December 26, 2025 • 11 mins
If the idea of delegating in your practice immediately brings up fear about HIPAA, confidentiality, or losing control, this episode is for you. In this solo episode, I’m breaking down exactly what you can delegate right now (and what you shouldn’t) so you can protect your license while still getting critical tasks off your plate.
I walk through real-world examples of delegation, from marketing tasks and intake calls to inbox management and follow-ups, and I clear up a lot of the myths therapists carry around about HIPAA. I explain how HIPAA actually works in practice, why delegating the wrong things first can waste time and money, and how proper training—not avoidance—is what keeps your practice safe as you grow.
If your practice feels like you’re “building the plane while flying it,” or you know an uptick in clients is coming and your systems aren’t ready yet, this episode will help you get grounded and move forward with confidence instead of fear.
In this episode, you’ll learn:
- What I recommend delegating first in a therapy practice, like intake calls, follow-ups, basic marketing workflows, and inbox management, without violating HIPAA
- How I think about training and onboarding VAs, including HIPAA education, clear boundaries, and realistic expectations
- Why I stopped using long written SOPs and switched to short screen-recorded workflows, and how that reduced mistakes
- How to tell the difference between tasks that actually move you toward revenue and ones that just keep you busy
If you’re ready to stop doing everything yourself and start building systems that support your growth, this episode gives you a practical, HIPAA-aware place to start.
If you’re ready to lead with confidence, join the 2026 Supervisor Course waitlist for early access to bonus tools, templates, and fast-track grading. Strengthen your systems today with the free Supervision Onboarding Checklist, and get ongoing CEUs and live coaching inside the Step It Up Membership. You’re not just building a practice, you’re building a legacy.
Get your step by step guide to private practice. Because you are too important to lose to not knowing the rules, going broke, burning out, and giving up. #counselorsdontquit.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_00 (00:00):
Does that guarantee that there will never be a
(00:02):
breach, right?
No, nothing can guarantee that.
But you can at least do your duediligence.
Welcome to Bandest Therapists,building practices of life.
It's all about working smarter,not harder.
(00:24):
And here's your host, Dr.
Kate Wilhelm.
Recruiting who leads in thepower of a positive mindset.
I hope you're having a wonderfulholiday season.
December 25th is my birthday.
So just like you, I'm taking awell-deserved break.
But I still wanted to get thisepisode to you because it's a
big one.
(00:45):
What to delegate first?
If you want 2026 to feeldifferent, this is the move that
changes everything.
And yes, the December bonus willhelp get you started.
Now, let's get to work.
Hey, I'm Dr.
Kate Walker.
Welcome to your coaching.
(01:05):
Let's talk about HIPAA and yourVA.
All right, so the first thingwith a VA, and I talked about
this a little bit last time, isto think about why you want to
use a VA, right?
Because I know uh last time, Ithink when we talked about this,
I talked somebody out of gettinga VA because it was something
(01:28):
that could be automated withscheduling software.
If you're thinking about a VA, Iwould love to have some
conversation around why youthink you need one and what
exactly you're trying to giveaway.
Because if you have been with mefor any period of time, you know
that if it is something outsideof your zone of genius or even
(01:49):
your zone of expertise, andthese are from Gay Hendrick's
book, The Big Leap, great book,highly recommend.
But if it's outside of your zoneof expertise or excellence or
genius, you probably should farmit out.
So things like bookkeeping oraccounting or you know,
financial planning, if that isnot in your zone of competence,
(02:11):
excellence, genius, yes, hire itout.
But what we're talking aboutwith a virtual assistant is
especially for those of you whoare standalone practices, you're
kind of off by yourself.
You want, you don't have abuilding, you don't necessarily
have a chair and a desk forsomeone to sit in at the front
office where you can just walkdown the hallway and knock on
(02:32):
the door and say, Hey, do youneed anything?
A virtual assistant has to bevery, very self-motivated, very
self-starter, the ability tofollow directions.
And we've talked about SOP or astandard operating procedure.
