My dentist friend called me in a panic on a Tuesday afternoon. His practice had just been hit with ransomware. Patient records locked. The imaging system down. The IT guy he’d hired six months earlier — the one who’d seemed totally competent in the interview — was unreachable. Turned out, “I handle IT for small businesses” and “I understand HIPAA-compliant dental infrastructure” are very different things. He learned that distinction the hard way, to the tune of $40,000 in recovery costs and a mandatory breach notification to 800 patients.
That story isn’t unique. It’s practically a rite of passage for practices that skip the hard questions during the hiring process.
The Short Version: Most dental IT support vendors look identical on paper. The 15 questions below separate the ones who actually understand dental-specific infrastructure (Dentrix, Eaglesoft, HIPAA risk assessments, chair-side imaging) from generalists who will figure it out on your dime.
Key Takeaways
- HIPAA compliance isn’t a bonus feature — it’s a non-negotiable baseline; ask specifically about annual risk assessments and breach protocols
- Dental-specific software expertise (Dentrix, Eaglesoft, Open Dental, Carestream) matters more than general IT credentials
- Response time SLAs and after-hours coverage separate managed service providers from break-fix vendors
- A good dental IT provider should be able to name the last three practices they’ve migrated or onboarded
The full breakdown is in The Complete Guide to Dental IT Support. This piece is the interview filter you run before you ever get that far.
The 15 Questions
1. Which dental practice management software do you currently support?
Generic IT firms know Windows and Office. Dental IT specialists know Dentrix, Eaglesoft, Open Dental, and Carestream — and the quirks of each. A good answer names at least two systems and describes specific support scenarios, not just “we can learn any software.”
2. Have you completed a HIPAA risk assessment for a dental practice in the last 12 months?
HIPAA isn’t a checkbox — it’s an ongoing process. The HHS Office for Civil Rights expects covered entities to conduct annual risk assessments. A provider who can’t describe their risk assessment methodology or hasn’t done one recently is a liability, not an asset.
3. What’s your response time SLA for a system-down emergency?
When your practice management software crashes at 8 AM on a Monday, “we’ll get back to you by end of day” is not acceptable. Get a specific number in writing — 1 hour, 2 hours, 4 hours. Then ask what happens if they miss it.
4. Do you offer 24/7 remote monitoring, or is this a break-fix arrangement?
This is the single biggest fork in the road. Managed service providers monitor your systems proactively and catch problems before they become disasters. Break-fix vendors show up after something breaks. Know which one you’re hiring.
Reality Check: Most practices think they’re buying managed services. Many are actually buying break-fix with a monthly retainer label on it. Ask for the monitoring dashboard they use and what alerts they respond to automatically.
5. How do you handle ransomware recovery — and can you walk me through a real example?
Ransomware attacks on healthcare practices increased dramatically over the last five years. A qualified dental IT provider should have an incident response plan, air-gapped backups, and a recovery story they can actually tell you. Vague answers here are disqualifying.
6. What certifications do your technicians hold?
Look for: CHIT (Certified Healthcare IT), CHP (Certified HIPAA Professional), CompTIA Security+, or CompTIA Healthcare IT Technician. These aren’t the only valid credentials, but they signal someone who’s invested in the healthcare IT niche specifically — not just general networking.
7. How do you handle data backups, and where are they stored?
The right answer involves the 3-2-1 backup rule: three copies of data, two different media types, one offsite. For dental practices, “offsite” should mean a HIPAA-compliant cloud provider, not a thumb drive in the front desk drawer.
Pro Tip: Ask them to show you a test restore. Any provider confident in their backup process will do this without hesitation.
8. What dental imaging systems have you integrated with?
Chair-side digital X-ray systems, cone beam CT, and intraoral cameras all require specific drivers, network configurations, and sometimes dedicated workstations. If your provider has never touched a Carestream or Dexis setup, integration is going to be your problem, not theirs.
9. How do you manage software updates without disrupting patient care hours?
Dentrix and Eaglesoft updates can break things — integrations, report templates, billing modules. Good providers stage updates, test in a sandbox environment, and schedule maintenance windows outside business hours. Bad ones push updates at noon on a Wednesday.
10. What’s your process for onboarding a new practice or migrating from one PMS to another?
This is where experience shows up fast. Migration from Dentrix to Open Dental, or from a server-based to cloud-based PMS, requires data mapping, patient record verification, and a rollback plan. Ask how many migrations they’ve done in the last two years.
| Provider Type | Migration Experience | HIPAA Fluency | Dental Software Depth |
|---|---|---|---|
| General MSP | Low — treats it like any file migration | Variable | Usually none |
| Healthcare IT generalist | Moderate — knows EHR basics | Moderate | Limited |
| Dental IT specialist | High — has done it before | Strong | Deep (Dentrix, Eaglesoft, etc.) |
11. How do you handle HIPAA Business Associate Agreements?
Any vendor that touches your patient data is legally required to sign a BAA. If they hesitate, don’t know what it is, or say “our contract covers that,” walk away. This is not negotiable under federal law.
12. What does your offboarding process look like if we switch providers?
Nobody asks this upfront, and it’s a mistake. You need to know you can get your data back cleanly, revoke their access completely, and transfer documentation to a new provider. A defensive or vague answer is a red flag.
13. How do you train our staff on security protocols?
The most sophisticated firewall in the world doesn’t help if a front-desk employee clicks a phishing link. Ask if they provide annual security awareness training, phishing simulations, or documented protocols for common scenarios like a lost laptop or a suspicious email.
14. Can you provide references from other dental practices you currently support?
Not “have supported.” Currently support. You want to talk to someone who will call them at 2 PM on a random Thursday if something breaks — and find out whether they actually pick up.
15. What does your pricing model include, and what triggers an additional charge?
Monthly retainers are common, but the scope varies wildly. Get specifics: Does the retainer include after-hours calls? On-site visits? Hardware replacement? New workstation setup? The surprises show up in the invoices, not the proposal.
Nobody tells you this: the cheapest dental IT contract almost always gets expensive in year two.
Practical Bottom Line
Print these 15 questions. Use them in every vendor conversation before you sign anything. The providers who give you crisp, specific answers — with real examples and references — are the ones worth engaging. The ones who pivot to marketing language when you press them are the ones who will be unreachable when your imaging system goes down at 7:45 AM.
For a full framework on evaluating, hiring, and managing dental IT support over the long term, read The Complete Guide to Dental IT Support. The short version: these 15 questions are your filter. Use them like one.
Find A Dental IT Support Near You
Search curated dental IT support providers nationwide. Request quotes directly — it's free.
Search Providers →Popular cities:
Nick built this directory to help dental practice owners find credentialed IT providers without wading through general IT shops that lack dental software expertise — a gap he encountered when researching technology vendors for healthcare clients who needed both HIPAA compliance and Dentrix familiarity from day one.