What should you ask a dental IT provider before hiring them?
Ask questions that reveal how the provider operates, not what features they list. The ten below expose transparency, speed, automation, contract terms, security, pricing, and on-site coverage — the things that actually determine whether your operatories stay up and whether you ever get nickel-and-dimed. For each, we note why it matters, what a good answer sounds like, and the red flag. (This is the detailed companion to the complete buyer's guide.)
1. What exactly can you see and do on my systems — and can I audit it?
Why: This separates a glass-box provider from a black box. Good answer: "Here is the dashboard; you see every signal and every action, and you can review an access log." Red flag: vagueness, or "you do not need to worry about that." (See Glass-box RMM.)
2. When Dentrix or Open Dental crashes at 8 a.m., what happens — and how fast?
Why: This is the failure that empties your schedule. Good answer: a concrete path with a realistic time, and evidence they know the software. Red flag: "open a ticket and we will get to it," with no time commitment.
3. Is anything automated — and can I control or turn it off?
Why: Automation is good; ungoverned automation is not. Good answer: automated remediation that is off by default and runs only inside an allowlist you authorize, with every action logged. Red flag: either no automation at all, or automation you cannot see or control.
4. Is the agreement month-to-month or multi-year — and what are the exit terms?
Why: Lock-in is the reason owners stay with providers they dislike. Good answer: flexible terms, or at least clear, penalty-free exit conditions. Red flag: a long contract with steep early-termination penalties.
5. Do you sign a Business Associate Agreement by default?
Why: If a vendor touches systems with access to PHI, HIPAA expects a BAA. Good answer: "Yes, by default." Red flag: hesitation, an upcharge for it, or confusion about what a BAA is. (See Security & Compliance.)
6. Do you test backup restores, or just confirm the backup job ran?
Why: "Backed up" and "restorable" are not the same thing. Good answer: regular test restores with a date for the last verified one. Red flag: "the backup runs every night" with no evidence of a restore. (See do my dental backups actually work?)
7. How is your remote access scoped, logged, and revoked?
Why: Vendor remote-access accounts have been the entry point in dental and healthcare breaches. Good answer: scoped, individually logged, owner-revocable access. Red flag: a shared, always-on admin account nobody audits. (See is my IT vendor my biggest security risk?)
8. What is included in the monthly fee — and what is billed on top?
Why: "Flat rate" often is not. Good answer: a clear line between included and extra, including after-hours and projects. Red flag: pricing that cannot be pinned down before you sign.
9. How does on-site support work, and what is the realistic response time?
Why: Some failures need hands on hardware. Good answer: an honest description of their bench or dispatch model and a realistic window. Red flag: "someone will be there soon" with no specifics.
10. Can I talk to two practices on my software that you support today?
Why: References on your stack are the best evidence. Good answer: two relevant references, offered readily. Red flag: reluctance, or only references on software you do not run.
How to use the answers
Score each finalist on all ten, weight the ones that match your situation (a busy multi-location group weighs automation and multi-site policy; a solo practice weighs the human relationship), and choose the fit. For the named, side-by-side detail, see the best dental IT companies guide and CyberCore vs traditional dental MSPs.