8 Min Read

Hijacked Without Consent: The Growing Threat to Your Practice’s Online Presence

Brad Brenner, Ph.D.

Why it matters:

Unauthorized third-party platforms can change how potential clients reach out to you. When these platforms take over the ‘Book Online’ or ‘Schedule’ button on your Google Business Profile without your consent, it disrupts the way clients connect with you, damages trust, and can even break HIPAA rules, putting your practice at risk.

The Big Picture:

  • Client Trust at Risk: When third-party platforms control your booking buttons, clients are redirected to unverified systems, potentially exposing their sensitive data to unknown entities.
  • Data Privacy Concerns: These platforms can collect and handle client information without your consent, violating the trust you’ve built with your clients and raising serious HIPAA concerns.
  • Lack of Control: Once a third party hijacks your ‘Book Online’ button, removing them is complex, leaving therapists with limited control over their own profiles.
  • Wider Impact: Unauthorized access to your GBP not only risks client confidentiality but also threatens public trust in mental health services.

What to do:

  • Request Removal: Contact third-party platforms like ooot.com and ClinicSoftware.com to request removal through their deletion processes.
  • Monitor Regularly: Frequently check your GBP for unauthorized changes.
  • Secure Your Profile: Use tools to lock your profile and prevent unwanted changes.
  • Advocate for Change: Raise awareness within the mental health community and professional organizations to push for stronger protections from third-party interference.

Understanding the Impact of Unauthorized Google Business Profile Hijacking on Your Practice

Imagine this: You’ve spent time claiming and managing your Google Business Profile (GBP) to ensure your practice is accurately represented online. You carefully review your profile to ensure clients can find and contact you directly. Yet, despite all of this, a third-party company manages to take control of a key feature on your profile—the ‘Book Online’ or ‘Schedule’ button—without your consent.

This is not an oversight or an isolated glitch. It’s a practice that has begun affecting therapists nationwide, with companies like ooot.com and ClinicSoftware.com inserting themselves into your profile. What’s worse, they make it appear that your practice has partnered with them when you have no agreement or affiliation.

This isn’t just a minor inconvenience—it’s a serious breach of trust and control over your own practice.

Misleading Clients and Undermining Trust

When clients search online, visit your profile, and click on the ‘Book Online’ or “Schedule” button, they assume they are scheduling directly with you. However, they are redirected to a third-party platform that has no legitimate connection to your practice. This unauthorized access misleads clients and compromises the essential trust in a therapeutic relationship.

Take a look at the example below:

example of Book Online hijacking

In the example, the ‘Schedule’ button would seem to be a direct link to your practice’s appointment scheduling system (whatever that may be—often a secure contact form you control). Still, potential clients are unknowingly funneled to a third-party platform. This adds confusion and potentially puts sensitive potential client data at risk.

As mental health professionals, we are entrusted with highly sensitive information from our clients—even at the inquiry stage. Under HIPAA, when someone contacts your practice to schedule an appointment or inquire about services, their contact details and the fact that they seek care are considered Protected Health Information (PHI). Allowing a third-party platform to collect this data without explicit consent violates ethical and legal standards. Worse still, as the practice owner, you have no control over how these companies store or use this information.

Data Privacy and Cross-Border Concerns

To add to the concern, companies like ooot.com and ClinicSoftware.com appear to be based outside of the United States—in the United Kingdom. This raises significant data privacy issues, as client information may be transmitted across international borders, where different privacy regulations apply. As a practice owner, you have no way of knowing how this data is being handled or whether it’s being safeguarded to the standards required under U.S. law, specifically HIPAA.

Even if these companies aren’t knowingly acting with malicious intent, they are still creating a serious problem by bypassing your consent and placing client data at risk. When prospective clients reach out to you, their contact information and the fact that they are seeking care are protected under HIPAA. By allowing third-party platforms to collect this sensitive data without authorization, the privacy and trust that clients expect from mental health services are being eroded. This isn’t good for your practice, and its not good for the public’s confidence in the confidentiality of mental health care.

