HIPPA Security Rule Compliance for Dental Practices: Protecting Your Patients' Data - And Yourself.
Dave Argentar • September 17, 2019
The care that dentists need to provide their patients doesn’t end when they get up from the chair. Dental offices, and the computers, networks, servers, and files maintained within (and outside of) their walls contain patient information that must be kept secure and protected from data breaches and unauthorized disclosure. If your practice doesn’t have the systems, protocols, and policies in place to comply with HIPAA’s multitude of patient privacy and security requirements, even inadvertent and seemingly “harmless” violations can lead to significant financial and legal headaches.
HIPAA security compliance simply cannot be an afterthought for dental practices, nor is it a matter of “set it and forget it.” It requires constant vigilance, proactive planning, and regular audits and updates. This is particularly true when it comes to ensuring the security of electronic health records. Dentists need to commit people, time, and resources to the protection of patient information and should regularly consult with attorneys who can assist them in making their HIPAA compliance efforts robust and effective.
HIPAA Application to Dental Practices
After HIPAA became law in 1996, the U.S. Department of Health and Human Services (HHS) issued a set of national standards governing the use and disclosure of patients’ protected health information (PHI). Commonly known as the Privacy Rule , the Standards for Privacy of Individually Identifiable Health Information apply to “covered entities” as defined in HHS regulations.
The odds that your dental practice is a “covered entity” under HIPAA sit pretty close to 100%. If you send claims, eligibility inquiries and requests, pre-determinations, claim status inquiries, or treatment authorization requests to third parties through electronic means, you must comply with HIPAA.
HIPAA obligations don’t end at the Privacy Rule, which limits how and to whom PHI can be disclosed. Dental practices must also comply with the Security Rule ( Security Standards for the Protection of Electronic Protected Health Information ) as well as the Breach Notification Rule.
The HIPAA Security Rule
While the Privacy Rule addresses who may have access to PHI, the Security Rule sets the standards for ensuring that only those authorized individuals can access that information. One important distinction between the Privacy Rule and Security Rule is that while the former applies to PHI in whatever form – paper, oral, electronic - the Security Rule only covers electronic health records (ePHI). Since dental practices increasingly rely on electronic means to create, store, and transmit records, ensuring that your practice satisfies the Security Rule’s mandates is the centerpiece of any HIPAA compliance program.
The safeguards required under the Security Rule are divided into three categories:
· Administrative – As defined in the rules, these are policies and procedures designed “to manage the selection, development, implementation, and maintenance of security measures to protect electronically protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”
Practices must sufficiently implement and monitor their “performance of security management process, assignment or delegation of security responsibility, training requirements, and evaluation and documentation of all decisions.”
The essence of administrative compliance is people: people who are in charge of security, people who are trained about security, and people who are responsible for administering, monitoring, and auditing security compliance.
· Physical Access Controls – This involves safeguards established to control physical access to data and information and the systems which store them. This includes such essential elements as:
o Facility Access Controls – policies and procedures that limit physical access to all areas and devices where ePHI is stored, such as locked doors, restricted areas, surveillance systems, security guards, etc.
o Workstation Access and Security – policies and procedures that specify the proper functions to be performed on workstations, how employees should perform those functions, and physical workstation security.
o Device and Media Controls – thumb drives, laptops, phones, tablets, and other devices represent a significant vulnerability for unauthorized access to or distribution of ePHI. Dental practices need to establish policies and procedures that govern how hardware and electronic media containing ePHI can enter or exit dental offices. These controls must include disposal, media reuse, accountability, and data backup and storage.
· Technical controls – this involves “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” Firewalls, encryption, data security measures, and other systems put in place to prevent data breaches, cyberattacks, and unauthorized access to ePHI fall into this category.
Your Practice Could Be Held Responsible for Any HIPAA Violations by a “Business Associate”
Many if not most practices contract at least some of their billing, claims management, and other back-office responsibilities to third-party vendors. If a practice fails to obtain “satisfactory assurances” from a “business associate” that it is HIPAA-compliant before retaining their services, and a PHI breach subsequently occurs, the practice entity may be considered liable for any damages that result
That is why every dental practice that shares PHI with outside contractors enter into a written HIPAA-Compliant Business Associate Agreement with such vendors. These agreements should specify:
·the types of PHI that the practice will provide to the business associate;
·the permissible uses and disclosures of PHI by the business associate;
·the measures that the business associate must implement to protect PHI;
·the actions that the business associate will take in the event of a data breach.
