docs
10 Things to Verify Before Signing Any Medical Billing Software Contract
A contract-review checklist for billing-company software buyers: termination clauses, data-export rights, hidden year-two fees, and BAA scope.
Short answer
Three contract terms cause the largest avoidable losses for billing companies: the termination structure, data export rights, and year-two fees. Termination matters most — a non-cancelable annual clause can leave you owing the remaining months after you have fully migrated off, and billing companies have paid tens of thousands of dollars for a system they no longer used. Data export comes second, because the contract often controls when and at what fee you can pull your own claims, payments, and ERAs, sometimes with a deletion window after termination. Year-two fees come third: AI add-ons, document-storage overages, attachment charges, and card-processing markups can push real cost 20 to 40 percent above the advertised price by the first renewal. The other seven items below still matter, but read those three first.
Sources: HHS HIPAA business associates · AdvancedMD software pricing
How billing-company software contracts go wrong
Billing companies pick software on feature lists, pricing pages, and demos, then sign on the sales conversation. The contract — the document with the termination, data, and dispute clauses — usually goes unread until something breaks.
The failure modes are documented. AdvancedMD's published Terms of Service make subscription fees non-cancelable during the term. BBB complaint filings over the past five years include billing companies reporting four to six months of fees owed after they had already migrated to a replacement. CollaborateMD's customer software agreement includes a post-termination data-deletion window. Tebra's migration documentation describes a thirty-day data-services SLA, but that SLA covers Tebra as the receiving system, not as the exporter. The language that protects your trailing A/R and your data access is almost never on the pricing page.
The ten items below are ordered by consequence. The ones at the top do the most damage when they go wrong.
1. Termination notice period and renewal cliff
Ask for the termination section by number, not a summary. Three variables decide your exposure: how many days of notice you owe before a renewal date, whether renewal-term fees become non-cancelable the moment that window closes, and whether early termination carries a penalty beyond the remaining balance. Sixty- to ninety-day notice windows are common; miss one by a day and you are committed to another full year.
The cost is concrete. AdvancedMD's Terms of Service make fees non-cancelable during the term, and BBB filings describe billing companies invoiced for the remaining months after a completed migration. At AdvancedMD's published $429 per provider per month and forty providers, a six-month remainder is $102,960.
**Ask for:** "Either party may terminate upon thirty days written notice, with no fees owed beyond the current billing period." If the contract requires an annual term, negotiate a pro-rated first-year exit or a month-to-month conversion after the initial term. A vendor that will not negotiate termination is telling you how the relationship ends.
2. Data export rights
The data section should state what you can export, in what format, and within what window after termination. "Commercially reasonable format" is a red flag — it leaves format, timeline, and fees to the vendor. Confirm you can export all claims, payments, ERAs, and patient records on demand before termination, whether each export run carries a fee, and what happens to your data when any post-termination window closes.
CollaborateMD's customer software agreement (sections 3.1 and 3.3) sets the conditions for post-termination access and includes a deletion window. AdvancedMD's PM and EHR data export carries a quoted fee that third-party migration analyses flag as a multi-thousand-dollar event by data volume. Assuming you can pull your own data whenever you want is how the price and the deadline surprise you.
**Ask for:** explicit export rights with no fee for standard runs, a minimum ninety-day post-termination access window, and no deletion without thirty days written notice and a confirmed export receipt. Set a calendar reminder ninety days before any termination date.
3. Legacy A/R closeout in the outgoing contract
This clause lives in the agreement with your current vendor, not the new one. Before signing anything new, the outgoing contract needs two provisions: a commitment to keep working all claims with dates of service before cutover for at least sixty days, and a guarantee that you own the trailing A/R outright with documented claim-history access during and after the transition.
Skipping this clause can leave you paying just to retrieve your own claim history or trying to work old A/R without the people and system context that created it. The safer pattern is a parallel legacy closeout: the source system keeps pre-cutover claims visible and owned while new claims start in Medi. Without the clause, that obligation never formally existed.
**Ask for:** "The outgoing party will actively work all claims with dates of service prior to [cutover date] for a minimum of sixty days following termination, provide monthly aging reconciliation until the legacy A/R is closed, and retain claim-history access for a minimum of twelve months post-termination at no charge."
4. Per-provider pricing at 2x and 3x your provider count
Ask for a written dollar figure at your current provider count, twice that, and three times that. Per-provider pricing looks manageable at ten providers and becomes the dominant operating cost at thirty. Confirm whether volume discounts apply automatically or require renegotiation at each tier.