Google’s Role: Complicit in the Problem?

This situation isn’t just about third-party companies acting without consent; Google plays a significant role in enabling this issue. As a Google Partner, companies like ooot.com are able to add their services to the ‘Book Online’ button on your Google Business Profile (GBP), often without the practice owner’s knowledge or permission.

Here’s why Google’s current approach is problematic:

  • No Blocking Option: Google allows business owners to specify how clients should contact them—whether by directing them to a page on their practice website, by phone, or by email. However, even if you’ve set your preferred contact method, there is no way to block unauthorized third-party platforms from attaching themselves to the ‘Book Online’ or ‘Schedule’ button. Despite your efforts to guide clients to contact you directly, platforms like ooot.com and others can hijack this feature and redirect potential clients elsewhere without your consent.
  • No Simple Way to Remove Third Parties: Once you discover that a third-party platform has hijacked your ‘Book Online’ of ‘Schedule’ button, Google does not provide an easy or direct way to remove it. You are left to navigate a complicated process to request removal, often relying on the third-party platform itself to take action. This lack of direct control over your own profile leaves you vulnerable to ongoing interference.
  • Limited Control for Business Owners: Even if a practice owner has claimed and actively manages their profile, third-party services can still be inserted without consent.
  • Burden on Practice Owners: It becomes the responsibility of the therapist or practice owner to notice these changes, request removal with the third party, and navigate a complex process that should never have existed in the first place.
  • Contradictory System: Google encourages professionals to claim and manage their profiles but doesn’t provide the tools necessary to prevent unauthorized interference, creating a contradictory system that leaves therapists vulnerable.

For a platform designed to help businesses manage their online presence, Google’s lack of stronger controls makes it nearly impossible for therapists to protect their profiles from unwanted intrusion fully.

Taking Action: How Therapists Can Protect Their Practice

Despite the challenges, there are steps therapists can take to protect their practice and client data in this specific instance:

  1. Request Removal from ooot.com (or other third-party platforms): If your Google Business Profile has been hijacked by ooot.com or a similar platform, you can request removal by following the steps provided by ClinicSoftware.com. This involves completing their Deletion Request Form, after which they claim it takes 24-48 hours for Google’s servers to update and remove the link.
    • How to gather your GBP link: For the request, you will need the URL of your Google Business Profile. The easiest way to get this is to go to your profile (search your name or practice name) on Google Maps and click the ‘Share’ button to copy the link.
    • Link to Deletion Request Form
  2. Reach Out to Google Support: In addition to requesting removal from third parties, report the issue to Google using their complaints form for third-party policy violations. While this process may not guarantee an immediate solution, it’s essential to document the issue and push for Google to take action.
  3. Advocate for Industry Change: Spread the word to fellow therapists and mental health professionals. Contact your state and national professional organizations, such as the:
    • American Psychological Association (APA)
    • American Counseling Association (ACA)
    • National Association of Social Workers (NASW)
    • American Association for Marriage and Family Therapy (AAMFT)
    • National Board for Certified Counselors (NBCC)
    • State-specific psychological associations

By advocating collectively, we can push for better protections from third-party interference. Additionally, share this information on listservs, therapist Facebook groups, and other networks to ensure your colleagues and our therapist community are informed and empowered to act.

Protecting Your Google Business Profile from Unauthorized Access

Maintaining the integrity of your Google Business Profile (GBP) is essential to safeguard your practice’s online presence and client trust. While Google doesn’t offer a direct “lock” feature for business profiles, you can implement the following measures to minimize unauthorized changes:​

  1. Restrict Access: Ensure that only essential personnel can manage your GBP. Limiting access reduces the risk of unauthorized modifications.
  2. Regular Monitoring: Frequently review your profile to identify any unexpected changes. Prompt detection allows for timely corrective actions.​
  3. Engage with Trusted Management Tools: Consider using reputable third-party services that offer enhanced security and monitoring for your GBP. For instance, we’re aware that SearchAtlas provides tools to help businesses maintain accurate and secure online profiles.​ Other companies have developed similar tools.