HIPAA Compliance Questions? Call Grogan, Hesse & Uditsky Today
At Grogan, Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you.
If you have questions or concerns about your practice’s compliance with HIPAA, please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation.
Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
Speak to an Attorney
Related Posts
The care that dentists need to provide their patients doesn’t end when they get up from the chair. Dental offices, and the computers, networks, servers, and files maintained within (and outside of) their walls, contain patient files and information that must be kept protected from data breaches and unauthorized disclosure. Failure to handle these records properly can not only breach patient trust, but it can also create regulatory and licensing headaches for dentists and practice owners. That’s why ensuring that patient records are transferred securely and appropriately is of the utmost importance when a dental practice changes hands from one owner to the next. When selling a dental practice, one of the most critical yet often overlooked aspects of the transaction involves the proper handling of patient records. As an attorney who has advised numerous healthcare providers through practice transitions, I can tell you that mishandling patient records can expose both the selling and buying dentists to significant legal liability, regulatory penalties, and damage to professional reputation. Understanding your obligations under federal and state law is essential to protecting yourself and your patients during this transition. HIPAA Considerations Are the Highest Priority Patient dental records are governed by both federal regulations, primarily the Health Insurance Portability and Accountability Act (HIPAA), and state-specific laws that vary considerably across jurisdictions. Under HIPAA, patient records are protected health information (PHI), and any transfer of a patient’s protected health information (PHI) must comply with the law’s strict privacy and security requirements. Additionally, most states have dental practice acts and regulations that impose specific recordkeeping and transfer obligations on licensed dentists. The downsides of failing to thoroughly and carefully follow these requirements arguably represent the biggest potential legal threat to buyers and sellers alike in a practice sale. The selling dentist remains the legal custodian of patient records until the practice sale is complete and proper transfer protocols have been followed. This means that the practice owner cannot simply hand over file cabinets or hard drives to the buyer without taking appropriate legal steps. The seller’s fiduciary duty to their patients continues through the transition period and beyond. Notifying Patients Obviously, patients want and deserve to know that their dentist’s office is changing hands. While HIPAA does not explicitly require advance notice of a practice sale, it does require that patients be informed about who has access to their records. More importantly, many state laws explicitly require written notification to patients when a practice changes hands. The seller should inform patients of the new practice owner's identity, the date of the transition, their options regarding their records, and how they can obtain copies of their records if they choose to seek care elsewhere. Typically, this notification should be sent 30 to 60 days prior to the sale closing, allowing patients sufficient time to make informed decisions about their care. The Actual Transfer Itself The purchase agreement should clearly specify how the records will be transferred, who will bear the costs of transfer, and in what format the records will be transferred. For electronic health records (EHRs), the seller may need to coordinate with their EHR vendor to ensure the proper migration of data to the buyer's system or to maintain access if the buyer intends to use the same platform. For practices that still maintain paper records, the physical transfer must be handled securely to prevent unauthorized access or data breaches. Consider using a secure courier service and keeping a detailed inventory of all records transferred. Record Retention Obligations Generally, upon closing, the buyer assumes the responsibility for maintaining patient records going forward and must retain them for the period required by state law, which typically ranges from five to ten years from the last date of treatment. However, the seller may retain copies of records for their own protection, particularly if there's potential for future liability claims related to treatment provided before the sale. For patients who choose not to continue with the new owner and who do not request their records be sent to another provider, the buyer typically assumes responsibility for storing these inactive records for the required retention period. The purchase agreement should clearly allocate these ongoing obligations and any associated costs. Selling a dental practice is often the culmination of decades of hard work and the start of a new chapter in which the now-former practice owner can reap the benefits of those efforts. However, missteps in the handling of patient records could compromise those plans and leave the seller vulnerable to potential liability. By working closely with experienced counsel throughout the sales process, practice owners can wrap up their careers with clarity, confidence, and conclusiveness. If you are a practice owner anticipating a sale or transition, please contact Grogan, Hesse & Uditsky today. Contact Grogan, Hesse & Uditsky Today If you are a practice owner anticipating a sale or transition, please contact Grogan, Hesse & Uditsky today. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