The arithmetic at thirty providers: AdvancedMD's published $429 per provider per month is a $12,870 monthly floor before implementation, add-ons, or migration. The same book on Medi — thirty client practices with those providers distributed across them — pays $20 per client practice per month, with volume pricing available, plus EDI usage of roughly $800 to $1,100 per month total. Medi charges per client practice, so adding providers inside a practice never changes the platform fee. The full schedule is published at /pricing with no quote required.
**Ask for:** either a fixed per-provider rate locked for a multi-year term with a written discount schedule per tier, or a flat-fee structure where growth does not change platform cost. If rates are "subject to change," pin the notification requirement and a 5% annual cap with a thirty-day penalty-free exit above it.
5. Onboarding and implementation fees
Implementation comes in three shapes: a flat one-time fee, a per-provider fee, or hourly professional services. AdvancedMD cites standard implementation of $2,000 to $5,000, with enterprise builds up to $6,000 in third-party analyses. CollaborateMD advertises a phased rollout with a dedicated enrollments specialist — ask whether that specialist's time is in the contract or billed separately. Some vendors discount implementation into year one; others list it as a non-waivable line item.
A missed $3,500 implementation fee is a first-invoice surprise, not a catastrophe. The real risk is a time-and-materials engagement against a go-live that keeps slipping while hours accumulate.
**Ask for:** a fixed-fee implementation SOW (statement of work) itemized separately from subscription, scoped rather than hourly, on a written milestone schedule — half at signing, half at confirmed production access, with a penalty if the vendor misses the go-live date.
6. Hidden fees in year two
The year-one price is rarely the year-two operating cost. The categories that appear after initial pricing: AI add-ons per provider or per encounter, document-storage overages by tier, attachment fees for documented claims, card-processing markups on patient payments, and eligibility-inquiry caps with overage charges. Together they can add 20 to 40 percent to the quoted cost.
CollaborateMD measures document storage in megabytes per tier — 75 MB on Starter, 250 MB on Unlimited — and Capterra reviewers flag the per-MB charge directly: "Still charge per MB to store documents like we are back in the early 2000's." For a book that attaches EOBs, appeals, authorizations, and clinical records to claims, storage is not a footnote. AdvancedMD lists AI clinical notes at $100 per provider per month or $0.99 per encounter; across thirty providers opting in, that is $3,000 per month the pricing page never showed. AdvancedMD Pay card processing runs 2.0% to 3.0% per transaction.
**Ask for:** a written year-two cost model with all add-ons, storage, attachments, card processing, and eligibility charges at your expected volume, plus a price-lock period and advance notice before new fees. For storage, confirm whether the limit is a hard cap with overage or a soft cap.
7. Clearinghouse vendor identity
The billing software is not the clearinghouse. Every platform routes your EDI — 837 claims, 835 ERAs, 270/271 eligibility, 276/277 status, 278 authorizations — through a clearinghouse, and that clearinghouse is the actual moving part for payer connectivity. Some vendors name theirs; some do not. CollaborateMD markets a built-in clearinghouse without publicly naming the underlying vendor. AdvancedMD routes through its own infrastructure with Waystar as a preferred partner added in 2025. Medi routes through Stedi, publicly documented.
Not knowing your clearinghouse means not knowing what happens to connectivity during a Change Healthcare-scale disruption — which already happened in 2024. It also drives enrollment: switching software usually means re-enrolling with every payer, because the submitter ID changes with the clearinghouse. The Anthem and Elevance family routes exclusively through Availity; a clearinghouse that does not connect through Availity breaks every Anthem claim from day one.
**Ask for:** the clearinghouse name in writing before signing, confirmation it covers every payer your clients bill — Anthem/Elevance via Availity, active BCBS plans (which vary by state), Medicare, and your top-three commercial payers — and the outage failover SLA. A vendor that will not name it has answered the question.
8. Audit log retention and PHI access detail
HIPAA Security Rule §164.312(b) requires audit controls that record and examine activity in systems holding electronic PHI. The rule sets no retention period, but HHS guidance and billing-record standards point to six to seven years. Ask whether the log captures user actions at the record level — who accessed which patient record, when, from which IP — how long logs are retained, whether you can access them directly or only by support ticket, and whether they are exportable.
Many platforms capture operational audit data without retaining it at HIPAA depth for seven years or exposing it to you directly. A billing company facing a breach question or payer audit three years later needs PHI access logs for the relevant records; a ninety-day or one-year retention window makes that impossible regardless of the BAA. The audit log is your paper trail for every PHI access and your defense in a breach investigation.
