CMS Marketplace Security Updates for Agents & Brokers
Strengthening Marketplace Integrity: What Agents and Brokers Need to Know
The healthcare enrollment landscape is shifting, and agents and brokers are right in the middle of it. CMS and its partners have rolled out a series of changes aimed at protecting consumers, tightening security, and ensuring transparency across the Federally-facilitated Marketplace (FFM). While some of these updates may feel like extra hoops to jump through, they’re ultimately designed to make the enrollment process more secure and trustworthy for everyone.
Greater Transparency Through Registration Lists
One of the most practical tools CMS now provides is the Agent & Broker Registration Completion List, which gets updated monthly. This list shows which agents and brokers are currently registered and in good standing with the Marketplace. On the flip side, CMS also maintains a Registration Termination List, which highlights when someone’s FFM agreement has been revoked.
For agents, these lists aren’t just about compliance—they’re about credibility. They allow you to verify your standing and reassure clients that you’re authorized to guide them through their Marketplace options.
Cracking Down on Unauthorized Activity
A major concern over the past few years has been unauthorized plan changes and enrollments. CMS addressed this head-on with new rules that took effect in July 2024. Now, only agents or brokers already connected to a consumer’s Marketplace profile can make changes. If you’re not linked, the only way to proceed is through a three-way call with the client and the Marketplace Call Center, or by having the consumer handle the changes directly through HealthCare.gov or an approved enrollment partner site.
The impact has been dramatic. Unauthorized plan changes have dropped by about 30%, agent-initiated plan changes by nearly 70%, and commission changes by almost 90%. Beyond the numbers, CMS has also sped up its resolution process for the issues that still slip through—cutting turnaround times from nearly three weeks down to less than 11 days.
For agents, this means fewer headaches from unauthorized switches and a more streamlined process when problems do arise.
HealthSherpa Integration and New Login Rules
For those who rely on HealthSherpa, account integration with the FFM has become non-negotiable. Linking your HealthSherpa and FFM accounts is what enables you to search Marketplace plans, submit applications, and manage client enrollments. The process runs through CMS’s Okta portal, and once connected, you’re good to go—at least for a little while.
Here’s where things have tightened up: CMS now requires reauthentication after just 30 minutes of inactivity. That change rolled out on August 29, 2025. Previously, sessions could last up to 12 hours, which gave agents more breathing room during a busy day. Now, if you pause too long between applications or client calls, you’ll have to log back in before moving forward. It may feel like an extra step, but it’s part of CMS’s broader effort to keep client information safe.
What It All Means for You
Taken together, these changes point to a clear trend: CMS is putting security and consumer protection at the center of Marketplace operations. For agents and brokers, this means a little more diligence—checking your registration status regularly, following the authorized paths for making changes, and getting comfortable with frequent logins through HealthSherpa.
But it also means you’re operating in an environment where trust matters more than ever. Clients can have greater confidence that their information and coverage choices are being handled properly, and that bad actors are less likely to slip through the cracks.
Looking Ahead
As we move into another enrollment season, the best thing you can do is stay informed and prepared. Know where you stand on the registration lists. Build the habit of reauthenticating when needed. And most importantly, continue to advocate for your clients within this more secure, more transparent Marketplace.
The bottom line? These updates aren’t just about compliance—they’re about credibility. By embracing them, you not only protect your clients, you also strengthen your own reputation as a trusted guide in an increasingly complex healthcare system.
