USA compliance for digital coaches

Digital coaches operating in the USA must navigate a complex landscape of federal and state regulations. Key compliance areas include consumer protection and marketing, privacy and health data, taxes and business structure, business registration, state-specific laws, communications, scope of practice, insurance, and accessibility. Federal Consumer Protection & Marketing (FTC): Marketing claims must be truthful, not deceptive, and supported by evidence. Avoid promising guaranteed results and ensure substantiation for objective claims. When using endorsements or testimonials, follow the FTC Endorsement Guides (including 2023 updates), disclosing material connections and ensuring truthfulness and representativeness. Be aware of telemarketing regulations, including the Telemarketing Sales Rule and the Do Not Call Registry, if engaging in telemarketing activities. Privacy, Health Data & HIPAA (HHS): HIPAA primarily applies to covered entities (health plans, most healthcare providers conducting standard electronic transactions) and their business associates. Coaches are generally not automatically covered by HIPAA unless they are part of a HIPAA-covered entity or handle Protected Health Information (PHI) for one. If you do handle PHI for a covered entity, you must adhere to HIPAA rules and sign Business Associate Agreements (BAAs) where required. Taxes, Business Structure & Reporting (IRS): Choosing the correct business entity (sole proprietor, LLC, corporation, or S-corp) is crucial as it impacts tax filing and reporting. LLCs, formed under state law, offer liability protection, with tax treatment depending on elections. Self-employed individuals must account for self-employment tax and make estimated quarterly payments. Follow IRS guidance for required information returns (e.g., 1099s). Business Registration, State Filings, FinCEN/BOI Reporting (SBA): Register your business with state authorities (e.g., Secretary of State) based on your structure and location. Obtain an Employer Identification Number (EIN), register DBAs if applicable, and secure a registered agent for LLCs/corporations. If operating in multiple states, consider foreign qualification. Be aware of Beneficial Ownership Information (BOI) reporting requirements under the Corporate Transparency Act (FinCEN) where applicable. State Law Variation (Privacy & Sales Tax): Several states have enacted consumer privacy laws (e.g., California CPRA/CCPA, Virginia, Colorado, Connecticut, Utah). These laws are state-specific, imposing duties like privacy notices, consumer rights, and potential data inventories/opt-out mechanisms for certain businesses. Consult authoritative trackers (like NCSL/IAPP) for current state-by-state rules and thresholds. The taxability of online coaching, courses, subscriptions, and digital goods varies significantly by state. If you have nexus (physical presence, employees, significant sales, or economic nexus thresholds) in a state, you may need to register and collect state sales tax. Refer to state Department of Revenue guidance or sales-tax automation services. Communications & Marketing Laws (Email/SMS/Payment Processors): CAN-SPAM and related federal rules govern commercial email, requiring accurate headers, subject lines, an opt-out mechanism, and prompt honoring of unsubscribe requests. The TCPA regulates telephone calls and SMS; obtain express consent before sending marketing texts or using automated dialing. Payment processors (e.g., Visa, Mastercard, PayPal) have rules regarding subscriptions, free trials, and transparent disclosure for automatic renewals; ensure clear consent and billing disclosures to prevent chargebacks and penalties. Scope of Practice, Disclaimers & Client Contracts: Clearly define your coaching scope and include disclaimers stating that you are not providing therapy, medical, legal, or financial advice if you are not licensed to do so. Maintain a robust client agreement covering services, fees, confidentiality limits, cancellation/refund policies, dispute resolution, session recording consent, and intellectual property ownership of course materials. Insurance & Security: Professional liability (Errors & Omissions) and cyber liability insurance are highly recommended. Cyber liability insurance helps cover data breaches and privacy incidents. Use secure, encrypted platforms for client sessions, store client data securely, and document data retention/destruction policies. Accessibility & Other Regulatory Considerations: Website accessibility, adhering to ADA and web accessibility best practices (e.g., WCAG), can reduce litigation risk. Include accessibility statements on your website. State-Specific Notes and Priorities: All states: Register your business where you are based; consider foreign qualification if you have sales or regular business activity in other states. Sales tax: Check the sales tax regulations in your customers' states if you sell digital programs or subscriptions. Major states like NY, CA, TX, and FL have specific guidance, and nexus rules and taxable product lists vary. Privacy: California (CCPA/CPRA) has extensive consumer privacy obligations. Other states (VA, CO, CT, UT) have their own thresholds and definitions; check specific state laws and enforcement dates. Licensing boundary with counseling/therapy: Many states regulate practicing therapy without a license. Maintain a documented scope of practice and establish referral procedures for clients needing clinical care. Practical Compliance Checklist (Prioritized): 1. Business formation: Choose your entity, file with the state Secretary of State, obtain an EIN, set up a business bank account, and get a registered agent. Consider BOI reporting to FinCEN if required. 2. Contracts & client documentation: Create a client agreement, informed-consent disclaimers, a scope-of-practice statement, a refund/cancellation policy, and Terms of Service and a privacy policy for your website. 3. Privacy & data security: Implement a privacy policy; assess HIPAA applicability; use encryption for video and data storage; and consider BAAs where necessary. 4. Marketing compliance: Update website claims to be supportable; implement testimonial/disclosure practices; ensure email (CAN-SPAM) and SMS (TCPA) compliance. 5. Tax & sales tax: Register for state sales tax if nexus exists; track revenue by state; plan for estimated taxes; and consult a CPA for state-specific taxability of services. 6. Insurance: Secure professional liability and cyber insurance policies. 7. Accessibility & accessibility statement: Implement accessibility improvements and document your efforts. 8. Ongoing: Maintain a compliance calendar for annual reports, renewals, policy reviews, and contract updates. Recommended Next Steps for the User: Conduct a state-specific check for: sales-taxability of coaching/digital products in your state(s), local business licenses, and any particular coach background or licensing rules in your state. If you handle health-related information or coach in a healthcare context, consult legal counsel regarding HIPAA applicability and BAAs. Update marketing materials to meet FTC guidance, including documenting substantiation for claims and required disclosures for endorsements/testimonials. Engage a CPA for state nexus and sales-tax registration and an attorney to draft or review contracts and scope-of-practice/disclaimers.