**Ask for:** written confirmation of seven-year retention, direct access without going through vendor support, and standard-format export. If the vendor logs at the session level — that a user logged in, but not which records they opened — push back; that does not meet the intent of §164.312(b).
9. BAA scope and subprocessor list before PHI goes live
A Business Associate Agreement is required by HIPAA before any vendor processes, transmits, or stores PHI on your behalf. It must be in place before your first real patient record touches the system, not concurrent with go-live or thirty days after signing. The scope question: does it cover every product you will use, or only the core platform? AI features, cloud storage, analytics, and third-party subprocessors that touch PHI each need their own BAA coverage, and the vendor should be able to name them.
CMS and HHS guidance are clear that a business associate's obligation extends to subcontractors who receive PHI. A vendor that says "our BAA covers our platform" but cannot name the subprocessors in its AI pipeline, storage layer, or clearinghouse routing is leaving your exposure open. Discovering after go-live that an AI note-extraction tool or storage provider was never under a BAA is a potential breach incident, not a vendor oversight.
**Ask for:** the signed BAA before any PHI goes live, plus a subprocessor list as a BAA exhibit covering the clearinghouse, cloud infrastructure, and any AI or analytics tools that touch PHI, with notice of changes. See HHS HIPAA guidance on business associates and the CMS electronic billing guidance.
10. Dispute and arbitration clause
This clause decides what happens when you and the vendor disagree about billing, data rights, an outage that cost revenue, or a breach. Verify four things: whether arbitration is mandatory and binding (removing your right to sue), whether the venue is the vendor's home state, whether there is a class-action waiver, and what the notice-and-cure period is before you can exit for cause.
BBB filings and review platforms show a recurring pattern: a billing company complains about a billing error, export problem, or system failure; the vendor points to the arbitration clause; mandatory binding arbitration in a state where the company has no presence, with a class-action waiver, makes a collective action economically impractical for the size of one claim. The contracts are typically valid, and the buyer did not read the section before signing.
**Ask for:** a termination-for-cause right after a notice-and-cure period (thirty days is standard) that does not trigger arbitration. If arbitration is mandatory, push for your home-state venue or virtual proceedings under AAA or JAMS rules. If there is a class-action waiver, accept it knowing any dispute is yours alone — a business judgment, but an informed one.
What a clean billing-software contract looks like
A clean contract aligns the vendor's interest and yours on the exit: the vendor wants customers who succeed, and you want a platform you can leave if it stops working. Those interests only conflict when the contract is built to lock in revenue regardless of value.
The clean version is month-to-month or annual with a thirty-day exit, export rights with no fee and a minimum ninety-day window before any deletion, a named clearinghouse, a BAA signed before go-live, seven-year audit logs you can access directly, and a termination-for-cause right before arbitration applies. None of these terms are unusual. Vendors who resist them are telling you how they expect the relationship to go.
Implementation fees are reasonable. Per-provider pricing is a structural choice, not a red flag. AI add-ons have value. The damage comes when those terms combine with a non-cancelable annual commitment, opaque export rights, and a dispute path that makes correction impractical. Review the contract section by section, not as a package.
How Medi handles these ten items
1. **Termination.** No annual contract or minimum term. No non-cancelable clause, no early-termination fee. Migration is free with a 12-month commitment, or $100 per practice (capped at $3,000) month-to-month. Data export is always free, whenever you ask. 2. **Data export.** Your data is yours, not fee-gated or limited to a post-termination window. Request an export at any point at no per-export charge. 3. **Legacy A/R closeout.** Medi's migration tooling is forward-only. Leaving any platform, the recommended pattern is sixty to ninety days of legacy A/R closeout in the outgoing system in parallel with Medi. The Tebra migration guide documents it. 4. **Per-practice scaling.** $20 per client practice per month, with volume pricing available. Adding providers inside a practice does not change the fee. No per-provider fee. EDI scales with volume, and the full schedule is published at /pricing with no quote required. 5. **Implementation fees.** No per-provider implementation fee. Medi requires an implementation review before production PHI access — a compliance step, not a professional-services engagement — and it carries no separate charge. 6. **Year-two fees.** No AI add-on modules, document-storage caps, or card-processing markups; Medi does not process patient card payments, so you bring your own processor with its own BAA. EDI overage follows the published schedule. No hidden categories appear after year one. 7. **Clearinghouse.** Stedi handles all EDI — 837 claim submission, 835 ERA, 270/271 eligibility, 276/277 status, 278 authorization, and 277CA acknowledgment. Stedi's payer network and enrollment requirements are documented. The Medi team can review your payer mix against Stedi's network before you commit. 8. **Audit log retention.** Logs are retained seven years, aligned with §164.312(b), capture user actions at the record level (not session level), and are accessible to the billing company directly without a support ticket. 9. **BAA timing.** The BAA is signed before any PHI workflow goes live — a firm sequencing requirement. Subprocessors that touch PHI are documented; request the list during evaluation. 10. **Disputes.** Either party may terminate with thirty days written notice. No class-action waiver. Dispute resolution follows standard commercial arbitration under AAA rules, with no vendor-home-state venue requirement.
