Telehealth Reform Is Needed for Consumer Protection
continued from page 21
• Detailed Settlement Reports . Regulatory bodies like the FTC should require more detailed settlement reports that outline not only the fine and the nature of the violations but also the specific corrective actions companies must take . This would ensure that the public is fully informed about the scope of the violations and the consequences for companies that fail to meet privacy standards .
• Clear Reporting of Compliance Measures Taken . Companies that settle with regulators should be required to publish clear reports outlining the specific steps they have taken to bring their operations into compliance . These reports should include details about any procedural changes , data privacy enhancements , or internal audits implemented as part of the settlement .
• Regular Public Updates . Regulators should consider providing regular updates on the progress of settlements , particularly in cases where long-term compliance is a key concern . This could include monitoring and publishing outcomes of long-term impact assessments , ensuring that consumers and other stakeholders are kept informed about whether companies are upholding their commitments .
By improving the transparency of regulatory reporting , regulators can foster greater public awareness , encourage industry-wide compliance , and ultimately create a more accountable and trustworthy teletherapy sector . With clearer and more comprehensive reporting , regulators can demonstrate their effectiveness in holding companies accountable , while also giving consumers and professionals the tools they need to make informed decisions about digital health services .
CONTEXT-SPECIFIC REGULATIONS : A CRUCIAL PATH FORWARD
Context-specific regulations are required to improve the regulatory landscape and better address privacy concerns in teletherapy . A context-specific approach allows regulators to consider the broader operational context in which violations occur and tailor enforcement actions not only to correct underlying problems and ensure long-term compliance but also to help companies restructure their operations in a way that prevents future violations . For example :
• A teletherapy provider that has misused consumer data for advertising purposes , as in the case of BetterHelp , might require stricter transparency and audit measures , along with proactive consumer notifications about data usage .
• For companies like Cerebral , which may have violated specific health data privacy laws related to addiction recovery services , regulators could require enhanced training for staff on compliance with privacy laws , as well as stricter guidelines for marketing mental health services .
• Monument ’ s case , involving poor data-security practices , might warrant more stringent mandates around data encryption , data deletion policies , and regular audits to ensure that sensitive information is handled appropriately . By tailoring regulations in this way , regulators can achieve targeted intervention , promote accountability , and encourage ethical innovation .
While a context-specific approach offers advantages , it also comes with challenges . Implementing regulations tailored to each company ’ s violation will require greater resources for regulatory agencies , which will need to invest more time and effort in understanding the operations of each company and the specifics of their violations . Additionally , companies may resist the imposition of different regulatory standards . However , the long-term benefits of context-specific regulations far outweigh these challenges .
A context-specific regulatory approach would also require greater coordination among federal agencies ( such as the FTC , FDA , and HHS ) and state-level regulators to ensure that enforcement strategies align with both federal law and state-specific concerns . To implement context-specific regulations effectively , regulators need to take several actions , including conducting indepth case assessment , creating flexible enforcement mechanisms , collaborating across agencies , and providing transparent reporting , in addition to conducting long-term impact assessments .
As consumers become more aware of the importance of privacy , long-term evaluations help ensure that companies are not simply compliant in the short term but are genuinely investing in ethical , consumer-centric practices that will protect privacy and data security for the long haul , according to articles in the International Journal of Medical Informatics and Chapter 14 of the 2022 book “ Roadmap to Successful Digital Health Ecosystems .”
To ensure the long-term effectiveness of regulatory actions , several key steps must be taken : ongoing monitoring and reporting , consumer feedback and trust surveys , longitudinal studies of industry behavior , refining regulatory strategies based on results , and public transparency of long-term results .
FIVE COMPREHENSIVE SOLUTIONS
The findings from recent regulatory enforcement actions against teletherapy providers — such as BetterHelp , Cerebral , and Monument — underscore the limitations of relying solely on ficontinued on page 23
22 The Advocate Magazine 2025 , Issue # 1 American Mental Health Counselors Association ( AMHCA ) www . amhca . org