New York AG Orders Cerebral to Pay for Cumbersome Cancelation Process

An investigation concluded that the company made canceling subscriptions a multistep, burdensome process and charged subscribers for services not rendered.

Following an investigation by New York’s Office of the Attorney General (OAG), telemental healthcare provider Cerebral must pay $740,000 in penalties and restitution for continuing to charge healthcare consumers after they canceled their subscriptions.

Cerebral is a telehealth-based mental healthcare provider that offers various services on a subscription fee basis. The subscriptions include access to virtual appointments with licensed therapists, counselors, and coaches, as well as medication prescriptions. The services are offered through an application that allows users to track appointments and prescriptions and access visit summaries.

However, healthcare consumers began complaining that they could not cancel their subscriptions. Thus, the New York OAG opened an investigation into the company's cancelation practices.

The investigation revealed that Cerebral subscribers were told they could cancel by email, but the cancelation process involved several burdensome steps, including completing a multi-question survey, before the cancelation was processed.

Additionally, the OAG discovered that the company could cancel subscriptions instantaneously by clicking a button but allowed itself up to 72 hours to finalize cancellations. Sometimes, the company took a week or more to cancel the subscription, during which time it would attempt to retain subscribers by offering various offers.

“Making New Yorkers withstand stressful and extended delays to cancel a subscription for mental health care coverage is unacceptable,” said New York Attorney General Letitia James in a press release. “It is illegal and unfair to make consumers spend extra time or jump through hoops to try to cancel a subscription they no longer need. The law is clear that companies must make it easy and simple to end a subscription and my office will continue to hold them to that standard.”

Further, the OAG discovered that the company would charge subscribers an extra month if the cancelation processes were initiated during billing dates. Cerebral also charged consumers for treatment services when no providers were available to provide the treatment.

In addition to a burdensome cancelation process and extra charges, the investigation found that Cerebral illegally directed employees to manipulate online reviews. The company told employees to post anonymous fake reviews, ‘upvote’ positive reviews while ‘downvoting’ negative ones, and ask subscribers to remove negative reviews. According to the press release, employees were instructed to tell subscribers, “We wouldn’t want anything online to deter someone from seeking mental health care and that’s really why we ask people if they are willing to” change or remove their negative review.

The OAG has entered into an agreement with Cerebral, in which the company will pay $200,000 in penalties and $540,162 in restitution, which will be distributed to 16,552 New York mental healthcare consumers. The company must make the restitution payment within 90 days.

Cerebral is also improving its cancellation process. Soon after the OAG began its investigation, the company created a “click-to-cancel” process and implemented other OAG recommendations regarding disclosures and refunds.

The investigation and resulting restitution and penalty agreement come after the Federal Trade Commission also launched an investigation into Cerebral’s subscription billing and cancellation processes. According to a letter obtained by the Wall Street Journal in June 2022, several patients complained about challenges in closing their Cerebral accounts and getting refunded for services. Some patients even had to ask their financial institutions to block the company, the letter notes.

Amid these investigations, Cerebral announced a significant data breach. Last March, the company notified more than 3.1 million users of a data breach stemming from its use of tracking pixels.

One of the largest healthcare data breaches reported to the Department of Health and Human Services (HHS) last year, the incident involved the disclosure of various data, including names, phone numbers, IP addresses, email addresses, and dates of birth. Additionally, insurance co-pay amounts, subscription types, booking and treatment information, and health insurance information may have been disclosed.

Next Steps

Dig Deeper on Telehealth