For Medi's security posture and BAA terms, see /security. For pricing detail, see /pricing. To walk these ten items against a real scenario, see /demo.
Frequently asked questions
Do billing software contracts typically allow month-to-month cancellation?
Many do not. Annual subscriptions are standard for AdvancedMD, multi-year discounts are common at CollaborateMD and PracticeSuite, and Tebra's per-provider pricing has historically required annual commitments at most tiers. Month-to-month is usually negotiable at a premium, since vendors charge more when they cannot count on annual revenue. The question is whether that premium is less than the cost of being locked in for a year with a system that is not working. For most billing companies above five providers, the math favors a clean annual contract with an explicit exit clause over month-to-month rates.
What happens to my data if I cancel and do not export it in time?
It depends on the contract. CollaborateMD's customer software agreement specifies a deletion window after termination — data not exported in time is subject to deletion. AdvancedMD's export service is available post-termination at a quoted fee, but the access period is not open indefinitely. The standard mitigation is to run a full export before sending the termination notice, not after. Waiting until termination is confirmed opens a window where the export fails, the vendor delays, or the deletion clock runs shorter than expected. Export first, then terminate.
Is the BAA the same thing as a HIPAA compliance certification?
No. A BAA is a contractual agreement that the vendor will handle PHI per HIPAA — a legal obligation, not a certification. A HIPAA compliance certification, like HITRUST CSF or a SOC 2 Type II report with HIPAA criteria, is a third-party audit verifying the vendor's controls. The BAA says the vendor agreed to be responsible; the certification provides evidence the controls exist. Ask for both. See HHS guidance on business associates for the legal framing.
How do I verify which clearinghouse a vendor actually uses?
Ask directly, by name, and get it in writing. Some vendors describe clearinghouse capability in functional terms ("real-time scrubbing," "built-in clearinghouse") without naming the third party behind it. The reason it matters: if you sign, start enrollment, then find the clearinghouse does not support a payer covering thirty percent of your volume, you cannot submit those claims until you resolve it. Confirm the name, confirm your top-ten payers are on the network, and confirm enrollment timelines before your go-live date is set.
What does a mandatory arbitration clause actually mean in practice?
Mandatory binding arbitration resolves disputes through a private arbitrator rather than a court. You give up a jury trial and, with a class-action waiver, the ability to join other affected customers. Arbitration is often faster and cheaper for small disputes. For larger ones — a system failure that cost significant A/R, an export-fee dispute, a wrongful early-termination charge — it can favor the vendor, because the process is private, the arbitrator is drawn from a commercial-dispute pool, and outcomes are binding with limited appeal. If your contract has mandatory arbitration with a class-action waiver, know that going in. The American Arbitration Association and JAMS are the two bodies commonly named in commercial contracts.
Should I have an attorney review a billing software contract before signing?
Yes, particularly for annual or multi-year commitments above $10,000 per year, contracts with non-cancelable fee provisions, and any agreement with a broad arbitration clause or class-action waiver. A healthcare attorney familiar with HIPAA business-associate obligations can also confirm the BAA meets current HHS requirements and that subprocessor obligations are structured correctly. A contract review costs little against the wrong clause on exit.
How current is this guide?
Last reviewed 2026-06-07. Contract terms for AdvancedMD, CollaborateMD, Tebra, PracticeSuite, Office Ally, and others change. This guide draws on published Terms of Service, public customer software agreements, BBB complaint data, and documented migration playbooks, grounded in vendor-published documentation at the time of review. Always read the current version of any contract before signing. See the billing company software evaluation guide for the pre-contract criteria that decide whether a vendor makes the shortlist. For Tebra specifically, see migrating from Tebra. For pricing context, see Medi vs AdvancedMD and Medi vs CollaborateMD.
References
These public sources provide background for standards, terminology, or competitor context discussed on this page.
- Tebra medical billing software and revenue managementTebra
- AdvancedMD medical billing softwareAdvancedMD
- CollaborateMD medical billing software for practices and billing companiesCollaborateMD
- HHS HIPAA for ProfessionalsU.S. Department of Health and Human Services