Whatever shortcomings and deficiencies there may be in the dynamic between dental practices and insurance companies, their distinct roles in patient care are not among them. While dentists certainly want to maximize reimbursements for the services they provide, they are not beholden to insurers and remain in a position to advocate for their patients and challenge an insurer’s cost-related decisions without fear of retribution. But a recent unprecedented move by Delta Dental in Wisconsin threatens to upend this relationship model and has raised serious concerns among industry groups, patient advocates, and regulators about conflicts of interest, competition, and provider independence. Over the summer, Delta Dental announced that it had acquired Cherry Tree Dental, which owns and operates 31 clinics, 25 of which are in Wisconsin. The American Dental Association (ADA) is among several organizations that have vocally opposed the transaction. As the ADA wrote shortly after the deal was announced: When an insurance company becomes both health care provider and insurance payer, questions arise regarding potential conflict of interest. From a business standpoint, dental insurance companies seek to minimize cost and maximize profit. As a result, patients may find their treatment options limited to what is most cost-effective for the insurer, not necessarily what is most effective for their oral health. The ADA believes that the health interests of patients are best protected when dental practices and other private facilities for the delivery of dental care are owned and controlled by a dentist licensed in the jurisdiction where the practice is located. In November, the ADA filed a letter with the Wisconsin Office of the Commissioner of Insurance expanding on its concerns and opposition, including worries about provider independence in making care decisions: Direct ownership by Delta Dental could compromise dentists’ ability to advocate for patients. In traditional arrangements, dentists can appeal plan decisions regarding patient care or choose to leave a network if plan policies are overly restrictive. However, the ADA warned that when dentists are employed by the payer, challenging cost-related decisions could label them as “problem employees,” potentially discouraging proper patient care. The potentially anti-competitive effects of such arrangements were also raised by the ADA, which noted that “Delta Dental’s acquisition could influence agreements, business practices, and fee schedules between Cherry Tree and other payers, potentially creating unfair competition.” In addition to the ADA, the acquisition has drawn concerns from the Wisconsin Dental Association, the American Economic Liberties Project, and the Alliance of Independent Dentists. The fallout of this acquisition, if consummated, could ripple through other markets, potentially leading to a seismic shift in the provider-insurer landscape. We will continue to monitor developments and provide updates as warranted. We Focus on You So You Can Focus on Your Patients At Grogan Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices. This blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
For many associate dentists, the sound of opportunity knocking comes in the form of an offer to become a co-owner of the practice where they work. Rare is the dentist who would reject out of hand the chance to reap the rewards of years of hard work and move from employee to owner. For the practice owner who opens the equity door for their associate, such a “buy-in” can infuse cash and value into the business, laying the foundation for a seamless ownership transition upon their retirement. The key to a successful buy-in is a clear and equitably structured deal that is workable for both parties in terms of how the associate will pay for their equity interest. However, there is no one-size-fits-all approach. The structure of a dental associate buy-in can vary significantly depending on factors such as the associate’s financial capacity, the practice’s value, and the owner’s long-term objectives. Whether you are the associate or the practice owner in such an anticipated transaction, you should consult with an experienced dental practice attorney to understand your options and determine which structure provides you with the most value. Your discussions with your attorney will likely include some or all of these common dental associate buy-in arrangements: Cash Purchase A cash purchase is the most straightforward buy-in model. With either cash on hand or through financing (the more likely scenario), the associate purchases an agreed-upon percentage of the practice (for example, 25% or 50%) for a lump sum based on the appraised value of the practice. That appraisal will likely use metrics such as collections, earnings before interest and taxes (EBIT), or a percentage of annual gross revenue. The main advantage of a cash purchase is its simplicity and immediacy. The associate becomes an owner right away, while the practice owner receives a clean and full payout for the equity sold. However, obtaining the needed financing may be easier said than done for an associate dentist, and a large cash payout may also come with unwanted tax ramifications for the owner. Buy-in documents for a cash purchase should address governance rights, profit distribution, and exit mechanisms. They should also define what happens if an associate departs, how future buyouts are valued, and whether non-compete or non-solicitation covenants apply. Installment Sale An installment sale allows the associate to purchase equity over time, making periodic payments instead of an upfront lump-sum payment. After the practice value is determined, the associate agrees to buy a certain percentage of ownership through regular payments (e.g., monthly or quarterly) over several years. Payments may include interest, and ownership may be transferred incrementally or upon full payment. This is a good option for associates who do not have the means for a full cash buy-in immediately. For owners, this arrangement provides a steady income stream – so long as the associate does not leave before completing payments. That