They should be able to follow anSOP very, very well.
They should be greatcommunicators.
(02:53):
So if they do hit a point inyour SOP and they don't know
what to do, they should know howto contact you and know not to
just bug you about things, butto be able to say, hey, I'm
stuck, I need help here.
But when it gets down to HIPAA,you know, a lot of folks will
talk about a BAA, which is agreat thing.
(03:14):
But when you're talking about aperson, it's not a great thing.
And here's why.
So a business associateagreement is something that a
company will offer you, not theother way around.
A company will offer you, andit's a company generally that
stores protected healthinformation, not just comes in
(03:37):
contact with it, but actuallystores protected health
information.
And so with that BAA, they offerit to you by and they say, hey,
look, we're gonna partner withyou in liability.
So we're not saying we'reperfect, we're not saying that
we can end all, be all, andguarantee 100% that there will
(03:57):
never be a breach.
And if they do, check that theymay have some oceanfront
property in Arizona that they'reselling as well.
But I mean, if they do, great.
But what the BAA does, it says,okay, if something bad happens,
we will partner with youfinancially.
We will partner with you as faras informing clients.
(04:19):
Because remember, if it's lessthan 500, you do one thing.
If it's more than 500 people,you have to contact the media.
So there's a lot you have to doif there's an information
breach.
And that's why you want acompany, especially a big
company like Google or Zoom, tobe able to offer you that
guarantee, the guarantee they'llpartner with you if they are
(04:42):
offering a HIPAA compliantproduct.
And so, you know, telehealth isrelatively new to us because of
COVID, but I mean, medicine hasbeen doing this for a long, long
time.
So having a company that storesfiles or who provides
telehealth, and they say, hey,we have this HIPAA compliant
product over here that costs alittle bit more, but we will
(05:04):
sign the BAA.
The BAA, you take it, youdownload it, you put it in a
file, or you know, drag and dropor whatever.
That does not work with people,right?
Because you may have someone, avirtual assistant, who's going
to come in contact with yourPHI, but they're not storing
your PHI.
(05:24):
And they're not going to sharefinancial liability with you for
being in contact with that PHI.
So if they offer you a businessassociate agreement, I would be
like, no, I don't, I don't, Idon't believe you could hold up
to that BAA and that level ofliability.
(05:46):
Quick break.
If you haven't grabbedDecember's bonus yet, go get it.
I put together the practicereset cheat sheet to help you
clean up your systems, tightenyour HIPAA basics, and walk into
2026 without dragging thisyear's mess behind you.
It's totally free for podcastlisteners.
Just go toKateWalkertraining.com slash
(06:08):
bonus.
And the same thing, you know,you offering them a BAA doesn't
make any sense because you'renot going to protect their
protected health information.
So you if you follow me.
But what can help if you aregoing to use a person to
interact with protected healthinformation, either they're
(06:31):
answering the phone, they'rehelping you file, they are doing
your billing, something wherethey're coming in contact with
clients and or protected healthinformation is to train them.
Right.
So remember in the HIPAAself-audit that won't make you
panic, and that should be goingin your profile this month.
(06:52):
But if you were there, if youwere there live, you saw this,
you do a self-audit every yearidentifying the things that
you're doing well andidentifying the things that
you're not doing so well, orthe, you know, I think of them
as holes in the fence, right?
So, you know, if you candocument that every year,
everybody on your team, fromlicensed personnel to
(07:15):
non-licensed personnel tovirtual assistants in the
Philippines, are taking a HIPAAtraining and they have to
provide documentation.
So they have to give you acertificate that says they took
the HIPAA training, then you canconfidently report in your
self-audit that you requireHIPAA training and 100% of your
(07:38):
office staff is compliant withthat.
Now, does that guarantee thatthere will never be a breach,
right?
No, nothing can guarantee that.
House Bill 300, which mirrorsHIPAA, it's a little bit more
(08:02):
stringent with the training.
So just to be on the safe side,you could require HIPAA training
once a year.
