Technology provisions in a DSO contract are among the most consequential clauses in the document. They determine who owns the technology infrastructure, who pays for IT support, what software platforms practices are required to use, and what happens to patient data if the relationship ends.
Here is what every DSO contract should address regarding technology before any party signs.
The most common IT dispute between DSOs and affiliated practices stems from technology ownership and data portability provisions that were not clearly defined in the original contract.
A practice that discovers after signing that patient data is stored in a DSO-controlled system with no independent export rights has significantly less operational independence than it assumed. Technology and data ownership provisions should be reviewed by independent legal counsel before a DSO contract is signed.
Physical hardware at each location
Practice management software and central database
Which platform is required, who pays for the license, and what happens to data if the platform changes or the relationship ends
The contract must specify all three. A practice that is required to migrate to a new PMS mid-relationship to meet DSO standardization requirements should know in advance who bears the migration cost and data conversion risk.
Required imaging platforms and whether the practice can use existing imaging hardware or must replace it to meet DSO standards
Imaging hardware replacement is a significant capital cost. A contract that requires replacing existing Carestream or DEXIS equipment to standardize on a DSO-preferred platform should specify who pays for that replacement.
Whether the DSO mandates specific platforms and whether those platforms are paid by the DSO or the practice
Practices already contracted with a patient communication platform need to know whether they must terminate that relationship and migrate to a DSO-mandated platform, and whether the transition cost is borne by the DSO or the practice.
The contract must define who provides IT support and who pays
Some DSOs provide centralized IT support as part of the agreement. Others require practices to maintain their own IT relationships. In the latter case, the contract should specify minimum IT standards the practice must maintain, including security requirements, response time expectations, and infrastructure standards if the practice uses a cloud platform mandated by the DSO.
Each practice location is a separate covered entity with independent HIPAA obligations
A DSO contract should not imply that the DSO’s organizational compliance program substitutes for location-level compliance requirements. Both the DSO and the affiliated practice have independent HIPAA obligations that the contract should acknowledge explicitly. The practice remains responsible for its own Security Risk Assessment, BAAs, and technical safeguards regardless of DSO membership.
What happens to patient data if a practice leaves the DSO
The contract should specify that the practice has the right to export its complete patient database in a standard, portable format within a defined timeframe after the relationship ends. A practice that cannot export its data in a usable format is effectively locked in to the DSO relationship regardless of any other exit provisions.
Before signing a DSO contract, confirm each of these technology provisions is clearly addressed. Items not addressed need to be negotiated before signing.
Technology and Software Ownership
0/3Physical hardware ownership explicitly assigned to the practice at each location
Servers, workstations, imaging hardware, and network equipment should be clearly listed as practice-owned.
Required PMS platform specified with licensing responsibility and data ownership clearly defined
Who owns the license and what happens to the patient database if the relationship ends.
Imaging and patient communication platform requirements with cost responsibility assigned
Whether existing hardware can be retained or must be replaced, and who bears replacement cost.
Data Portability and Exit Provisions
0/3Right to export complete patient database in a standard, portable format within a defined timeframe
Format must be compatible with standard dental PMS platforms, not a proprietary format.
Imaging data in DSO-controlled systems returned to the practice or made accessible for migration
Imaging data stored in DSO infrastructure cannot be left inaccessible to the departing practice.
Ongoing access to historical records during the transition period explicitly addressed
Clinical continuity requires access to patient records while migration is in progress.
IT Support and HIPAA Responsibility
0/3IT support provider and cost responsibility clearly defined for each practice location
Whether DSO provides IT centrally or practice maintains its own IT relationship.
Minimum IT standards the practice must maintain are specified if IT is self-managed
MFA, encrypted backup, endpoint detection, HIPAA documentation, and internet speed minimums.
Independent HIPAA obligations of both the DSO and affiliated practice explicitly acknowledged
The DSO’s compliance program does not substitute for location-level SRA, BAAs, and technical safeguards.
All nine IT provisions confirmed addressed.
The technology provisions in this DSO contract cover the critical areas. Confirmation that provisions are present does not substitute for review by independent legal counsel with dental DSO contract experience. Technology provisions should be reviewed alongside the full contract before any party signs.
Ekim IT Solutions works exclusively with dental practices. We serve New England and New York with on-site support and dental practices nationwide with remote support. We work with dental groups and DSOs on IT infrastructure and can help affiliated practices understand what the technology provisions in their DSO contract actually mean before they sign.