Telehealth Reform Is Needed for
Consumer Protection continued from page 20
In this case , a context-specific approach could involve stricter oversight of advertising practices in the digital health sector , given the prominence of misleading marketing on online platforms . The focus should not only be on penalties but also on preventing deceptive practices through tailored advertising regulations that account for the unique nature of telehealth services .
• Cerebral . Cerebral ’ s multiple privacy violations , particularly under the OARFPA ( Opioid Addiction Recovery and Family Protection Act ) framework , highlighted the risks posed by misleading marketing in addiction-recovery services . In addition to the $ 7 million fine , the company was required to implement regular audits of privacy practices , which aims to deter future violations through ongoing regulatory scrutiny . However , Cerebral ’ s case demonstrates how data security and misleading marketing are distinct issues that require different corrective actions .
A more context-specific approach could involve implementing enhanced privacy protection protocols , with a specific focus on telehealth services that deal with addiction recovery , where the handling of sensitive data is critical . Additionally , more precise compliance mandates , such as audits tailored to the company ’ s specific privacy challenges , would provide a more targeted framework for ensuring long-term adherence to privacy standards .
• Monument . Monument faced penalties for inadequate data handling and a failure to comply with consumer protection regulations , raising serious concerns about the security of sensitive user information . Monument ’ s settlement included a $ 2.5 million fine and mandatory changes to its data-handling practices , such as data deletion and consumer notification requirements . These measures , although necessary , highlight the broader regulatory response to data security violations .
Given the specifics of Monument ’ s violations , a context-specific regulatory response might focus more on data security infrastructure , particularly for teletherapy platforms that deal with mental health data . Proactive measures , such as mandating more frequent data security audits and establishing clear guidelines for data breach notification , could be implemented to strengthen the framework and ensure long-term consumer protection .
The differences in regulatory responses across these cases highlight an evolving regulatory landscape that has started to address some of the unique challenges of the teletherapy industry . However , as these case studies demonstrate , the one-size-fits-all approach currently employed — primarily focused on financial penalties and broad procedural changes — does not adequately account for the diversity of practices within telehealth .
By focusing on context-specific regulations that tailor enforcement actions to the nature of the violation , regulators can ensure that their actions lead to sustainable changes in company behavior . This , in turn , can have a more lasting impact on consumer protection than fines alone , enhancing trust in the telehealth space and improving the overall integrity of the industry . A framework that prioritizes long-term compliance and operational integrity will not only help address the challenges of today but will better prepare the digital health industry for future challenges as it continues to grow and evolve .
THE NEED FOR ENHANCED TRANSPARENCY
One of the most critical challenges revealed by the enforcement actions against teletherapy providers like BetterHelp , Cerebral , and Monument is the lack of transparency in how regulatory actions are reported . While regulatory agencies have made strides in holding companies accountable through fines and operational changes , the effectiveness of these measures is often undermined by insufficient disclosure . Currently , the reports and public disclosures regarding enforcement actions often lack crucial details about the context , scope , and specific corrective actions taken by the companies involved .
For example , settlement reports frequently provide figures on fines , but may not fully explain the nature of the violations , the exact measures required for compliance , or how these actions will prevent future breaches . This lack of transparency is a missed opportunity for stakeholder engagement , as consumers and industry professionals are often left without the information they need to understand the full impact of regulatory actions .
In the case of BetterHelp , the settlement documents did not provide detailed information about the operational changes that BetterHelp was required to implement or the full context of its deceptive marketing practices . Similarly , the settlement with Cerebral provided limited insight into how the mandated audits would be structured or what specific measures would be taken to prevent future violations in marketing addictionrecovery services . The lack of such details can leave consumers and stakeholders questioning whether the enforcement actions are truly effective or merely symbolic . Without full transparency , companies may perceive enforcement actions as vague or ineffective and feel emboldened to take risks or ignore regulatory standards .
To improve transparency , several key changes are needed :
continued on page 22 The Advocate Magazine 2025 , Issue # 1 American Mental Health Counselors Association ( AMHCA ) www . amhca . org
21