Video and audio of therapy sessions, transcripts, and other patient records were accidentally exposed in a publicly accessible database operated by the virtual medical company Confidant Health.
I just think that third party middleman attacks should be mitigated wherever possible and so far, in looking at online therapy I've never seen one that can back up their claims of being private with data, just vague references to how secure it is.
It's a tricky situation, and I guess there's no good solution because either we have to trust the third party or just the therapist and if neither can be trusted, well...
it just speaks to a larger issue with society as a whole, how we treat mental health and especially that we need to pay in order to deal with our issues, and that it hasn't been understood yet that it's shameful and scary to come forward about problems because of certain laws, and the possibility of either the original scenario or the one you proposed.