And now not only are you doingthe whole CYA, but your staff is
actually well trained.
The other thing going uh thevirtual assistant route, if
you're gonna have them interactwith protected health
(08:23):
information, you know, if you'regoing to a company like Fiverr
or Upwork, I've used both, youcan look for specialists who
interact with protected healthinformation.
So if you attended the livewebinar where I interviewed
Urban and I interviewedJennifer, my virtual assistants,
you know, that's one of thethings Urban says is, you know,
(08:43):
when you hire us, you're hiringskilled labor.
So you shouldn't have to, inother words, if I'm advertising
that I interact with HIPAA, Ican communicate with clients, I
have training in this.
You shouldn't have to reteach methat.
So do your due diligence aswell.
So when you're starting out withyour interview process, make
(09:04):
sure that you find skilledpersonnel who understand
protected health information.
So, you know, that's half thebattle.
Other things that, you know,things like passwords, you know,
there's software.
That's not necessarily HIPAA,but I know it's concerning,
right?
You don't want to sharepasswords with folks.
But there are other software outthere.
(09:25):
One of the ones I use is calledLastPass, LastPass.
And you can use that to sharepasswords without making it
visible.
Now, that doesn't outsmarttwo-factor identification.
So if you have something likeGoogle, it seems like every time
I switch Google profiles, it'slike you got to log in again.
You have to, you know, we wantto double check.
(09:45):
We're gonna send you a six-digitcode.
So that's one thing toincorporate into your SOP, but I
digress a little bit becausethat's not really HIPAA.
HIPAA is going to be more aboutthe training, making sure that
you document that you've trainedand that there's an official
HIPAA training out theresomewhere.
You can take mine, you can takeanybody's, but that you have
(10:06):
someone reliable that they cango interact with and learn HIPAA
so that you can plug them intothose client interacting spots.
But part of my presentationtoday is I was actually going to
try to talk you out of usingbooks to interact with HIPAA
because most software, I mean,it does that for you, right?
So if you're taking notes, ifyou have a filing system, you
(10:30):
should be able to have aHIPAA-compliant filing system.
The other thing would be maybeanswering calls.
And in that case, you know, I'mwondering if you have a great
practice, definitely probablyneed to hire someone.
And we've got Amanda Escabelgoing to give us a presentation
on that.
But if it's just you, I wouldwonder, okay, why aren't you
(10:51):
returning your own phone calls?
Before you go, grab December'sbonus, the practice reset cheat
sheet.
It's your quick guide tostarting 2026 with clearer
systems and less chaos.
Get it at KateWalkerTraining.com/slash bonus.
See you next week.
(11:17):
If you love today's episode, besure to leave a five-star
review.
It helps other badass therapistsfind the show and build
practices that thrive.
Big thanks to Ridgely Walker forour original fun facts and
podcast intro, and to CarlGuyanella for editing this
episode and making us soundamazing.
See you next week.
Does that guarantee that there will never be a
(00:02):
breach, right?
No, nothing can guarantee that.
But you can at least do your duediligence.
Welcome to Bandest Therapists,building practices of life.
It's all about working smarter,not harder.
(00:24):
And here's your host, Dr.
Kate Wilhelm.
Recruiting who leads in thepower of a positive mindset.
I hope you're having a wonderfulholiday season.
December 25th is my birthday.
So just like you, I'm taking awell-deserved break.
But I still wanted to get thisepisode to you because it's a
big one.
(00:45):
What to delegate first?
If you want 2026 to feeldifferent, this is the move that
changes everything.
And yes, the December bonus willhelp get you started.
Now, let's get to work.
Hey, I'm Dr.
Kate Walker.
Welcome to your coaching.
(01:05):
Let's talk about HIPAA and yourVA.
All right, so the first thingwith a VA, and I talked about
this a little bit last time, isto think about why you want to
use a VA, right?
Because I know uh last time, Ithink when we talked about this,
I talked somebody out of gettinga VA because it was something
(01:28):
that could be automated withscheduling software.
