Route Medicare Advantage, Medigap, Part D, ACA, dental, and vision leads to licensed agents and carriers under the heaviest compliance load in the industry. HIPAA architecture, per-buyer TCPA consent, state licensure filters, and per-carrier caps on one engine.
Sub-100ms
Routing decision
AES-256-GCM
Encryption at rest
BAA on request
Business associate
Audit logged
Every access
The Reality
Health insurance and Medicare carry a stack of federal and state rules that most generic routers were never designed to handle.
A healthcare lead is not a generic form submit. It carries Protected Health Information, it sits under HIPAA if the buyer is a covered entity or a business associate, and it is almost always being sold into an outreach workflow that triggers TCPA. The moment the lead references Medicare Advantage, the Centers for Medicare and Medicaid Services Marketing Guidelines (MARx) apply on top, with extra rules for lead vendors, scope-of-appointment forms, and prohibited outreach patterns. Get any layer wrong and the exposure is regulatory, not just commercial.
The concrete operator problems look like this. Protected Health Information must be encrypted at rest and in transit, access must be logged, and a Business Associate Agreement has to be in place with every downstream buyer that touches the data. TCPA one-to-one consent under FCC 23-107 means the consumer has to name the specific buyer at opt-in, so a generic partner page that sells to fifteen carriers without naming them is no longer compliant. Medicare Advantage adds MARx restrictions on how lead vendors generate and distribute traffic, plus scope-of-appointment requirements before an agent can discuss plan options. ACA, dental, and Medicare Supplement all require state-specific agent licensure. Calling-hour rules follow the prospect zip, not the buyer zip. A router that does not reason about any of this hands the operator a liability in the shape of a CRM.
Lead Router was built for operators who sell into this environment. The same routing engine that handles auto, solar, and home services is pre-wired with the compliance controls healthcare demands, and the control surface is designed so the compliance team and the revenue team are looking at the same record.
How Lead Router Solves It
The compliance controls that make Medicare, ACA, and ancillary health work inside one routing engine.
Lead payloads are encrypted at rest with AES-256-GCM and moved in transit over TLS 1.2 or higher. Tenant rows are isolated at the query layer so one client cannot read another client's data. Every read, write, and export is audit logged with actor, action, and timestamp. Lead Router is architected for HIPAA compliance, formal attestation is in progress, and a BAA is available on request for buyers and partners that need one.
TCPA and FCC 23-107 one-to-one consent is captured at the form level. The consent string, buyer name, disclosure URL, IP, user agent, and timestamp are stored with the lead so the buyer receives a defensible consent record for each sale. If the buyer was not explicitly disclosed at opt-in, the contract will not win the lead.
Contracts can gate on agent state licensure so a Medicare Advantage lead in Florida only routes to carriers and agents licensed in Florida. Product filters split Medicare Advantage, Medicare Supplement, Part D, ACA on-exchange, ACA off-exchange, dental, vision, and supplemental so a dental-only buyer never pays for an MA lead.
Daily, weekly, and monthly caps track by carrier, by product, by state, and by agent. A United Medicare Advantage contract can cap at 200 Florida leads per day while a Humana Part D contract caps at 75 Texas leads per week. Caps cut off the contract automatically and the lead fails over to the next eligible buyer in the waterfall.
Medicare and health insurance calling rules vary by state and by federal guidance. Lead Router enforces calling windows by prospect zip code so a lead submitted at 8:30pm local time in California is not routed to a live-transfer buyer who would dial it outside permitted hours. Form-lead buyers can still receive the lead for next-day outreach.
Lead Router posts to UnitedHealthcare, Humana, Aetna, Cigna, Kaiser, and major aggregator endpoints using each carrier's required field schema. Medicare-specific fields like Medicare Beneficiary Identifier intent, Part A and Part B effective dates, scope-of-appointment confirmation, and plan year are mapped per destination so one intake form feeds every carrier cleanly.
Where It Fits
Every health and health-adjacent product line, with the filters and field schemas each one requires.
