8 Min Read
Unauthorized third-party platforms can change how potential clients reach out to you. When these platforms take over the ‘Book Online’ or ‘Schedule’ button on your Google Business Profile without your consent, it disrupts the way clients connect with you, damages trust, and can even break HIPAA rules, putting your practice at risk.
Imagine this: You’ve spent time claiming and managing your Google Business Profile (GBP) to ensure your practice is accurately represented online. You carefully review your profile to ensure clients can find and contact you directly. Yet, despite all of this, a third-party company manages to take control of a key feature on your profile—the ‘Book Online’ or ‘Schedule’ button—without your consent.
This is not an oversight or an isolated glitch. It’s a practice that has begun affecting therapists nationwide, with companies like ooot.com and ClinicSoftware.com inserting themselves into your profile. What’s worse, they make it appear that your practice has partnered with them when you have no agreement or affiliation.
This isn’t just a minor inconvenience—it’s a serious breach of trust and control over your own practice.
When clients search online, visit your profile, and click on the ‘Book Online’ or “Schedule” button, they assume they are scheduling directly with you. However, they are redirected to a third-party platform that has no legitimate connection to your practice. This unauthorized access misleads clients and compromises the essential trust in a therapeutic relationship.
Take a look at the example below:
In the example, the ‘Schedule’ button would seem to be a direct link to your practice’s appointment scheduling system (whatever that may be—often a secure contact form you control). Still, potential clients are unknowingly funneled to a third-party platform. This adds confusion and potentially puts sensitive potential client data at risk.
As mental health professionals, we are entrusted with highly sensitive information from our clients—even at the inquiry stage. Under HIPAA, when someone contacts your practice to schedule an appointment or inquire about services, their contact details and the fact that they seek care are considered Protected Health Information (PHI). Allowing a third-party platform to collect this data without explicit consent violates ethical and legal standards. Worse still, as the practice owner, you have no control over how these companies store or use this information.
To add to the concern, companies like ooot.com and ClinicSoftware.com appear to be based outside of the United States—in the United Kingdom. This raises significant data privacy issues, as client information may be transmitted across international borders, where different privacy regulations apply. As a practice owner, you have no way of knowing how this data is being handled or whether it’s being safeguarded to the standards required under U.S. law, specifically HIPAA.
Even if these companies aren’t knowingly acting with malicious intent, they are still creating a serious problem by bypassing your consent and placing client data at risk. When prospective clients reach out to you, their contact information and the fact that they are seeking care are protected under HIPAA. By allowing third-party platforms to collect this sensitive data without authorization, the privacy and trust that clients expect from mental health services are being eroded. This isn’t good for your practice, and its not good for the public’s confidence in the confidentiality of mental health care.
This situation isn’t just about third-party companies acting without consent; Google plays a significant role in enabling this issue. As a Google Partner, companies like ooot.com are able to add their services to the ‘Book Online’ button on your Google Business Profile (GBP), often without the practice owner’s knowledge or permission.
Here’s why Google’s current approach is problematic:
For a platform designed to help businesses manage their online presence, Google’s lack of stronger controls makes it nearly impossible for therapists to protect their profiles from unwanted intrusion fully.
Despite the challenges, there are steps therapists can take to protect their practice and client data in this specific instance:
By advocating collectively, we can push for better protections from third-party interference. Additionally, share this information on listservs, therapist Facebook groups, and other networks to ensure your colleagues and our therapist community are informed and empowered to act.
Maintaining the integrity of your Google Business Profile (GBP) is essential to safeguard your practice’s online presence and client trust. While Google doesn’t offer a direct “lock” feature for business profiles, you can implement the following measures to minimize unauthorized changes:
Implementing these strategies can help you better protect your GBP from unauthorized access and ensure that clients interact with accurate and trustworthy information about your practice.
As therapists, our work is grounded in trust. Clients come to us during some of the most vulnerable times in their lives, and they rightly expect their information to be treated with the utmost care and confidentiality. Unauthorized access by third-party platforms can undermine that trust, potentially affecting clients’ confidence in mental health services.
When client data is handled without consent, it raises concerns beyond business operations and touches on the ethical standards that guide our profession. Protecting this sensitive information helps clients feel safe and supported when they reach out for help. Maintaining this trust is important for our practices and the broader integrity of mental health care.
While these third-party intrusions can be frustrating, they highlight the need for vigilance in managing your online presence. Google Business Profiles are often the first point of contact for potential clients, making it essential that therapists maintain control over how they are represented. Checking your profile regularly for unauthorized changes, like third-party booking links, ensures your practice stays aligned with the ethical standards and trust you’ve built with your clients.
Even if you’ve already claimed and actively manage your Google Business Profile, it’s clear that additional steps are necessary to stay ahead of these types of intrusions. By staying proactive and monitoring your profile regularly, you can mitigate the risks and ensure that clients always interact directly with your practice.
While individual vigilance is important, this issue also calls for collective action. Therapists and other mental health professionals can come together to raise awareness about the risks of third-party intrusions into their Google Business Profiles. Sharing experiences within the community can help highlight the scope of the problem and apply pressure for better solutions.
By advocating for stronger protections—both from Google and within the industry—therapists can push for more transparent, secure systems that safeguard client privacy and prevent unauthorized access to practice profiles. Contact your state and national professional organizations (APA, ACA, NASW, AAMFT, NBCC, etc.), and consider engaging with professional networks, listservs, and therapist groups on social media. Together, the mental health community can create a powerful collective voice to drive meaningful change.
At WithTherapy, we see ourselves as more than just a platform — we’re an ally for therapists in the ongoing fight to protect their practices and uphold ethical standards. As digital tools, automation, and AI continue transforming how people connect with mental health services, we recognize that these changes come with opportunities and risks.
The unauthorized access to your Google Business Profile by third-party platforms like ooot.com is just one example of how quickly technology can disrupt the trusted relationship between therapists and their clients. With AI and automation advancing rapidly, these intrusions may only accelerate, making it even more critical for therapists to stay vigilant and informed.
We’re committed to providing the resources and tools you need to navigate this challenging landscape. Whether by offering insights on safeguarding your online presence or advocating for stronger protections, WithTherapy is here to help you maintain control over your practice and protect the trust central to your work.
In an increasingly digital world, where more clients find therapists online, ensuring that our online presence aligns with the ethical standards we uphold in our work is critical. Unauthorized third-party platforms should not be able to insert themselves into the relationship between therapists and their clients. Protecting that connection is key to maintaining the trust and confidentiality that our profession depends on.
While there are steps that therapists can take to address these intrusions, the broader issue calls for collective awareness and advocacy. By working together and raising our voices through professional organizations and networks, we can push for the changes needed to keep mental health services grounded in the ethical standards that make therapy a safe space for everyone seeking help.