If you're thinking about a VA, Iwould love to have some
conversation around why youthink you need one and what
exactly you're trying to giveaway.
Because if you have been with mefor any period of time, you know
that if it is something outsideof your zone of genius or even
(01:49):
your zone of expertise, andthese are from Gay Hendrick's
book, The Big Leap, great book,highly recommend.
But if it's outside of your zoneof expertise or excellence or
genius, you probably should farmit out.
So things like bookkeeping oraccounting or you know,
financial planning, if that isnot in your zone of competence,
(02:11):
excellence, genius, yes, hire itout.
But what we're talking aboutwith a virtual assistant is
especially for those of you whoare standalone practices, you're
kind of off by yourself.
You want, you don't have abuilding, you don't necessarily
have a chair and a desk forsomeone to sit in at the front
office where you can just walkdown the hallway and knock on
(02:32):
the door and say, Hey, do youneed anything?
A virtual assistant has to bevery, very self-motivated, very
self-starter, the ability tofollow directions.
And we've talked about SOP or astandard operating procedure.
They should be able to follow anSOP very, very well.
They should be greatcommunicators.
(02:53):
So if they do hit a point inyour SOP and they don't know
what to do, they should know howto contact you and know not to
just bug you about things, butto be able to say, hey, I'm
stuck, I need help here.
But when it gets down to HIPAA,you know, a lot of folks will
talk about a BAA, which is agreat thing.
(03:14):
But when you're talking about aperson, it's not a great thing.
And here's why.
So a business associateagreement is something that a
company will offer you, not theother way around.
A company will offer you, andit's a company generally that
stores protected healthinformation, not just comes in
(03:37):
contact with it, but actuallystores protected health
information.
And so with that BAA, they offerit to you by and they say, hey,
look, we're gonna partner withyou in liability.
So we're not saying we'reperfect, we're not saying that
we can end all, be all, andguarantee 100% that there will
(03:57):
never be a breach.
And if they do, check that theymay have some oceanfront
property in Arizona that they'reselling as well.
But I mean, if they do, great.
But what the BAA does, it says,okay, if something bad happens,
we will partner with youfinancially.
We will partner with you as faras informing clients.
(04:19):
Because remember, if it's lessthan 500, you do one thing.
If it's more than 500 people,you have to contact the media.
So there's a lot you have to doif there's an information
breach.
And that's why you want acompany, especially a big
company like Google or Zoom, tobe able to offer you that
guarantee, the guarantee they'llpartner with you if they are
(04:42):
offering a HIPAA compliantproduct.
And so, you know, telehealth isrelatively new to us because of
COVID, but I mean, medicine hasbeen doing this for a long, long
time.
So having a company that storesfiles or who provides
telehealth, and they say, hey,we have this HIPAA compliant
product over here that costs alittle bit more, but we will
(05:04):
sign the BAA.
The BAA, you take it, youdownload it, you put it in a
file, or you know, drag and dropor whatever.
That does not work with people,right?
Because you may have someone, avirtual assistant, who's going
to come in contact with yourPHI, but they're not storing
your PHI.
(05:24):
And they're not going to sharefinancial liability with you for
being in contact with that PHI.
So if they offer you a businessassociate agreement, I would be
like, no, I don't, I don't, Idon't believe you could hold up
to that BAA and that level ofliability.
(05:46):
Quick break.
If you haven't grabbedDecember's bonus yet, go get it.
I put together the practicereset cheat sheet to help you
clean up your systems, tightenyour HIPAA basics, and walk into
2026 without dragging thisyear's mess behind you.
It's totally free for podcastlisteners.
Just go toKateWalkertraining.com slash
(06:08):
bonus.
And the same thing, you know,you offering them a BAA doesn't
make any sense because you'renot going to protect their
protected health information.
So you if you follow me.
But what can help if you aregoing to use a person to
interact with protected healthinformation, either they're
(06:31):
answering the phone, they'rehelping you file, they are doing
your billing, something wherethey're coming in contact with
clients and or protected healthinformation is to train them.