Implementing these strategies can help you better protect your GBP from unauthorized access and ensure that clients interact with accurate and trustworthy information about your practice.​

Why This Matters: Defending Client Trust and Ethical Standards

As therapists, our work is grounded in trust. Clients come to us during some of the most vulnerable times in their lives, and they rightly expect their information to be treated with the utmost care and confidentiality. Unauthorized access by third-party platforms can undermine that trust, potentially affecting clients’ confidence in mental health services.

When client data is handled without consent, it raises concerns beyond business operations and touches on the ethical standards that guide our profession. Protecting this sensitive information helps clients feel safe and supported when they reach out for help. Maintaining this trust is important for our practices and the broader integrity of mental health care.

The Importance of Vigilance: Staying Ahead of Third-Party Intrusions

While these third-party intrusions can be frustrating, they highlight the need for vigilance in managing your online presence. Google Business Profiles are often the first point of contact for potential clients, making it essential that therapists maintain control over how they are represented. Checking your profile regularly for unauthorized changes, like third-party booking links, ensures your practice stays aligned with the ethical standards and trust you’ve built with your clients.

Even if you’ve already claimed and actively manage your Google Business Profile, it’s clear that additional steps are necessary to stay ahead of these types of intrusions. By staying proactive and monitoring your profile regularly, you can mitigate the risks and ensure that clients always interact directly with your practice.

Encouraging Collective Action: Advocating for Stronger Protections

While individual vigilance is important, this issue also calls for collective action. Therapists and other mental health professionals can come together to raise awareness about the risks of third-party intrusions into their Google Business Profiles. Sharing experiences within the community can help highlight the scope of the problem and apply pressure for better solutions.

By advocating for stronger protections—both from Google and within the industry—therapists can push for more transparent, secure systems that safeguard client privacy and prevent unauthorized access to practice profiles. Contact your state and national professional organizations (APA, ACA, NASW, AAMFT, NBCC, etc.), and consider engaging with professional networks, listservs, and therapist groups on social media. Together, the mental health community can create a powerful collective voice to drive meaningful change.

WithTherapy: Your Ally in Defending Your Practice and Client Trust

At WithTherapy, we see ourselves as more than just a platform — we’re an ally for therapists in the ongoing fight to protect their practices and uphold ethical standards. As digital tools, automation, and AI continue transforming how people connect with mental health services, we recognize that these changes come with opportunities and risks.

The unauthorized access to your Google Business Profile by third-party platforms like ooot.com is just one example of how quickly technology can disrupt the trusted relationship between therapists and their clients. With AI and automation advancing rapidly, these intrusions may only accelerate, making it even more critical for therapists to stay vigilant and informed.

We’re committed to providing the resources and tools you need to navigate this challenging landscape. Whether by offering insights on safeguarding your online presence or advocating for stronger protections, WithTherapy is here to help you maintain control over your practice and protect the trust central to your work.

Final Thoughts: Protecting Client Trust in a Digital Age

In an increasingly digital world, where more clients find therapists online, ensuring that our online presence aligns with the ethical standards we uphold in our work is critical. Unauthorized third-party platforms should not be able to insert themselves into the relationship between therapists and their clients. Protecting that connection is key to maintaining the trust and confidentiality that our profession depends on.

While there are steps that therapists can take to address these intrusions, the broader issue calls for collective awareness and advocacy. By working together and raising our voices through professional organizations and networks, we can push for the changes needed to keep mental health services grounded in the ethical standards that make therapy a safe space for everyone seeking help.

Connect with the right therapist for you

Ready to find support and address your challenges? Schedule with a therapist uniquely matched to you.

You’re at the heart of a reimagined therapist search platform.

Find Your Healthier WithTherapy

Let’s Get Started

Connect with the right therapist for you