is why the documentation should clearly outline the timing of ownership right transfers and provide robust default remedies, such as forfeiture of prior payments or reversion of ownership interests. Sweat Equity In a sweat equity buy-in, the associate essentially cashes in their years of service, earning ownership over time based on their contribution to the practice’s growth or profitability rather than through an immediate cash investment. In a typical sweat equity arrangement, the associate receives equity credits or options tied to measurable performance benchmarks, such as production levels, collections, or tenure. Once those targets are met, a portion of ownership is granted or sold at a reduced price. This structure enables talented but liquidity-challenged associates to become owners without initial financial strain. It also incentivizes them to grow the practice and stay long-term. Shadow Account (a/k/a Phantom Equity) As I discussed in detail in this post , a shadow account (also known as a phantom equity plan) is an increasingly popular buy-in model, especially when the owner is not yet ready to transfer real equity but wants to reward the associate as if they were an owner. In this model, the associate receives the right to cash payments equal to the value of the shares at a specified later date or distribution event. That value can be established through an appraisal or an agreed-upon formula. The selected events that give an associate a right to a payout can include such things as achieving performance goals, termination, or retirement. There are two types of shadow account/phantom stock plans. In an "appreciation only” plan, the cash payout upon vesting does not include the value of the underlying shares, only the increase in value of that stock since it was granted. In a “full value” plan, the practice pays both the underlying value of the stock and the amount the stock has appreciated while held by the associate. Like actual stock, phantom stock has a defined value and tracks the practice’s performance, but an associate holding phantom stock typically does not have either minority shareholder rights or voting rights in the practice. This makes phantom stock plans attractive for owners who want to provide associates with a sense of equity ownership without giving up any actual control. The practice has broad discretion and flexibility in designing the plan, including valuation formulas and vesting conditions, and the administrative burdens are less than for traditional stock option plans. As noted, the “best” buy-in structure depends on the unique goals of both parties. No matter which model is ultimately adopted, well-crafted documentation, preceded by careful consideration and consultation with counsel, is essential. That is because these deals do more than just transfer ownership - they can lay the foundation for a stable, profitable partnership that preserves the practice’s legacy and rewards everyone’s investment, financial or otherwise. We Focus on You So You Can Focus on Your Patients At Grogan Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices. This blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
The care that dentists need to provide their patients doesn’t end when they get up from the chair. Dental offices, and the computers, networks, servers, and files maintained within (and outside of) their walls, contain patient files and information that must be kept protected from data breaches and unauthorized disclosure. Failure to handle these records properly can not only breach patient trust, but it can also create regulatory and licensing headaches for dentists and practice owners. That’s why ensuring that patient records are transferred securely and appropriately is of the utmost importance when a dental practice changes hands from one owner to the next. When selling a dental practice, one of the most critical yet often overlooked aspects of the transaction involves the proper handling of patient records. As an attorney who has advised numerous healthcare providers through practice transitions, I can tell you that mishandling patient records can expose both the selling and buying dentists to significant legal liability, regulatory penalties, and damage to professional reputation. Understanding your obligations under federal and state law is essential to protecting yourself and your patients during this transition. HIPAA Considerations Are the Highest Priority Patient dental records are governed by both federal regulations, primarily the Health Insurance Portability and Accountability Act (HIPAA), and state-specific laws that vary considerably across jurisdictions. Under HIPAA, patient records are protected health information (PHI), and any transfer of a patient’s protected health information (PHI) must comply with the law’s strict privacy and security requirements. Additionally, most states have dental practice acts and regulations that impose specific recordkeeping and transfer obligations on licensed dentists. The downsides of failing to thoroughly and carefully follow these requirements arguably represent the biggest potential legal threat to buyers and sellers alike in a practice sale. The selling dentist remains the legal custodian of patient records until the practice sale is complete and proper transfer protocols have been followed. This means that the practice owner cannot simply hand over file cabinets or hard drives to the buyer without taking appropriate legal steps. The seller’s fiduciary duty to their patients continues through the transition period and beyond. Notifying Patients Obviously, patients want and deserve to know that their dentist’s office is changing hands. While HIPAA does not explicitly require advance notice of a practice sale, it does require that patients be informed about who has access to their records. More importantly, many state laws explicitly require written notification to patients when a practice changes hands. The seller should