Executive Assistant for Therapists and Clinic Owners: Reclaim Clinical Hours

Who this guide is for: and what it solves

This guide is written for U.S. solo therapists, group practice owners, and clinic executives evaluating a dedicated executive assistant (EA) or virtual assistant (VA) who will touch practice workflows and PHI. It focuses on practical delegation boundaries, HIPAA controls, payer/billing ops, engagement models, onboarding samples, and how to measure ROI so you can make a defensible hiring choice.

What an executive assistant for therapists actually does: day‑to‑day vs out‑of‑scope

An EA combines high‑level calendar and inbox management with specialized practice administration. Below are safe, typical delegated tasks and explicit out‑of‑scope items that must remain clinician‑owned unless credentials and supervision are in place.

Core day‑to‑day tasks (safe to delegate with controls)

• Calendar optimization and protected billable blocks; buffer rules for documentation time.
• Intake coordination: demographic collection, payer verification, consent forms, and appointment onboarding.
• Claims triage: ERA/EOB reconciliation, missing-claim follow-up, and initiating appeals per SOP.
• Telehealth setup and link distribution; basic troubleshooting (no clinical triage).
• Client reminders, automated confirm/cancel flows to reduce no‑shows.
• EHR admin: templates, headers, billing code entry support, bulk uploads for authorizations: clinician approval required for clinical text.
• Reporting: weekly revenue snapshots, claims aging, missed appointment logs.

Out‑of‑scope unless credentialed and supervised

• Authoring clinical progress notes, treatment plans, diagnoses, or safety/risk assessments.
• Performing clinical triage or making care decisions.
• Signing documents that legally require clinician or licensed staff signature (e.g., clinical records, certain release forms).

Tasks unique to therapy practices

Therapy practices commonly face payer complexity, sensitive intake conversations, and telehealth licensure nuances. A therapy‑experienced EA drives efficiency in these specific areas.

• Insurance verification and prior authorization workflows that vary by payer and CPT/HCPCS code.
• Claims denial pattern identification and payer‑specific appeals.
• Sensitive intake scripts for trauma, confidentiality, mandated‑reporting flags, and guardian consent for minors.
• Coordination of group therapy calendars, sliding scale waitlists, and clinician coverage.
• Integrating telehealth workflows with your EHR (SimplePractice, TherapyNotes, TheraNest) to reduce administrative friction.

HIPAA, BAAs, and security controls you must have

Outsourcing PHI handling changes your compliance posture. Require explicit contractual and technical controls before any assistant gets access.

• A signed Business Associate Agreement (BAA) that names the vendor or individual and scopes permitted uses of PHI.
• Least‑privilege, role‑based EHR accounts (no shared logins) with MFA and unique identities.
• Encryption in transit (TLS 1.2+ or equivalent) and at rest (AES‑256 or equivalent).
• Device management: mandate MDM on mobile devices, enforce full‑disk encryption, and password managers for credential handling.
• Audit logs and contractual audit rights; require regular access reviews and periodic activity reports.
• Subprocessor controls: vendor must disclose subprocessors and require the same security posture.
• Breach notification SLA: contractual requirement to notify the covered entity within a short, specified window (commonly 24–72 hours) on suspected incidents.
• Regular vendor security attestations (SOC 2 or equivalent) and evidence of penetration testing where applicable.

Sample BAA clauses to insist on

• Purpose‑limitation: specify exactly which PHI uses are permitted (scheduling, claims, intake).
• Breach notification timeline: vendor must notify within X hours (recommend 48–72 hours) and support remediation and OCR reporting.
• Subprocessor approval: vendor cannot add subprocessors without prior written notice and equivalent BAA terms.
• Audit and access: right to request activity logs and an annual security attestation (SOC 2 or equivalent).
• Encryption and MFA obligations: vendor must maintain encryption standards and MFA for remote access.

Regulatory boundaries: mandated reporting, minors, and telehealth licensure

Certain legal scenarios change delegation boundaries. Document how your EA must behave in each case and never rely on general assumptions.

• Mandated reporting: if an intake reveals abuse or imminent danger, EA must escalate immediately to the clinician and follow your incident SOP; EAs should not perform risk assessments or make reportable determinations.
• Minors and guardian consent: EAs may collect guardian demographics and consents but must not engage in clinical screening that could be interpreted as care; verify state rules for minors and confidentiality exceptions.
• Telehealth licensure: scheduling across state lines can create licensure risk: EAs should verify clinician licensure for the client's state before confirming telehealth sessions and flag cross‑state requests for clinician review.

