Navigating Consent as a Telehealth Provider: Crucial Insights from Cerebral's $7M FTC Settlement

A quick read of recent headlines makes one thing clear—companies are struggling to navigate the intricacies of collecting, honoring, and propagating consumer consent across their data ecosystem.

In recent months, the Federal Trade Commission (FTC) has levied a host of complaints against companies in the telehealth industry. The stakes of these consent violations are high, as seen in:

• Cerebral’s $7M settlement

• Monument’s $2.5M settlement

• BetterHelp’s $7.8M settlement

• GoodRx’s $1.5M settlement

The fines levied against these companies are just the tip of the iceberg. Not only do they face monetary damages, but all are looking at an outright ban on sharing health data for the purpose of targeted advertising, which will likely affect long-term revenue.

And the FTC has made it clear this enforcement trend is here to stay:

"Here’s the loud-and-clear message companies need to hear: The FTC won’t back down in the fight to protect the privacy of consumers’ sensitive health data." 

Telehealth providers are on notice—so if your business is collecting, processing, or sharing consumer health data, it’s time to get your house in order. 

What does this look like in practice? Consent compliance is multifaceted, but there’s a few initial steps telehealth providers should consider taking.

1. Implement a full-stack consent management solution. In this context, this means going beyond cookie banners to implement a tool that offers real-time detection and management of all 200+ tracking technologies, as well as governing both client-side and backend user consent.

2. Audit your privacy program top-to-bottom. Though the FTC often focuses on consent, the cases above also allege security lapses that made consumer data vulnerable, consumer’s inability to access and control the data held by a company, use of dark patterns, and more. 

3. Automate wherever possible. Enterprise data ecosystems are complex and manual processes simply aren’t enough when the stakes are this high. 

Brandon Wiebe, Transcend’s General Counsel and Head of Privacy, notes: 

"Understanding your data - where it’s coming from, how it’s being used, and most importantly, whether or not your organization has permission to process, sell, or share that data - is one of the most critical compliance considerations telehealth firms should be focusing on today."

The FTC’s enforcement spree highlights the critical importance of robust data governance and compliance strategies, so let's dive in. Keep reading for critical takeaways from these settlements and practical strategies for compliant consent management as enforcement ramps up. 

Non-compliant consumer consent management is at the heart of many of the FTC’s recent enforcement actions—and it’s no wonder. The idea is simple in theory: honor consumer consent preferences across all your digital properties. In practice, complexities abound, leading to significant challenges for companies in this space.

• Incomplete coverage: There are 200+ tracking technologies in use in today’s business ecosystems, and each one must be in compliance! Unfortunately, many legacy solutions only handle cookie management—failing to address the larger adtech picture. From pixels to LSOs to SDKs, data consent laws apply to all types of tracking technologies, so addressing this piece is critical. 

• Manual processes/minimal automation: Manual processes are still at the heart of many organization’s approach to consent management: a reality that leads to errors, inefficiencies, and compliance gaps. Repetitive tasks and manual tag manager manipulation limits the seamless flow of user consent preferences throughout a company’s data ecosystem.

• Outdated data visibility: Out-of-date data leads to out-of-date compliance. Legacy tools force many companies to rely on static cookie scans, limiting any chance at a reliable source of truth. As a result, consent preferences are often applied inconsistently and are frequently out-of-date. In contrast, companies using next-gen solutions like Transcend Consent Management reap the benefits of a comprehensive view of all user consent and tracking technology activity. 

Transcend Consent Management is the only solution that governs both client-side and backend user consent for complete compliance—with custom consent experiences for any mobile app, region, device, and domain. Telehealth services switching from a legacy cookie banner provider to a full-stack consent management solution can see their consent processes transformed. Use Transcend Consent Management to: 

1. Reduce compliance risk: Compliant consent management means enforcing consent preferences across both client-side and backend workflows. Transcend Consent Management offers real-time detection and management of 200+ tracking technologies across all your digital properties. It’s also the only solution that honors the Global Privacy Control (GPC) signal and propagates downstream restricted data processing flags straight out-of-the-box.

2. Drive savings through automation: By automating consent management processes, Transcend streamlines workflows, minimizes errors, and reduces manual workload. This leads to increased efficiency and cost savings for privacy teams.

3. Gain enterprise-level visibility: To maintain compliance and build trust with users, organizations need complete visibility into their data collection activities. While traditional consent management solutions rely on static cookie scans, which may miss real-time tracking changes, Transcend offers continuous tracker detection on every inch of your company’s website.

4. Ensure flexibility at scale: Customize front-end UIs and add new regional consent experiences in just a few clicks. Don’t let cumbersome configurations or vendor support bottlenecks slow your business growth. 

5. Empower business insights through granular tracking and control: Transcend Consent Management allows businesses to granularly classify and block tracking at the network level, while still keeping essential applications running—empowering your organization to respect user consent preferences without sacrificing vital business insights. 

When working as a Senior Privacy Engineer at GoFundme, Jake Ottenwaelder noted: 

“Adopting and implementing Transcend’s Consent product has been one of the smoothest technology implementations we’ve done. Within hours, we were getting valuable information that allows us to instantly see most used cookies and data flows and easily separate data flows by domain.”

For when your legacy solution relies on static site scans, requires tedious maintenance, and still leaks unconsented data. Transcend Consent Management collects consent and automates enforcement across every interface, from websites to mobile apps, offering your organization:

• Continuous detection of 200+ kinds of trackers across every inch of your site.

• Automatic network-level enforcement—no manual tag manager configuration required.

• Out of the box support for IAB TCF, Google Consent Mode, and Do Not Sell (eg. Meta LDU).

Reach out to learn more.