inform patients of the new practice owner's identity, the date of the transition, their options regarding their records, and how they can obtain copies of their records if they choose to seek care elsewhere. Typically, this notification should be sent 30 to 60 days prior to the sale closing, allowing patients sufficient time to make informed decisions about their care. The Actual Transfer Itself The purchase agreement should clearly specify how the records will be transferred, who will bear the costs of transfer, and in what format the records will be transferred. For electronic health records (EHRs), the seller may need to coordinate with their EHR vendor to ensure the proper migration of data to the buyer's system or to maintain access if the buyer intends to use the same platform. For practices that still maintain paper records, the physical transfer must be handled securely to prevent unauthorized access or data breaches. Consider using a secure courier service and keeping a detailed inventory of all records transferred. Record Retention Obligations Generally, upon closing, the buyer assumes the responsibility for maintaining patient records going forward and must retain them for the period required by state law, which typically ranges from five to ten years from the last date of treatment. However, the seller may retain copies of records for their own protection, particularly if there's potential for future liability claims related to treatment provided before the sale. For patients who choose not to continue with the new owner and who do not request their records be sent to another provider, the buyer typically assumes responsibility for storing these inactive records for the required retention period. The purchase agreement should clearly allocate these ongoing obligations and any associated costs. Selling a dental practice is often the culmination of decades of hard work and the start of a new chapter in which the now-former practice owner can reap the benefits of those efforts. However, missteps in the handling of patient records could compromise those plans and leave the seller vulnerable to potential liability. By working closely with experienced counsel throughout the sales process, practice owners can wrap up their careers with clarity, confidence, and conclusiveness. If you are a practice owner anticipating a sale or transition, please contact Grogan, Hesse & Uditsky today. Contact Grogan, Hesse & Uditsky Today If you are a practice owner anticipating a sale or transition, please contact Grogan, Hesse & Uditsky today. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
Whatever shortcomings and deficiencies there may be in the dynamic between dental practices and insurance companies, their distinct roles in patient care are not among them. While dentists certainly want to maximize reimbursements for the services they provide, they are not beholden to insurers and remain in a position to advocate for their patients and challenge an insurer’s cost-related decisions without fear of retribution. But a recent unprecedented move by Delta Dental in Wisconsin threatens to upend this relationship model and has raised serious concerns among industry groups, patient advocates, and regulators about conflicts of interest, competition, and provider independence. Over the summer, Delta Dental announced that it had acquired Cherry Tree Dental, which owns and operates 31 clinics, 25 of which are in Wisconsin. The American Dental Association (ADA) is among several organizations that have vocally opposed the transaction. As the ADA wrote shortly after the deal was announced: When an insurance company becomes both health care provider and insurance payer, questions arise regarding potential conflict of interest. From a business standpoint, dental insurance companies seek to minimize cost and maximize profit. As a result, patients may find their treatment options limited to what is most cost-effective for the insurer, not necessarily what is most effective for their oral health. The ADA believes that the health interests of patients are best protected when dental practices and other private facilities for the delivery of dental care are owned and controlled by a dentist licensed in the jurisdiction where the practice is located. In November, the ADA filed a letter with the Wisconsin Office of the Commissioner of Insurance expanding on its concerns and opposition, including worries about provider independence in making care decisions: Direct ownership by Delta Dental could compromise dentists’ ability to advocate for patients. In traditional arrangements, dentists can appeal plan decisions regarding patient care or choose to leave a network if plan policies are overly restrictive. However, the ADA warned that when dentists are employed by the payer, challenging cost-related decisions could label them as “problem employees,” potentially discouraging proper patient care. The potentially anti-competitive effects of such arrangements were also raised by the ADA, which noted that “Delta Dental’s acquisition could influence agreements, business practices, and fee schedules between Cherry Tree and other payers, potentially creating unfair competition.” In addition to the ADA, the acquisition has drawn concerns from the Wisconsin Dental Association, the American Economic Liberties Project, and the Alliance of Independent Dentists. The fallout of this acquisition, if consummated, could ripple through other markets, potentially leading to a seismic shift in the provider-insurer landscape. We will continue to monitor developments and provide updates as warranted. We Focus on You So You Can Focus on Your Patients At Grogan Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices. This blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
