...

Ekim IT Solutions

Blog / What to Know About IT in a DSO Contract
All Dental

What to Know About IT in a DSO Contract

DSO contract IT provisions guide showing what dental groups need to include for technology management before signing a DSO agreement

Technology provisions in a DSO contract are among the most consequential clauses in the document. They determine who owns the technology infrastructure, who pays for IT support, what software platforms practices are required to use, and what happens to patient data if the relationship ends.

Here is what every DSO contract should address regarding technology before any party signs.

The Most Common IT Dispute in DSO Agreements

The most common IT dispute between DSOs and affiliated practices stems from technology ownership and data portability provisions that were not clearly defined in the original contract.

A practice that discovers after signing that patient data is stored in a DSO-controlled system with no independent export rights has significantly less operational independence than it assumed. Technology and data ownership provisions should be reviewed by independent legal counsel before a DSO contract is signed.

Technology Ownership in a DSO Contract

Practice Typically Owns

Physical hardware at each location

  • Servers at each practice location
  • Workstations and clinical computers
  • Imaging hardware and sensors
  • Network equipment at each site
  • Verify in the contract that physical hardware ownership is explicitly assigned to the practice
DSO Typically Owns or Controls

Practice management software and central database

  • Practice management software licenses
  • The central patient database
  • Cross-location reporting infrastructure
  • Patient communication and billing platforms
  • This is where data portability provisions become critical if the relationship ends

Software Standardization Requirements

1
Practice Management Platform

Which platform is required, who pays for the license, and what happens to data if the platform changes or the relationship ends

The contract must specify all three. A practice that is required to migrate to a new PMS mid-relationship to meet DSO standardization requirements should know in advance who bears the migration cost and data conversion risk.

2
Imaging Software

Required imaging platforms and whether the practice can use existing imaging hardware or must replace it to meet DSO standards

Imaging hardware replacement is a significant capital cost. A contract that requires replacing existing Carestream or DEXIS equipment to standardize on a DSO-preferred platform should specify who pays for that replacement.

3
Patient Communication and Billing

Whether the DSO mandates specific platforms and whether those platforms are paid by the DSO or the practice

Practices already contracted with a patient communication platform need to know whether they must terminate that relationship and migrate to a DSO-mandated platform, and whether the transition cost is borne by the DSO or the practice.

Need to meet the IT standards in your DSO contract? Find out in 15 minutes if we are the right fit.
Schedule a Discovery Call →

IT Support and HIPAA Responsibility

IT Support Provisions

The contract must define who provides IT support and who pays

Some DSOs provide centralized IT support as part of the agreement. Others require practices to maintain their own IT relationships. In the latter case, the contract should specify minimum IT standards the practice must maintain, including security requirements, response time expectations, and infrastructure standards if the practice uses a cloud platform mandated by the DSO.

HIPAA Responsibility

Each practice location is a separate covered entity with independent HIPAA obligations

A DSO contract should not imply that the DSO’s organizational compliance program substitutes for location-level compliance requirements. Both the DSO and the affiliated practice have independent HIPAA obligations that the contract should acknowledge explicitly. The practice remains responsible for its own Security Risk Assessment, BAAs, and technical safeguards regardless of DSO membership.

Data Portability and Exit Provisions

The Most Important Technology Provision in Any DSO Contract

What happens to patient data if a practice leaves the DSO

The contract should specify that the practice has the right to export its complete patient database in a standard, portable format within a defined timeframe after the relationship ends. A practice that cannot export its data in a usable format is effectively locked in to the DSO relationship regardless of any other exit provisions.

  • Patient records must be exportable in a format compatible with standard dental practice management platforms, not a proprietary format that requires the DSO’s system to access
  • Imaging data stored in DSO-controlled systems must be returned to the practice or made accessible for migration within a defined timeframe
  • The timeframe for data export must be clearly defined and sufficient for a complete migration. Thirty days is often insufficient for a large practice database
  • Ongoing access to historical patient records during the transition period must be addressed so clinical continuity is maintained while migration is underway

DSO Contract IT Provisions Review Checklist

Before signing a DSO contract, confirm each of these technology provisions is clearly addressed. Items not addressed need to be negotiated before signing.

Provisions confirmed addressed
0 / 9
Ownership

Technology and Software Ownership

0/3

Physical hardware ownership explicitly assigned to the practice at each location

Servers, workstations, imaging hardware, and network equipment should be clearly listed as practice-owned.

Required PMS platform specified with licensing responsibility and data ownership clearly defined

Who owns the license and what happens to the patient database if the relationship ends.

Imaging and patient communication platform requirements with cost responsibility assigned

Whether existing hardware can be retained or must be replaced, and who bears replacement cost.

Data Exit

Data Portability and Exit Provisions

0/3

Right to export complete patient database in a standard, portable format within a defined timeframe

Format must be compatible with standard dental PMS platforms, not a proprietary format.

Imaging data in DSO-controlled systems returned to the practice or made accessible for migration

Imaging data stored in DSO infrastructure cannot be left inaccessible to the departing practice.

Ongoing access to historical records during the transition period explicitly addressed

Clinical continuity requires access to patient records while migration is in progress.

HIPAA + IT

IT Support and HIPAA Responsibility

0/3

IT support provider and cost responsibility clearly defined for each practice location

Whether DSO provides IT centrally or practice maintains its own IT relationship.

Minimum IT standards the practice must maintain are specified if IT is self-managed

MFA, encrypted backup, endpoint detection, HIPAA documentation, and internet speed minimums.

Independent HIPAA obligations of both the DSO and affiliated practice explicitly acknowledged

The DSO’s compliance program does not substitute for location-level SRA, BAAs, and technical safeguards.

All nine IT provisions confirmed addressed.

The technology provisions in this DSO contract cover the critical areas. Confirmation that provisions are present does not substitute for review by independent legal counsel with dental DSO contract experience. Technology provisions should be reviewed alongside the full contract before any party signs.

Frequently Asked Questions

IT cost allocation varies by DSO structure. Some DSOs provide centralized IT as part of the management fee and include it in the overhead allocation. Others require practices to maintain independent IT relationships at their own expense but within defined standards. The DSO contract should specify which model applies and what cost categories fall under each party’s responsibility.
In many DSO structures, yes. Practices often retain the right to choose their own IT provider as long as that provider meets the DSO’s minimum IT standards. Before signing any DSO contract, confirm whether the practice is required to use a DSO-designated IT provider or whether independent provider relationships are permitted.
The practice should insist on the right to export its complete patient database in a portable format at any time during the relationship, not just upon termination. It should also insist on a clear definition of which data is owned by the practice versus the DSO, and an explicit right to access that data for regulatory compliance purposes including HIPAA audit response.
Ekim IT Solutions reviews IT and technology provisions in DSO contracts from a practical IT perspective, helping practices understand what the technical requirements mean in operational terms, whether the minimum standards specified are appropriate, and what the data portability provisions would actually look like to implement. We work alongside the practice’s legal counsel, not as legal advisors ourselves.
Reviewing a DSO contract and not sure if the technology clauses actually protect your practice’s data, infrastructure, and IT flexibility?

Ekim IT Solutions works exclusively with dental practices. We serve New England and New York with on-site support and dental practices nationwide with remote support. We work with dental groups and DSOs on IT infrastructure and can help affiliated practices understand what the technology provisions in their DSO contract actually mean before they sign.

Technology clauses in a DSO contract determine who owns your data and what happens to it if the relationship ends. Read them before you sign.
Talk through the IT implications →