Insurance & billing operational guidance (detailed)

Billing is one of the highest ROI areas for an EA who understands payer flows. Below are workflows, common denial reasons, and an appeals SOP you can implement.

1. 1ERA/EOB reconciliation workflow: (1) Daily pull of ERAs from clearinghouse; (2) Match to submitted claims and encounter dates; (3) Flag rejections/denials; (4) Assign owner for remediation with deadline; (5) Update patient balances and AR report.
2. 2Who does what: EA does step 1–3 and prepares remittance notes; clinician or billing lead approves write‑offs or clinical rationale needed for appeals.

Common denial categories and typical remediation

• Eligibility/member not active: verify membership and effective date, re‑submit when coverage confirmed.
• Authorization missing or insufficient: request prior auth (see sample auth email) and note authorization number on re‑submission.
• Coding or modifier errors: correct CPT/ICD pairings, attach clinical justification when needed.
• Timely‑filing or payer filing limits: escalate quickly; some payers allow late filing with appeal and justification.
• Coordination of benefits (COB): collect primary payer info and reprocess through correct payer sequence.

Sample 6‑step claims appeal SOP (EA role)

1. 1Identify denial and capture EOB/ERA reason code and payer notes (Day 0–2).
2. 2Research payer policy and determine appropriate documentation needed (Day 1–3).
3. 3Gather documentation: encounter records, authorization, signed treatment plan excerpts (clinician supplies clinical text) (Day 2–5).
4. 4Draft appeal letter/email and attach supporting docs; route to clinician for clinical sign‑off (Day 3–7).
5. 5Submit appeal via payer portal or mail; log submission date and expected response window (commonly 30–45 days).
6. 6If denied on appeal, escalate to secondary appeal with management review or external review where applicable (30–90 days).

Typical first‑appeal recovery rates vary by denial type and documentation quality; many practices see 15–50% recovery on first appeals for documentation or auth errors. Track your own rates in the KPI dashboard.

Get an executive assistant quote today.

Part-time or full-time support for calendar, inbox, travel, vendor follow-up, and personal logistics. Tell us what you need and we will scope the right plan.

Request quote

Professionals from top brands trust Aurora

Tech stack, clearinghouses, and integration caveats

Common EHRs for U.S. therapy practices are SimplePractice, TherapyNotes, TheraNest, and WebPT (rehab). Clearinghouses include Change Healthcare, Availity, Waystar, and OfficeAlly. Expect the following caveats:

• Not all plans or EHR tiers include deep integrations: check whether your EHR plan includes claims submission, ERA delivery, and API access.
• Clearinghouse formats and remittance layouts differ; map fields during onboarding and test end‑to‑end flows.
• Some EHRs restrict third‑party API access or require separate agreements for vendor assistants; include these needs in your RFP.

Engagement models, pricing signals, and common vendor traps

Watch for vendor traps: nonrefundable setup fees, minimum retainers with long terms, hidden per‑intervention charges, and vendors that resist BAAs or detailed audit access. Ask for a clear SOW and a 90‑day pilot option.

Onboarding checklist and 30/60/90‑day plan (expanded)

1. 1Day 0–7: Legal & secure access: sign BAA, provision unique EHR account, enable MFA and MDM, grant minimal permissions, and run background checks.
2. 2Day 7–30: Shadowing & SOP creation: assistant shadows intake, scheduling, and billing workflows; co‑author SOPs and test with scripts; run hiring test scenarios.
3. 3Day 30–60: Supervised execution: assistant performs tasks with clinician sign‑offs and daily QA checklists; log all exceptions.
4. 4Day 60–90: Autonomy & optimization: EA owns repeatable workflows, proposes small improvements, and shifts to weekly/monthly performance KPIs; finalize ramp cost amortization.

SOP snippets, templates, and delegation examples

Below are short, copy‑pasteable examples to adapt into your SOP library.

