Medical Billing Vendor Evaluation Scorecard

The scorecard rates 27 criteria, each on a simple 0/1/2 scale, then weights the eight categories so that the dimensions most likely to cost you money — compliance, pricing transparency, KPIs, and contract terms — carry the most influence.

Per-criterion scoring (0/1/2):

• 2 points (strong): The vendor meets the criterion cleanly and can show evidence (a report, a sample, a contract clause).
• 1 point (partial): The vendor partially meets it, or commits to meeting it but cannot yet show proof.
• 0 points (weak / red flag): The vendor fails the criterion, deflects, or refuses to answer.

Category weights. Each category has a maximum weighted contribution to the 100-point total. Within a category, the raw points you award (sum of its criteria, each 0-2) are scaled to that weight.

The weighted-score formula for each category is: `(raw points earned / max raw for that category) x category weight`. Sum the eight weighted category scores for the total out of 100.

Interpretation bands:

• 85-100 — Strong finalist. Meets the high-stakes criteria with evidence. Proceed to references and contract redlining.
• 70-84 — Workable, with written conditions. Sound overall but with specific gaps. Advance only if the gaps are closed in the contract or SLA before signing.
• 55-69 — Significant gaps. Proceed only if the missing criteria are fixable and the vendor agrees to fix them in writing. Otherwise decline.
• Below 55 — High risk. Decline.

The band is a guide, not a verdict: the auto-disqualifiers in the final section override the total score entirely. A vendor can score 90 and still be disqualified for refusing a BAA.

Score every finalist on this identical table. Each row is one criterion worth 0, 1, or 2 points. The columns define what a 2-point (strong) answer and a 0-point (weak / red-flag) answer look like, so two different evaluators score consistently. KPI criteria are anchored to the HFMA MAP Keys framework — the most widely used revenue-cycle KPI standard — so you compare vendors against a recognized definition rather than each vendor's private math.

For the deeper pricing context behind criteria 8-10, see how much medical billing companies charge; for the KPI definitions behind criteria 11-14, see the clean claim rate formula and days in A/R benchmark.

Here is the rubric applied to two hypothetical finalists so the math is concrete. Award each criterion 0/1/2, sum the raw points per category, then scale to the category weight using `(raw earned / max raw) x weight`.

Vendor A is a mid-market firm with strong compliance and KPI discipline but a per-claim model with some add-ons. Vendor B pitched a low headline price but is thin on compliance and reporting.

Reading the result. Vendor A lands at 88 — a strong finalist. Advance to reference calls and contract redlining, and close the two-point gaps (specialty currency, A/R remedy) in the SLA. Vendor B lands at 46 — below 55, decline. Note what the weighting did: Vendor B's competitive pricing barely moved the total because pricing is one of three mid-weight categories, while its compliance and KPI weakness — the high-weight categories — sank the score. That is the scorecard working as designed: a cheap vendor that cannot evidence compliance or commit to KPIs should not win on price alone.

One caution the math cannot show. Run the auto-disqualifier check (next section) before you celebrate any total. If Vendor B had also refused a BAA, its 46 would be moot — it is out regardless. Conversely, never let a high total paper over a missing SOC 2 Type II report.

Four findings remove a vendor from consideration no matter how high the weighted total climbs. These are not point deductions — they are gates. Treat any one of them as a hard stop.

1. No SOC 2 Type II report. A Type II report attests that security controls operated effectively over a period, not just that they existed on one day (the weaker Type I). For a vendor handling your patients' PHI and your cash flow, the absence of a current Type II report is a structural risk, not a paperwork gap. 'In progress' is not a Type II report.
2. Refusal to sign a HIPAA Business Associate Agreement (BAA). Any entity that creates, receives, maintains, or transmits PHI on your behalf is a HIPAA business associate and a compliant BAA is required under the HIPAA Rules and the HITECH Act. A vendor that resists signing one, or that tries to gut the breach-notification and liability terms, is telling you how it will behave when something goes wrong. Non-negotiable.
3. Multi-year lock-in with no performance guarantee or exit clause. A long term is only acceptable when paired with written KPI commitments and a remedy if they are missed. A multi-year contract with punitive termination clauses and no performance guarantee transfers all the risk to you: if the vendor underperforms, you are trapped paying for it. Pair this disqualifier with the companion read on switching billing companies without revenue loss — the exit terms you sign today determine whether you can ever leave cleanly.
4. Refusal to put KPI targets in writing. A vendor that will not commit a first-pass clean claim rate, denial-rate ceiling, net days in A/R target, or net collection rate floor into the contract or SLA — using recognized HFMA MAP Keys definitions — is selling effort, not outcomes. Verbal assurances are unenforceable. If it is not in writing with a defined denominator and a remedy, it does not exist.

A practical rule: score all 27 criteria first so you understand the vendor fully, then run the four gates. The score tells you how good the best-case relationship looks; the gates tell you whether the relationship is safe to enter at all. A vendor must clear all four gates and land in an acceptable band to advance.

The scorecard is only as good as the discipline you apply it with. A repeatable process keeps the comparison honest across finalists.

1. Build the worksheet once, reuse it for every vendor. Put the 27 criteria, the 0/1/2 definitions, and the category weights into a spreadsheet before the first demo. Scoring vendors on different sheets, or scoring later vendors more generously because you have 'demo fatigue,' destroys comparability.
2. Walk in with your own numbers. Pull your current first-pass clean claim rate, denial rate, net days in A/R, aged A/R over 90, and net collection rate from your PM system using HFMA MAP Keys definitions. This turns a sales pitch into a diagnostic conversation and gives you a baseline to measure the vendor against. The medical billing KPI dashboard template and medical billing audit checklist help you assemble those numbers.
3. Demand evidence for every 2. A criterion only earns 2 points with proof: the SOC 2 report under NDA, the redacted sample report, the contract clause, the reference call. Score on artifacts, not adjectives.
4. Score independently, then reconcile. If two people from your practice score each finalist separately and then compare, the criteria where they diverge are exactly the ones to probe further with the vendor.
5. Decide build vs. buy with the same rigor. If your top finalist still lands below your threshold, the answer may be to keep billing in-house and fix the process. The trade-offs are laid out in RCM outsourcing vs. an internal team, and the broader market view is in best medical billing companies 2026.

Where MedPrecision Billing maps onto the scorecard (for transparency, not as a substitute for your own scoring): MedPrecision uses a percentage-of-collections / performance-based model — 4.5% of monthly collections for solo practices and 6.0% for group practices — with no setup fees, no per-claim charges, and no hidden costs, which addresses criteria 8-10 on pricing transparency. Its coders are AAPC-certified and AHIMA-credentialed (criterion 5), it is a HBMA member and HIPAA compliant (criteria 1-4 context), and it offers a free billing audit at /get-a-quote/ so you can baseline your own KPIs before scoring any vendor. The point of this page, though, is the neutral framework: score every vendor — including us — on the identical 27 criteria and let the evidence decide.