Right.
So remember in the HIPAAself-audit that won't make you
panic, and that should be goingin your profile this month.
(06:52):
But if you were there, if youwere there live, you saw this,
you do a self-audit every yearidentifying the things that
you're doing well andidentifying the things that
you're not doing so well, orthe, you know, I think of them
as holes in the fence, right?
So, you know, if you candocument that every year,
everybody on your team, fromlicensed personnel to
(07:15):
non-licensed personnel tovirtual assistants in the
Philippines, are taking a HIPAAtraining and they have to
provide documentation.
So they have to give you acertificate that says they took
the HIPAA training, then you canconfidently report in your
self-audit that you requireHIPAA training and 100% of your
(07:38):
office staff is compliant withthat.
Now, does that guarantee thatthere will never be a breach,
right?
No, nothing can guarantee that.
House Bill 300, which mirrorsHIPAA, it's a little bit more
(08:02):
stringent with the training.
So just to be on the safe side,you could require HIPAA training
once a year.
And now not only are you doingthe whole CYA, but your staff is
actually well trained.
The other thing going uh thevirtual assistant route, if
you're gonna have them interactwith protected health
(08:23):
information, you know, if you'regoing to a company like Fiverr
or Upwork, I've used both, youcan look for specialists who
interact with protected healthinformation.
So if you attended the livewebinar where I interviewed
Urban and I interviewedJennifer, my virtual assistants,
you know, that's one of thethings Urban says is, you know,
(08:43):
when you hire us, you're hiringskilled labor.
So you shouldn't have to, inother words, if I'm advertising
that I interact with HIPAA, Ican communicate with clients, I
have training in this.
You shouldn't have to reteach methat.
So do your due diligence aswell.
So when you're starting out withyour interview process, make
(09:04):
sure that you find skilledpersonnel who understand
protected health information.
So, you know, that's half thebattle.
Other things that, you know,things like passwords, you know,
there's software.
That's not necessarily HIPAA,but I know it's concerning,
right?
You don't want to sharepasswords with folks.
But there are other software outthere.
(09:25):
One of the ones I use is calledLastPass, LastPass.
And you can use that to sharepasswords without making it
visible.
Now, that doesn't outsmarttwo-factor identification.
So if you have something likeGoogle, it seems like every time
I switch Google profiles, it'slike you got to log in again.
You have to, you know, we wantto double check.
(09:45):
We're gonna send you a six-digitcode.
So that's one thing toincorporate into your SOP, but I
digress a little bit becausethat's not really HIPAA.
HIPAA is going to be more aboutthe training, making sure that
you document that you've trainedand that there's an official
HIPAA training out theresomewhere.
You can take mine, you can takeanybody's, but that you have
(10:06):
someone reliable that they cango interact with and learn HIPAA
so that you can plug them intothose client interacting spots.
But part of my presentationtoday is I was actually going to
try to talk you out of usingbooks to interact with HIPAA
because most software, I mean,it does that for you, right?
So if you're taking notes, ifyou have a filing system, you
(10:30):
should be able to have aHIPAA-compliant filing system.
The other thing would be maybeanswering calls.
And in that case, you know, I'mwondering if you have a great
practice, definitely probablyneed to hire someone.
And we've got Amanda Escabelgoing to give us a presentation
on that.
But if it's just you, I wouldwonder, okay, why aren't you
(10:51):
returning your own phone calls?
Before you go, grab December'sbonus, the practice reset cheat
sheet.
It's your quick guide tostarting 2026 with clearer
systems and less chaos.
Get it at KateWalkerTraining.com/slash bonus.
See you next week.
(11:17):
If you love today's episode, besure to leave a five-star
review.
It helps other badass therapistsfind the show and build
practices that thrive.
Big thanks to Ridgely Walker forour original fun facts and
podcast intro, and to CarlGuyanella for editing this
episode and making us soundamazing.
See you next week.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Bobby Bones Show
Listen to 'The Bobby Bones Show' by downloading the daily full replay.