Delivery Targets
Out of the box posting formats for the destinations that matter in health and Medicare.
Lead Router posts directly to UnitedHealthcare, Humana, Aetna, Cigna, Kaiser Permanente, Anthem, and the major Medicare and ACA aggregators. Each destination gets its required field schema, so Medicare-specific fields like Medicare Beneficiary Identifier intent, Part A effective date, Part B effective date, plan year, and scope-of-appointment confirmation are mapped per carrier. The operator maintains one intake form, and the router handles the per-destination translation.
TrustedForm certificate URLs and Jornaya LeadiD tokens are captured at form submit and forwarded on the outbound post so the buyer receives a consent certificate with every sale. The posting log records the exact payload, the HTTP response, and the timestamp for every delivery, which is the record auditors ask for first.
Live transfer is available on the same engine. Ping-post picks the winning buyer, the call bridge fires, and the same MA, ACA, or dental filters that would have gated a form post gate the call leg as well. See the ping-post and lead distribution pages for how the routing mechanics work across channels.
Compliance Posture
The architecture and policy docs are public so buyers, partners, and auditors can read them before asking.
Lead Router is architected for HIPAA compliance. Data at rest uses AES-256-GCM, data in transit uses TLS 1.2 or higher, tenant data is isolated at the query layer, and every read, write, and export is audit logged. A Business Associate Agreement is available on mutual execution for buyers and partners whose workflows require one. Formal third-party attestation is in progress and will be published when complete.
TCPA one-to-one consent under FCC 23-107 is enforced at the contract level. A buyer that was not explicitly disclosed on the consent string at opt-in cannot win the lead, regardless of price or priority. Full policy detail lives on the HIPAA compliance page and the TCPA compliance page.
Frequently Asked
The questions healthcare operators ask before signing on.
Is Lead Router HIPAA compliant?
Lead Router is architected for HIPAA compliance with AES-256-GCM encryption at rest, TLS 1.2 or higher in transit, row-level tenant isolation, and full audit logging of every access. A Business Associate Agreement is available on request and executed before any Protected Health Information is exchanged. Formal third-party attestation is in progress. We do not claim certification that has not been issued, and the HIPAA compliance page explains exactly where the audit stands.
Can I route Medicare Advantage leads?
Yes. Medicare Advantage contracts can gate on state agent licensure, plan year, scope-of-appointment confirmation, and MARx-aware caller and vendor rules. The outbound posting format carries CMS-compliant fields per carrier, including Medicare Beneficiary Identifier intent, Part A and Part B effective dates, and plan year. Caps can be set per carrier, per state, per product, and per day, week, or month so a single operator can run United, Humana, Aetna, and Cigna waterfalls inside one account.
Does Lead Router capture scope-of-appointment?
Yes. Scope-of-appointment data is captured through custom fields on the intake form and stored with the lead record. The scope confirmation, the products the consumer agreed to discuss, and the timestamp are forwarded to every downstream carrier that requires the data. A buyer whose contract requires scope cannot win a lead that does not carry a valid scope record.
How do calling-hour rules work for Medicare outreach?
Calling windows are enforced by prospect zip code, not buyer zip code. A Medicare lead submitted at 8:30pm local time in California will not fire a live-transfer bridge to a buyer whose contract is gated on permitted calling hours in the prospect state. The lead can still deliver to form-lead buyers for next-day outreach, and the restriction is set per contract so operators can tune aggressiveness by product and carrier.
Can I get a Business Associate Agreement?
Yes. Contact support and the BAA is sent out for mutual execution before any Protected Health Information moves through the account. The BAA covers subprocessors, breach notification windows, audit rights, and data return or destruction on contract end. Buyers and partners with HIPAA obligations should expect to sign one before going live.
Route Healthcare Cleanly
HIPAA architecture, per-buyer TCPA consent, state licensure filters, per-carrier caps, and multi-channel distribution on one engine. BAA available on request.