docs
Multi-Practice Billing Company Operations
How Medi frames practice context, all-practices views, permissions, work queues, and operational control for billing companies.
Short answer
A billing company is not one practice running its own billing. It is a service business operating revenue cycle work across many client practices at once, and that changes what the software has to do: practice context as the access boundary, all-practices visibility for owners and supervisors, per-practice permissions for mixed staff, cross-practice work queues that route by function instead of by client, account-level reporting owners can defend to clients, and audit logging that supports HIPAA Security Rule §164.312(b) review across every tenant. One choice drives the rest: what counts as the tenant. Medi makes the billing company the workspace and the practice a scoped tenant inside it. Per-practice products make the practice the workspace and force the billing company to multi-instance around them.
Sources: HHS HIPAA for Professionals
The tenancy model drives the rest
The most consequential choice a billing-company software vendor makes is what counts as the tenant. Two shapes dominate the market:
- Practice as tenant — the workspace belongs to a practice; billing companies multi-instance around it (Tebra-style, most practice-management products)
- Billing company as tenant — the workspace belongs to the billing company; practices are scoped tenants within it (Medi, some purpose-built billing platforms)
Practice-as-tenant works for the practice that runs its own billing. It breaks down when a billing service operates across eight or more clients, because every cross-practice action means logging into a separate instance or working around the data model. Billing-company-as-tenant inverts that: cross-practice work is the default, single-practice work is the scoped case.
The shape shows up in five places operators feel daily:
- How you switch between clients
- How permissions work for offshore or shared staff
- How cross-practice reporting aggregates
- How payer enrollment, fee schedules, and custom rules layer per practice
- What duplicates when you add the eleventh client
What does multi-practice control require?
| Operational need | Why it matters | What good looks like |
|---|---|---|
| Practice context | Users need to know which client account they are working in at all times | Persistent practice indicator in the UI; record-level access guards prevent accidental cross-practice writes |
| All-practices view | Owners and managers need to find aging, denials, payments, and setup gaps across the full book | One queue or report that aggregates across practices, filterable in any combination |
| Permission boundaries | Not every user should see every practice or every record | Restrict a user to a subset of practices and providers inside one workspace, without separate logins |
| Cross-practice work queues | Billing work should move by priority and function, not by which client is open | A denial specialist works denials across all eight clients in one queue, scoped by their access |
| Per-practice configuration | Each client may have different payer mix, fee schedules, custom rules, ERA posting policies | Configuration per practice inherits from billing-company defaults but can override at the practice level |
| Reporting scope | Billing-company leaders need account-level and cross-account management views | Drill-down from full-book view to single-practice view without leaving the report |
| Setup governance | Provider, payer, fee schedule, clearinghouse, and user setup all affect downstream claims | One admin surface; changes audit-logged with user, timestamp, and reason |
| Audit logging | Compliance and offshore-staff feasibility both depend on logging | Every PHI access logged with user, tenant, timestamp, and record per HIPAA Security Rule §164.312(b) |
How Medi shapes this
Medi is built around practice context as the operational boundary, with all-practices views for users authorized to manage multiple practices at once. The practical surfaces:
- One workspace per billing company; client practices are scoped tenants inside it
- Practice context controls record-level access, reporting scope, and audit log filtering automatically
- The all-practices Work Queue routes denials, ERAs, follow-up, and aging by function; per-practice scope is one filter away
- Permissions match how billing companies hire: a biller restricted to four of eight client practices, an offshore poster to two of eight, an owner to all
- Per-practice configuration layers cleanly: payer enrollment, custom scrub rules, ERA posting policies, and write-off tolerances all set at the practice level
- Reporting aggregates across the book with drill-down to a single practice
- Audit logging captures user, tenant, timestamp, and record for every PHI access; logs retained seven years per HIPAA §164.312(b)
One thing Medi will not claim: that multi-practice operations are fully automated. They are a control problem first. Automation comes later, and only where the audit and review boundary is clear. See the billing-company operations overview for how these surfaces connect.
Permissions are a hiring lever
Billing companies hire in patterns single-practice software does not anticipate. A few that come up constantly:
- Offshore posters who handle specific clients but not others, with audit logs that prove they never touched the rest
- Specialist roles (denial leads, appeals coordinators) who work across all clients with limited write permissions
- Account managers who own two or three clients with full access and read-only access to the rest
- Owners and supervisors with full-book access for reporting and oversight
- Temporary contractors with scoped access for specific work, expiring automatically
The permission shape that supports those patterns is per-practice, per-provider, per-role inside a single workspace. The shape that breaks them is separate logins per client, because every role change turns into account-creation busywork across instances.
What to verify in a demo
Run these against any platform you evaluate, including ours. Book a demo and walk the list live.
- Switch between three practices in under thirty seconds without re-authenticating
- Restrict an offshore biller to four of eight practices inside one workspace, then confirm the other four are invisible
- Open a denial that spans multiple line items, then filter denials by payer across all eight practices
- Generate an A/R aging report that aggregates across all clients, then drill into one practice
- Pull an audit log for one PHI read: who, when, which record, from which IP
- Add a new client practice and walk through configuring payer enrollment, fee schedules, custom rules, and user access
- Change a payer rule mid-month and see whether it propagates per client or forces separate setup everywhere
What to verify in a contract
- Whether audit log retention meets your compliance posture (seven years covers HIPAA Security Rule §164.312(b))
- Whether the BAA covers every PHI processing path, including any AI subprocessors
- Whether per-practice configuration exports cleanly if you migrate later
- Whether the pricing structure exposes you to runaway cost as you add clients
Frequently asked questions
What is multi-practice billing-company operations software?
Software that lets a billing service manage revenue cycle work across many client practices from one workspace, with per-practice access boundaries, cross-practice work queues, account-level reporting, and audit logging that covers every tenant. It is distinct from practice-management software, which treats the practice as the workspace.
Why does the tenancy model matter so much?
Every other operational behavior follows from it. Practice-as-tenant forces multi-instance access for any cross-practice work. Billing-company-as-tenant makes cross-practice work the default. The gap shows up in user switching, permissions, reporting, configuration, and pricing, and it widens as the client count grows.
Is multi-practice billing just a reporting feature?
No. Reporting helps, but the capability set is broader: access control, work ownership, payer and provider setup, payment workflows, denial follow-up, audit logging, and per-practice configuration. A vendor that frames multi-practice support as "aggregated reporting" usually has practice-as-tenant architecture with a report bolted on top.
How does Medi handle offshore staff?
Practice-level access restriction inside one workspace. An offshore biller permissioned to four of eight client practices never sees the other four, and the audit log captures every PHI access for compliance review. No separate logins.
What does Medi report on across practices?
A/R aging, claim status, denial volume by CARC and payer, ERA posting volume, write-off totals, productivity by user and practice, and payer performance, all aggregable across the full book with drill-down to individual practices. The reporting surface is built for owner and account-manager review, not just operator views.
How does Medi's pricing scale with the book?
$20 per client practice per month, with volume pricing available, with no per-provider fee and no contract. Adding providers inside a practice never changes the bill. EDI is billed per transaction: claim submission is $0.70 per claim (ERA included, line-blind), stepping down to $0.65 from 501 to 5,000 claims per month and $0.55 beyond 5,000; eligibility is $0.25 per inquiry; claim status is $0.20 per inquiry. Model your book with the pricing calculator, and see the Medi vs Tebra comparison for the per-practice-versus-per-provider contrast.
How current is this guide?
Last reviewed 2026-06-07. HIPAA Security Rule §164.312(b) audit control requirements are referenced from HHS HIPAA for Professionals. The architectural framing draws on Medi's product documentation and standard multi-tenancy patterns for SaaS.
References
These public sources provide background for standards, terminology, or competitor context discussed on this page.
- HHS HIPAA for ProfessionalsU.S. Department of Health and Human Services