script that displays in the agent's interface must change based on the prospect's state. A single national script cannot satisfy Tier 2 disclosure overlays.
3
Recorded disclosure verification. Every STM enrollment call must be recorded with a clear, time-stamped disclosure read-back. State DOIs increasingly demand call-recording proof of disclosure delivery during audits.
4
State-by-state producer license verification. Some states require a state-specific surplus-lines or accident-and-health endorsement on top of the standard health producer license to write STM. Track endorsements per producer per state.
5
Quarterly state-rule refresh. The Tier list will change. Build a quarterly review cadence into the compliance calendar so the eligibility gate stays current.

Marketing-Side Compliance Pitfalls

STM compliance is not just an in-call problem. The marketing funnel that drives STM leads creates its own exposure. The two most common findings in DOI investigations of STM agencies: misleading lead-form copy that suggests STM is "ACA coverage" or "comprehensive coverage," and lead-source funnels that target ACA shoppers without distinguishing the product. Both are unfair-trade-practice issues independent of the federal disclosure on the application.

The agency-side fix is to require lead-vendor agreements that audit landing pages and lead forms used to generate STM leads, and to maintain copies of the lead-source disclosures used at the time of acquisition. As we discussed in our coverage of multi-state CMS compliance for health agencies, the marketing surface area is now where most compliance findings originate — not the call itself.

The Specific Disclosure Language That Has To Land on Every Call

Federal Floor Disclosure Elements

At minimum, every STM disclosure script (verbal and written) must convey: (1) the coverage is short-term limited-duration insurance, (2) it is not minimum essential coverage, (3) it may not cover pre-existing conditions, (4) it may exclude essential health benefits, (5) the consumer should consult Healthcare.gov for ACA options, and (6) the contract term and total maximum duration. State overlays may require additional elements — especially around renewability and ACA marketplace access during open enrollment.

The disclosure has to be read on the recorded portion of the call, not embedded in a follow-up email. State DOIs that have brought enforcement against STM agencies in the last three years have consistently treated email-only disclosure as inadequate. The standard is "before the consumer authorized payment, the disclosure was delivered audibly and the consumer affirmed understanding." That is a three-part verification: delivery, audibility, affirmation. Build it into the script as a non-skippable workflow step.

Replacement and ACA Coordination

When STM is sold to a prospect who currently has ACA coverage, the agent has crossed into replacement-conversation territory. This is the area state DOIs scrutinize most aggressively, because moving an enrollee from ACA into STM is rarely in the consumer's economic interest and the regulatory presumption is unfavorable. The compliance posture is: the agent does not initiate the replacement conversation, does not characterize STM as "better than" or "equivalent to" ACA, and documents in the call that the consumer was made aware of ACA options including premium tax credit eligibility.

For agencies that also write ACA, this is where compliance and revenue can be aligned. An ACA-eligible prospect who calls about STM is, in most cases, better served by a same-call ACA quote first — and the compliance file is cleaner if the agent can document the ACA quote was offered and declined. As with our broader take on AEP preparation and call-center compliance, the agencies that handle these conversations cleanly are the ones that built the workflow before the call started, not the ones that hoped the agent would handle it correctly.

Audit Readiness

STM Audit File Per Enrollment

  • Recorded call — full audio with disclosure read-back and consumer affirmation, retained per state retention rules (typically 10 years).
  • Written application — with federal 45 CFR 144.103 disclosure, in the required font size, signed by the consumer.
  • Producer license record — including state-specific endorsement at the time of sale.
  • Lead source documentation — landing-page snapshot or lead-form copy in effect on the day the lead was acquired.
  • ACA-quote-offered note — if the prospect indicated current or eligible ACA coverage, the file should show the alternative was presented.

Key Takeaways for Agency Operators

  • STM is the most state-fragmented health product on the market. A national script cannot satisfy state-level overlays.
  • The federal disclosure under 45 CFR 144.103 is non-negotiable. It belongs on every application in every state.
  • Bucket states into three tiers and enforce the bucket in routing. Do not rely on agents to remember Tier 1 prohibitions.
  • Disclosure delivery is verbal, audible, and affirmed. Email-only disclosure has failed enforcement actions.
  • Lead-source compliance is now the leading audit finding. Audit your lead vendors as aggressively as your agents.
  • Refresh state rules quarterly. The 2024 final rule and subsequent state actions are not stable.

STM is profitable for agencies that treat it as a compliance discipline first and a sales product second. The agencies that fail STM audits are not the agencies that sold a single bad policy — they are the agencies that ran a national script across 40 states and assumed federal compliance covered them. It does not. Build the state framework, enforce it in the workflow, refresh it quarterly, and STM remains a viable product line. Skip those steps and the regulatory exposure exceeds any margin the product produces.

State-Aware STM Compliance, Built Into Every Call

AgentTech Dialer's custom compliance questions adapt the STM disclosure script to the caller's state automatically — so Tier 1 prohibitions enforce themselves, Tier 2 disclosures display the right state language, and every enrollment call carries the federal 45 CFR 144.103 elements. State-specific producer license tracking and full call recording give compliance officers the audit file built into the workflow, not assembled after the fact.

Try AgentTech Dialer Now

References & Authoritative Sources

The information on this page is supported by the following official and authoritative sources.

  1. 1
  2. 2
  3. 3
  4. 4

Related Articles

June 27, 2026

HI Cross-Sell Playbook

Hospital indemnity is the highest-margin Medicare supplement attach. How agencies systematize the cross-sell across all agents.

June 26, 2026

Estate Planning Compliance

When life agents drift into "advice" — and how agency compliance officers prevent it.

June 24, 2026

Life Settlements

Ethical and regulatory considerations every agency should weigh before adding life settlements as a service line — when to add, when to stay out.

Last updated: