- Quick Answer
- Insurance Billing vs Cash-Pay Invoicing: The Critical Distinction
Healthcare billing is two completely different problems that most blog posts blend together. Insurance billing means submitting CPT and ICD-10 coded claims to payers via clearinghouses with EDI 837 transactions. Cash-pay invoicing means billing the patient directly for self-pay services, cosmetic procedures, concierge care, or balance-due amounts after insurance. The right tool depends entirely on which problem dominates your practice.
How we verified this We cross-referenced public data (HHS HIPAA Security Rule, CMS billing guidance, American Medical Association CPT code requirements, vendor pricing pages, and 2024-2025 EHR market share data) against our own review. HIPAA-specific claims link to the primary HHS source.
Key Takeaways
- HIPAA-compliant medical billing requires encryption at rest and in transit, role-based access, multi-factor authentication, and audit logs per the HHS Security Rule. Proposed 2025 updates make these mandatory rather than addressable.
- Per HHS proposed rule changes, MFA becomes mandatory for all access points and encryption becomes mandatory for ePHI at rest and in transit. HIPAA penalties range from $100 to $50,000 per violation, capped at $1.5 million per year per violation category.
- Epic and Oracle Health (Cerner) dominate hospital EHRs. In ambulatory practices, athenahealth and eClinicalWorks lead, while Tebra (Kareo + PatientPop merger) leads the small-practice market.
- Insurance billing is CPT (procedure code) plus ICD-10 (diagnosis code) plus place-of-service code plus modifier, submitted via EDI 837 through a clearinghouse. A pure invoicing tool cannot do this.
- Cash-pay practices (cosmetic, concierge, direct primary care, dental) often run lean stacks built around a clean invoicing tool plus a HIPAA-compliant EHR.
This guide separates insurance billing from cash-pay invoicing and recommends the right tool for each.
Quick Answer
For small practices (1 to 5 providers) doing insurance billing: Tebra (Kareo + PatientPop), DrChrono, or AdvancedMD. Each includes EHR plus medical billing plus claims management in one platform.
For larger practices and groups (5 to 50 providers): athenahealth, eClinicalWorks, NextGen, or AdvancedMD. Add a dedicated revenue cycle management (RCM) vendor if billing complexity is high.
For cash-pay specialty practices (cosmetic, concierge, direct primary care, ketamine, IV therapy): SimplePractice, Jane App, or Healthie for clinical, paired with a clean invoicing tool like Square Invoices or Billed for the billing side. HIPAA Business Associate Agreement (BAA) required.
For mental health, therapy, and behavioral health: SimplePractice or TherapyNotes. Both are mental-health native and include HIPAA-compliant client portals, scheduling, and invoicing.
For multi-location DSOs (Dental Service Organizations) and large dental: Open Dental or Carestream Dental for clinical, NetSuite or Microsoft Dynamics for accounting, plus a dedicated RCM workflow.
For solo concierge or DPC physicians (no insurance): Hint Health, Atlas MD, or a HIPAA-compliant EHR plus a generalist invoicing tool. Cheaper and faster than full medical billing software.
Insurance Billing vs Cash-Pay Invoicing: The Critical Distinction
This is the topic most ranking pages skip and the topic that drives every other decision.
Insurance billing is a claims-based workflow:
- Provider documents the encounter with diagnosis (ICD-10), procedure (CPT), modifiers, and place-of-service code
- Coding is converted into an EDI 837 transaction
- Transaction is submitted to a clearinghouse (Availity, Change Healthcare, Office Ally, Trizetto)
- Clearinghouse forwards to the payer (Aetna, BCBS, Medicare, Medicaid, etc.)
- Payer adjudicates and returns EDI 835 with payment or denial
- Practice posts payment, bills patient for balance due, and works denials
A pure invoicing tool cannot do this. You need an EHR plus practice management plus billing module, or a dedicated medical billing platform.
Cash-pay invoicing is direct billing to the patient:
- Provider delivers service
- Practice issues an invoice or receipt at point of care
- Patient pays via card, ACH, HSA, FSA, or cash
- (Optional) Patient submits superbill to their insurance for out-of-network reimbursement
A generalist invoicing tool works for cash-pay, provided you sign a HIPAA Business Associate Agreement (BAA) with the vendor before storing protected health information (PHI) in the tool. Most major invoicing tools (QuickBooks Online, Wave, Square, Stripe) do not sign BAAs, so cash-pay practices that store PHI must use HIPAA-compliant alternatives.
The 9 Best Healthcare Billing Tools in 2026
1. Tebra (formerly Kareo + PatientPop)
Best for: Solo and small ambulatory practices (1 to 10 providers) doing insurance billing.
Tebra was formed in 2021 from the merger of Kareo (medical billing) and PatientPop (patient experience). It is the most cited entry-level platform for independent practices.
Strengths: Affordable entry pricing (small practice plans starting around $125 to $300 per provider per month per industry reports). Combines EHR, practice management, billing, and patient acquisition in one platform. Strong claims scrubbing.
Watch-outs: Mid-size practices sometimes outgrow Tebra's analytics depth. Onboarding for billing setup is heavier than the marketing suggests. Best fit for primary care, mental health, and small specialty practices.
2. AdvancedMD
Best for: Multi-provider ambulatory practices (5 to 50 providers).
AdvancedMD is a cloud-based EHR plus practice management plus billing platform serving multi-provider practices.
Strengths: Strong claims management workflow, configurable patient billing rules, mobile EHR, and a built-in RCM service if you do not want to manage billing in-house. HIPAA compliant with BAA included.
Watch-outs: Pricing is custom, typically $429 to $729 per provider per month per industry reports. Implementation is heavier than Tebra.
3. DrChrono (by EverHealth)
Best for: iPad-first small practices, urgent care, and modern primary care.
DrChrono is one of the most modern EHR plus billing platforms, with strong mobile-first workflows and an open API.
Strengths: Native iPad EHR with strong drawing and dictation, custom forms, telemedicine, and integrated billing. API friendly for custom workflows. Good fit for younger practices and ones that integrate with consumer-facing apps.
Watch-outs: Smaller integration library than athenahealth. Pricing varies by provider and feature set, typically $200 to $500 per provider per month per industry reports.
4. athenahealth (athenaCollector and athenaOne)
Best for: Mid-size to large practices (10 to 500+ providers).
athenahealth is one of the two largest ambulatory EHR vendors. athenaCollector is their RCM and billing module; athenaOne is the full EHR-plus-PM-plus-billing suite.
Strengths: Cloud-native, strong claim scrubbing, network-wide payer rules library that updates as payers change rules, and reporting depth that mid-size practices need.
Watch-outs: Pricing is typically percentage-of-collections (often 4% to 8% of collections) plus per-provider fees. Best fit for higher-revenue practices. Implementation is multi-month.
5. eClinicalWorks
Best for: Mid-size to large practices, FQHCs, and ACOs.
eClinicalWorks is the largest ambulatory EHR by installed base, serving many federally qualified health centers and accountable care organizations.
Strengths: Deep functionality, full HIE participation, and strong reporting. eCW handles complex multi-specialty practices well.
Watch-outs: Older UX patterns. Implementation typically takes months. Pricing is typically $499+ per provider per month.
6. NextGen Healthcare
Best for: Mid-size and large practices, particularly multi-specialty groups.
NextGen Healthcare (formerly NextGen Office, formerly MediTouch) serves a wide range of ambulatory specialties.
Strengths: Strong patient portal and telehealth, flexible specialty content packs, and solid billing module. Good fit for orthopedics, OB/GYN, and dermatology multi-provider groups.
Watch-outs: Reporting and analytics are less polished than athenahealth. Onboarding can be lengthy.
7. SimplePractice
Best for: Mental health, therapy, behavioral health, and small cash-pay or out-of-network practices.
SimplePractice is the leading platform for mental health and small wellness practices. It handles scheduling, EHR, telehealth, secure messaging, and billing.
Strengths: Native HIPAA compliance with BAA included, clean client portal, superbill generation for out-of-network clients, and reasonable pricing (typically $39 to $99 per month for solo practitioners, more for groups). Cash-pay or self-pay billing built in.
Watch-outs: Insurance billing functionality is more limited than Tebra or AdvancedMD. Best fit for cash-pay first or out-of-network practices.
8. Jane App
Best for: Multidisciplinary clinics (PT, chiropractic, naturopathy, acupuncture, massage).
Jane App is fast becoming the go-to for multidisciplinary allied health clinics. It handles scheduling, charting, billing, and online booking.
Strengths: Strong scheduling for multi-provider clinics, clean charting, supports insurance and cash billing, HIPAA-compliant with BAA. Used heavily in Canada and the US.
Watch-outs: US insurance billing is shallower than mental-health-specific tools. Pricing scales by provider, typically $79 to $409 per month per location.
9. Billed (cash-pay only, with separate clinical tool)
Best for: Cash-pay specialty practices that handle PHI inside a HIPAA-compliant EHR and need a clean invoicing layer for non-PHI charges.
Billed handles recurring invoices, online payments, and automated reminders. It works well for cash-pay services where the invoice itself does not contain PHI (such as a flat "Concierge Membership Quarterly Fee" or "Aesthetic Service Package" without diagnosis or treatment detail). See pricing for current plans.
Why some practices use it: Recurring billing handles membership and retainer fees, online payments reduce checkout friction, and automated reminders cut accounts receivable days. The estimate-to-invoice flow handles deposit billing on procedures.
Critical tradeoff: Billed does not currently sign HIPAA Business Associate Agreements. Do not store PHI (diagnosis, treatment description, ICD-10 or CPT codes) on an invoice in Billed or any tool without a signed BAA. Pair Billed with SimplePractice, DrChrono, or another HIPAA-compliant EHR for clinical workflows, and keep PHI inside the EHR. Use Billed only for non-PHI billing layers.
Healthcare Billing Tools Compared
| Tool | Best For | Starting Price (per provider) | HIPAA BAA | Insurance Claims | Main Tradeoff |
|---|---|---|---|---|---|
| Tebra | Solo and small (1-10 providers) | ~$125 to $300 per month | Yes | Yes, full | Mid-size practices outgrow analytics |
| AdvancedMD | 5 to 50 providers | ~$429 to $729 per month | Yes | Yes, full | Cost barrier for solo |
| DrChrono | iPad-first small to mid | ~$200 to $500 per month | Yes | Yes, full | Smaller integration library |
| athenahealth | Mid to large practices | ~4% to 8% of collections | Yes | Yes, network-grade | Percentage-of-collections cost |
| eClinicalWorks | FQHCs and large multi-specialty | ~$499+ per month | Yes | Yes, full | Older UX patterns |
| NextGen Healthcare | Mid-size multi-specialty | ~$299+ per month | Yes | Yes, full | Reporting depth |
| SimplePractice | Mental health and cash-pay | $39 to $99 per month | Yes | Limited (out-of-network superbills) | Light on insurance claims |
| Jane App | Allied health multi-disciplinary | $79 to $409 per location | Yes | Partial | US insurance billing shallower |
| Billed | Cash-pay non-PHI billing only | See pricing | No BAA available | No | Cannot store PHI |
Pricing is current as of May 2026 and may change. Verify on each vendor's pricing page.
HIPAA Compliance: What Your Billing Software Must Do
The HHS HIPAA Security Rule requires three categories of safeguards for any system that creates, receives, maintains, or transmits ePHI (electronic protected health information):
Administrative safeguards:
- Workforce training on PHI handling
- Designated security officer and privacy officer
- Risk analysis and risk management process
- Sanction policy for violations
Physical safeguards:
- Facility access controls
- Workstation and device security
- Media disposal and reuse rules
Technical safeguards:
- Unique user identification and authentication
- Automatic logoff
- Encryption of ePHI at rest and in transit
- Audit controls and access logs
- Integrity controls to detect unauthorized PHI changes
Per the HHS proposed 2025 Security Rule updates, several previously "addressable" requirements become mandatory, including encryption at rest and in transit, multi-factor authentication, and continuous risk assessments.
Business Associate Agreement (BAA). Any vendor that touches PHI on your behalf must sign a BAA. The BAA contractually obligates the vendor to follow HIPAA. Without a signed BAA, storing PHI in that vendor's system is itself a HIPAA violation regardless of vendor security.
HIPAA penalty tiers: Per HHS, penalties range from $100 to $50,000 per violation depending on culpability, capped at $1.5 million per year per violation category.
Practical implication for invoicing: If the invoice contains diagnosis code, treatment description, or anything that could identify a patient's health condition, you must use a HIPAA-compliant tool with a BAA. If the invoice is for a non-PHI service (e.g., a flat membership fee, an aesthetic service, or a balance due where the description does not identify the condition), a generalist invoicing tool can be sufficient. When in doubt, treat it as PHI.
CPT Codes, ICD-10, and Why Pure Invoicing Tools Cannot Replace Medical Billing
This is where the wall between insurance billing and cash-pay invoicing becomes concrete.
CPT (Current Procedural Terminology) is the AMA-maintained code set for procedures and services. There are over 10,000 CPT codes. Each describes a specific service (office visit, X-ray, surgery, etc.) and maps to a payer-specific reimbursement rate.
ICD-10-CM (International Classification of Diseases, 10th Revision, Clinical Modification) is the code set for diagnoses. There are approximately 70,000 ICD-10 codes in active use.
HCPCS Level II covers durable medical equipment, supplies, and services not in CPT.
Modifiers are two-character add-ons that change the meaning or payment of a CPT code (e.g., modifier 25 for a separately identifiable service on the same day).
Place of service codes identify where the service was provided (office, hospital, telehealth, etc.).
A claim is the combination of these codes, plus the patient demographics, payer information, and provider NPI, packaged into an EDI 837 transaction and submitted through a clearinghouse. The clearinghouse scrubs the claim against payer rules, forwards to the payer, and routes back the EDI 835 remittance advice.
A pure invoicing tool cannot do any of this. You need a medical billing platform with:
- A maintained CPT and ICD-10 code library updated for the current year
- Payer-specific rule engine
- Clearinghouse connection (Availity, Change Healthcare, Office Ally)
- Denial management workflow
- Payment posting from EDI 835
This is why tools like Tebra, AdvancedMD, athenahealth, and DrChrono are necessary even though they cost more than generalist invoicing software.
How We Evaluated These Tools
We scored each tool on seven dimensions weighted for healthcare reality:
- HIPAA compliance including signed BAA, encryption, MFA, audit logs
- CPT, ICD-10, modifier, and HCPCS support for current code year
- Claims management including clearinghouse integration and denial workflows
- Patient billing and self-pay workflows including superbills, payment plans, and HSA/FSA cards
- EHR and clinical integration for charting, e-prescribing, and lab orders
- Reporting and revenue cycle analytics
- Total cost of ownership including implementation, per-provider fees, and clearinghouse fees
We cross-referenced HHS guidance, CMS billing rules, AMA CPT documentation, vendor pricing pages, practitioner threads on r/medicine, r/healthcareadmin, r/medicalbilling, and our own hands-on review.
A Comparison of 4 Practice Profiles
We modeled four common practice profiles to surface where each stack works or breaks. Methodology note: these profiles are composites based on practitioner forum discussions and case studies, not single named practices. Numbers will vary by specialty, payer mix, and team size.
Profile 1: Solo family medicine practice, 90% insurance. Tebra full suite. Implementation took approximately 6 weeks. Days in AR landed at approximately 32 after 90 days. Net collection rate approximately 96%. Total monthly cost approximately $250 per provider.
Profile 2: 4-provider physical therapy clinic, 70% insurance / 30% cash-pay. Jane App for clinical and cash billing, Office Ally for insurance claims clearinghouse. Total monthly cost approximately $500. Insurance billing turnaround on standard claims averaged 14 days.
Profile 3: Solo concierge primary care (DPC model), 100% cash-pay membership. SimplePractice for EHR and HIPAA workflows, Billed for membership billing where invoices contain no PHI. Total monthly cost approximately $130. Recurring billing eliminated approximately 5 hours per month of admin work.
Profile 4: 12-provider OB/GYN group, 95% insurance. athenaOne plus athenaCollector. Total cost approximately 6% of collections plus per-provider fees. Net collection rate approximately 97% after first year. Implementation took approximately 5 months including data migration.
When This Guide Is Not For You
This buyer's guide is built for US ambulatory practices (outpatient clinics, solo and multi-provider groups, mental health, allied health, and concierge practices). It is probably not the right fit if:
- You are running a hospital, inpatient facility, or surgical center. You need Epic, Oracle Health (Cerner), or Meditech with full hospital RCM.
- You are running a large DSO (Dental Service Organization) or vision PE-backed operator. Look at Open Dental, Carestream, RevenueWell, or Mosaic.
- You are billing internationally. Code sets, payer rules, and compliance requirements differ materially.
- You are a healthcare SaaS company billing providers (not patients). You need Stripe Billing or Chargebee with a HIPAA-aware data architecture, not a medical billing platform.
Authoritative Sources
For verification and further reading:
- HHS HIPAA Security Rule
- CMS Medicare Coding and Billing
- American Medical Association CPT
- HHS HIPAA Penalty Structure
Frequently Asked Questions
Can I use QuickBooks Online or Wave for medical billing?
For cash-pay services where the invoice does not contain PHI (e.g., concierge membership fees, aesthetic packages, balance-due amounts without diagnosis), yes, with caveats. QuickBooks Intuit does sign Business Associate Agreements for QuickBooks Online for HIPAA-aware workflows in some plans. Wave does not sign BAAs. For insurance claims (CPT, ICD-10, modifiers, EDI 837 submission), no. You need a medical billing platform like Tebra, AdvancedMD, athenahealth, or DrChrono.
What is the cheapest HIPAA-compliant invoicing software for a small practice?
For cash-pay mental health, allied health, or concierge practices, SimplePractice (from $39 per month per provider) or Jane App (from $79 per month per location) are the most affordable HIPAA-compliant options that include BAA. They handle invoicing, scheduling, EHR, and patient portal in one tool. For insurance billing on a budget, Tebra starts around $125 to $300 per provider per month depending on plan and features.
Do I need a Business Associate Agreement (BAA) for billing software?
Yes, if the software stores or transmits any protected health information (PHI). PHI includes diagnosis, treatment description, ICD-10 or CPT codes, and any other data that could identify a patient's health condition. Without a signed BAA from the vendor, storing PHI in that system is itself a HIPAA violation regardless of the vendor's technical security. For pure cash-pay invoicing where the invoice describes a generic service (e.g., "Membership Quarterly") without PHI, a BAA may not be required but legal review of your specific workflow is wise.
What is the difference between an EHR and a medical billing platform?
An EHR (Electronic Health Record) is the clinical documentation system: charts, notes, lab orders, e-prescribing, vitals, and patient history. A medical billing platform handles the financial side: coding, claims submission, payment posting, patient billing, and revenue cycle management. Most modern platforms (Tebra, AdvancedMD, athenahealth, DrChrono, NextGen, eClinicalWorks) combine both into a single system. Older setups sometimes separate them, requiring an integration. For small practices, a combined EHR-plus-billing platform is almost always simpler and cheaper.