...

Ekim IT Solutions

Blog / Will Running Dentrix on Windows 10 Show Up in a HIPAA Audit
All Dental

Will Running Dentrix on Windows 10 Show Up in a HIPAA Audit

HIPAA audit risk guide showing exactly what an OCR auditor checks when a dental practice runs Dentrix on an unsupported Windows 10 machine

Running Dentrix on Windows 10 after Henry Schein’s June 30, 2026 cutoff creates a specific, checkable compliance gap. Here is exactly what an auditor looks for and what documentation closes that gap.

An OCR auditor reviewing a Dentrix practice will request a current system inventory and ask whether known risks, including running an unsupported operating system on a vendor-unsupported software configuration, were identified in the practice’s Security Risk Assessment.

Why This Is a Compound Risk for Dentrix Specifically

A Dentrix practice running Windows 10 past June 2026 has two separate, publicly documented deadlines that were not addressed.

Microsoft’s Windows 10 end of support from October 2025, and Henry Schein’s Dentrix-specific support cutoff from June 2026. An auditor reviewing this finds two missed deadlines, not one, both of which were publicly announced well in advance. Most HIPAA audits involving outdated software involve only a single vendor’s deadline. This situation presents both simultaneously.

Not sure where your Windows 10 documentation stands before an auditor checks? Find out in 15 minutes if we are the right fit.
Schedule a Discovery Call →

What an Auditor Specifically Checks

Whether the practice’s Security Risk Assessment identifies which workstations run Dentrix and what operating system each is on

Whether the assessment notes Henry Schein’s Dentrix-specific Windows 10 support cutoff, not just Microsoft’s general deadline

Whether a documented remediation plan with target dates exists for any workstation still on Windows 10

Whether there is evidence the remediation plan is actively being followed, not just written once and ignored

Documentation That Closes This Gap

1
Workstation Inventory

A workstation inventory listing operating system version for every Dentrix workstation

Dated and updated as machines are upgraded. This is the baseline document an auditor requests first. A practice without a current, dated inventory has no foundation to defend its upgrade progress.

2
SRA Reference

Explicit reference to Henry Schein’s June 30, 2026 Dentrix support cutoff in the Security Risk Assessment

Not just a general Windows 10 mention. The SRA must name both deadlines — Microsoft’s and Henry Schein’s — as identified risks with the specific dates documented.

3
Upgrade Timeline

A written upgrade timeline with target completion dates plus progress documentation

Showing actual upgrades completed against that plan. A plan with no evidence of execution is treated the same as no plan. Completed upgrade records for each workstation demonstrate active remediation.

A Finding Versus a Violation

A Finding

Risk identified, documented, and actively being remediated

A practice that identifies the Dentrix and Windows 10 risk in its SRA, with an active remediation plan underway, is in a meaningfully different position during an audit than a practice with no documentation. Documenting the gap and an active plan, even before the upgrade is fully complete, materially changes how an audit finding is treated.

A Violation

Known, publicly announced risk with no documentation and no plan

OCR’s corrective action plans and most significant penalties target practices that show no evidence of identifying or addressing known, publicly documented risks. Two missed deadlines with no SRA mention, no inventory, and no remediation plan is the profile that draws the most serious outcomes.

HIPAA Audit Readiness Checklist

Check each item your practice currently has in place. Missing items are the exact gaps an OCR auditor would identify.

Items confirmed in place
0 / 5

Current workstation inventory listing OS version for every Dentrix workstation

Dated and updated as machines are upgraded.

SRA explicitly identifies Microsoft’s October 2025 Windows 10 end of support as a known risk

With the specific date documented.

SRA explicitly identifies Henry Schein’s June 30, 2026 Dentrix-specific cutoff as a separate known risk

Not just a general Windows 10 mention — the Dentrix-specific deadline named separately.

Written remediation plan with target completion dates for each remaining Windows 10 workstation

Specific machines, specific dates — not a general intention to upgrade.

Progress documentation showing completed upgrades against the plan

Evidence the plan is being followed, not just written.

Frequently Asked Questions

No. The compliance risk comes from the absence of documentation showing the practice identified the risk and has an active remediation plan, not from running Windows 10 during a transition period itself.
Ekim IT Solutions recommends documenting both deadlines explicitly. A generic Windows 10 mention does not demonstrate awareness of the Dentrix-specific support cutoff, which is a separate, dental-software-specific risk an auditor may probe for given how publicly Henry Schein announced it.
This is treated as a significant gap, particularly because both deadlines were publicly announced well in advance. The absence of any documentation suggests the risk assessment itself may not be current or thorough.
Ekim IT Solutions builds Henry Schein’s Dentrix-specific deadline directly into every practice’s documented Security Risk Assessment and workstation inventory, distinct from the general Windows 10 documentation, so the specific Dentrix risk is addressed explicitly rather than assumed to be covered by a general statement.
Running Dentrix on Windows 10 past the deadline and not sure what that looks like to an OCR auditor?

Ekim IT Solutions works exclusively with dental practices. We serve New England and New York with on-site support and dental practices nationwide with remote support. We close the unsupported configuration gap with Windows 11 upgrades and provide the documentation your practice needs to demonstrate compliance if an auditor ever asks.

An unsupported workstation running patient data is exactly what auditors check for. Find out if yours is one of them.
Close your compliance gap now →