• Intake empathy script (first contact): “Thank you for contacting [Practice]. I’m [Name], and I’ll help get you scheduled. Before we book, I’ll confirm a few details and explain confidentiality and next steps: is this a safe time to talk?”
• Sample authorization request email (to payer or provider): “Subject: Prior Authorization Request for [Client Last Name], DOB: [MM/DD/YYYY]. Attached: CPT codes [XXX], service dates, signed consent, and clinical summary (clinician note attached). Please confirm auth number and effective dates or advise required documentation.”
• Claims appeal email template (skeleton): “Subject: Appeal for Claim #[Claim#]: [Client Last Name]. Denial reason: [payer reason]. Attached: encounter note, auth (if applicable), and corrected claim form. Requested action: reprocess with supporting documentation.”

Measuring ROI: a worked example

Use a simple model to estimate breakeven for a dedicated EA vs other options.

1. 1Inputs: clinician billed rate = $120/session; average sessions/week = 20; reclaimable admin time = 3 hours/week (approx. 4 sessions regained); EA cost = $5,000/month.
2. 2Monthly clinician revenue per session regained: 4 sessions × $120 × 4.3 weeks = $2,064/month.
3. 3Breakeven: at $5,000/mo EA cost, reclaimed revenue covers ~41% of EA cost. Add indirect benefits (reduced burnout, fewer cancellations, faster collections): if EA also reduces no‑shows to recover another 8 sessions/month ($1,036), total recovered ≈ $3,100, improving ROI.
4. 4Consider ramp: if onboarding cost is $2,500 amortized over 6 months, add ~$417/mo to cost. Recalculate breakeven with this included. Use actual practice metrics to model more precisely.

Hiring tests and QA best practices

• Skills checklist: experience with your EHR, insurance verification, clearinghouse familiarity, strong written communication, HIPAA training certificate.
• Hiring tests: replicate common tasks: schedule a mock intake, submit a sample claim correction, and draft an authorization request; score accuracy and turnaround time.
• QA cadence: weekly reviews in month 1 (random record checks), biweekly in month 2, monthly ongoing plus quarterly audits and KPI reviews.
• Performance KPIs: time reclaimed per clinician, AR 30/60/90 improvements, appeal success rate, no‑show rate change, clinician satisfaction scores.

AI & third‑party tools: explicit cautions

• Require a BAA before sending PHI to transcription or AI vendors; do not assume consumer AI tools are compliant.
• Require vendor security attestations and a data flow diagram showing where PHI is stored or processed.
• Disallow auto‑insertion of generative AI output into clinical notes without clinician review and explicit approval documented in SOPs.

Common buyer objections and practical mitigations

• HIPAA risk: mitigated with BAA, least‑privilege access, MFA, audit logs, and quarterly vendor reviews.
• Scope creep: prevented by delegation matrix, SOPs, and a hard stop requiring clinician sign‑off for clinical content for the first 90 days.
• Timezone/language fit: require overlapping hours in job brief and include a language/communication assessment in hiring tests.
• Quality & EHR experience: include EHR‑specific tasks in hiring tests and a 30‑day competency checklist.

Next steps, internal links, and further reading

To move forward: map current time sinks, pick an engagement model, and prepare an RFP that lists required BAAs, EHR experience, and SLA overlap hours. For tactical hiring and pricing context, review these guides: What Does an Executive Assistant Do? The Complete 2026 Guide, How to Hire an Executive Assistant Who Actually Frees Up Your Time, Remote Executive Assistant: How It Works and Why It Often Works Better, Executive Assistant Pricing Guide: What You Are Really Paying For, The ROI of an Executive Assistant: A Better Way to Measure Return, and 15 Tasks Every Executive Should Delegate to an EA Immediately.

Further reading & citations

• HHS OCR: HIPAA Permitted Uses and Disclosures, Business Associates & BAAs: https://www.hhs.gov/hipaa/for-professionals/covered‑entities/index.html
• HHS OCR: Breach Notification Rule and guidance: https://www.hhs.gov/hipaa/for-professionals/breach‑notification/index.html
• FTC & state AG guidance on data security (consumer‑facing obligations and vendor due diligence): https://www.ftc.gov
• SimplePractice integration/docs: https://support.simplepractice.com
• TherapyNotes documentation: https://www.therapynotes.com/support
• ThenaNest (ThеraNest) integration docs: https://support.theranest.com
• Clearinghouses: Change Healthcare, Availity, Waystar, OfficeAlly: check vendor docs for ERA formats and API details.