Selling or Buying a Practice? Don't Lose the Patient Data

A dental practice sale is usually framed around chairs, goodwill, and cash flow. But the patient records are quietly one of the most valuable and most legally loaded things changing hands. This article frames data continuity from both the seller's and the buyer's perspective. It is general information, not legal advice, and practice transitions touch records-retention and transaction law that varies by state, so involve qualified counsel and a licensed broker in any real deal.

Are patient records an asset or a liability in a practice sale?

They are both at once. To the buyer, the patient base and its records are much of what the purchase price actually buys, the documented history that lets clinical care continue uninterrupted. At the same time, those same records carry a legal obligation to retain and protect them that does not vanish when the practice changes owners. You cannot accept the asset and decline the duty. A clean transition treats the records as something to be preserved and handed over intact, not copied loosely and forgotten.

What patient data actually has to move?

More than the obvious database. A complete handoff usually includes the practice management system (PMS) data (patients, ledgers, scheduling, treatment plans), imaging and radiographs (often stored separately from the PMS), scanned documents and signed consent forms, and the backup history behind all of it. Imaging is the piece most often underestimated, because radiograph archives can be large, stored in a separate system, and tied to proprietary formats. A capable backup approach captures the PMS and imaging together in an application-consistent way so the records stay coherent, rather than grabbing files mid-write.

Why verify the backup before you sign?

Because a backup nobody has ever restored is only an assumption. Before closing, the seller should be able to demonstrate a complete, current backup, and ideally both parties should witness a test restore that proves the data comes back intact and usable, not just that files copied. DDSArk surfaces backup completeness and last-verified-restore status per device so a transition can be validated rather than trusted blindly. The principle to insist on, whatever tooling is used: confirm the backup is complete and restorable before money moves, and confirm again after the data lands with the new owner.

Who becomes the custodian of records after the sale?

The custodian is whoever holds the legal duty to maintain and produce patient records, and in a sale that role has to be assigned explicitly, not assumed. In most asset purchases the buyer takes custody of the records and inherits the obligation to retain them for the periods the law requires. Sometimes a selling dentist retains a copy or specific rights, especially where ongoing liability or regulatory questions exist. The point is that custody should be written into the agreement, with a clear answer to a simple question: if a former patient or a regulator requests a record three years from now, who must produce it and from what system?

Do retention obligations transfer with the practice?

Yes, the duty to retain records carries forward, the sale does not reset the clock. Clinical record retention periods are set by state law and vary, so the specifics belong with your counsel and your state board, not a blog. Separately, HIPAA requires that compliance documentation be retained for six years . For how these obligations differ across jurisdictions, see How Long Must Dental Practices Keep Patient Records? State-by-State. The practical implication for a transition: the buyer needs not just today's active charts but enough history to satisfy retention rules that began before they owned the practice.

How do you keep BAA coverage continuous through the deal?

By making sure protected health information is never sitting with an uncovered party at any point in the transition. If a cloud backup vendor or IT provider handles the records, a Business Associate Agreement (BAA) must be in place for whoever holds the data on each side of the closing date. Gaps are the risk, the old owner's BAA lapses before the buyer's is signed, or data is exported to a personal drive with no agreement at all. Plan the BAA handoff alongside the asset transfer so coverage is continuous. For the broader picture of how compliant cloud backup works, see Is Cloud Backup HIPAA Compliant?.

What if the buyer is switching to a different PMS?

Then treat the migration as its own project with its own verification. Moving from one PMS to another risks dropped fields, broken ledger history, and imaging that no longer links to the right patient. The safe pattern: keep the source system and its backups intact until the migration is validated, migrate the data, then reconcile the new system against the original record by record where it matters, before retiring anything. Imaging deserves special attention because radiographs may need format conversion and re-association with patient files. Never decommission the old PMS or delete its backups until the new system is proven complete and restorable on its own.

A short checklist for both sides

For the seller: produce a complete, current backup; demonstrate a successful test restore; document what is being transferred; and clarify what, if anything, you retain. For the buyer: confirm the backup is restorable before and after transfer; nail down custody and retention obligations in writing; ensure continuous BAA coverage; and plan any PMS or imaging migration with reconciliation built in. For both: route the transaction through counsel and a broker who understand dental practice transitions in your state.

The nameplate on the door can change without a single patient record being lost. That outcome is not luck, it is the result of treating data continuity as a planned, verified part of the deal.