For many associate dentists, the sound of opportunity knocking comes in the form of an offer to become a co-owner of the practice where they work. Rare is the dentist who would reject out of hand the chance to reap the rewards of years of hard work and move from employee to owner. For the practice owner who opens the equity door for their associate, such a “buy-in” can infuse cash and value into the business, laying the foundation for a seamless ownership transition upon their retirement. The key to a successful buy-in is a clear and equitably structured deal that is workable for both parties in terms of how the associate will pay for their equity interest. However, there is no one-size-fits-all approach. The structure of a dental associate buy-in can vary significantly depending on factors such as the associate’s financial capacity, the practice’s value, and the owner’s long-term objectives. Whether you are the associate or the practice owner in such an anticipated transaction, you should consult with an experienced dental practice attorney to understand your options and determine which structure provides you with the most value. Your discussions with your attorney will likely include some or all of these common dental associate buy-in arrangements: Cash Purchase A cash purchase is the most straightforward buy-in model. With either cash on hand or through financing (the more likely scenario), the associate purchases an agreed-upon percentage of the practice (for example, 25% or 50%) for a lump sum based on the appraised value of the practice. That appraisal will likely use metrics such as collections, earnings before interest and taxes (EBIT), or a percentage of annual gross revenue. The main advantage of a cash purchase is its simplicity and immediacy. The associate becomes an owner right away, while the practice owner receives a clean and full payout for the equity sold. However, obtaining the needed financing may be easier said than done for an associate dentist, and a large cash payout may also come with unwanted tax ramifications for the owner. Buy-in documents for a cash purchase should address governance rights, profit distribution, and exit mechanisms. They should also define what happens if an associate departs, how future buyouts are valued, and whether non-compete or non-solicitation covenants apply. Installment Sale An installment sale allows the associate to purchase equity over time, making periodic payments instead of an upfront lump-sum payment. After the practice value is determined, the associate agrees to buy a certain percentage of ownership through regular payments (e.g., monthly or quarterly) over several years. Payments may include interest, and ownership may be transferred incrementally or upon full payment. This is a good option for associates who do not have the means for a full cash buy-in immediately. For owners, this arrangement provides a steady income stream – so long as the associate does not leave before completing payments. That is why the documentation should clearly outline the timing of ownership right transfers and provide robust default remedies, such as forfeiture of prior payments or reversion of ownership interests. Sweat Equity In a sweat equity buy-in, the associate essentially cashes in their years of service, earning ownership over time based on their contribution to the practice’s growth or profitability rather than through an immediate cash investment. In a typical sweat equity arrangement, the associate receives equity credits or options tied to measurable performance benchmarks, such as production levels, collections, or tenure. Once those targets are met, a portion of ownership is granted or sold at a reduced price. This structure enables talented but liquidity-challenged associates to become owners without initial financial strain. It also incentivizes them to grow the practice and stay long-term. Shadow Account (a/k/a Phantom Equity) As I discussed in detail in this post , a shadow account (also known as a phantom equity plan) is an increasingly popular buy-in model, especially when the owner is not yet ready to transfer real equity but wants to reward the associate as if they were an owner. In this model, the associate receives the right to cash payments equal to the value of the shares at a specified later date or distribution event. That value can be established through an appraisal or an agreed-upon formula. The selected events that give an associate a right to a payout can include such things as achieving performance goals, termination, or retirement. There are two types of shadow account/phantom stock plans. In an "appreciation only” plan, the cash payout upon vesting does not include the value of the underlying shares, only the increase in value of that stock since it was granted. In a “full value” plan, the practice pays both the underlying value of the stock and the amount the stock has appreciated while held by the associate. Like actual stock, phantom stock has a defined value and tracks the practice’s performance, but an associate holding phantom stock typically does not have either minority shareholder rights or voting rights in the practice. This makes phantom stock plans attractive for owners who want to provide associates with a sense of equity ownership without giving up any actual control. The practice has broad discretion and flexibility in designing the plan, including valuation formulas and vesting conditions, and the administrative burdens are less than for traditional stock option plans. As noted, the “best” buy-in structure depends on the unique goals of both parties. No matter which model is ultimately adopted, well-crafted documentation, preceded by careful consideration and consultation with counsel, is essential. That is because these deals do more than just transfer ownership - they can lay the foundation for a stable, profitable partnership that preserves the practice’s legacy and rewards everyone’s investment, financial or otherwise. We Focus on You So You Can Focus on Your Patients At Grogan Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices. This blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
