How Dentrix / Open Dental / Eaglesoft audit trails can help expose embezzlement
Every click leaves a footprint. In an embezzlement case, those footprints are the evidence.
When money goes missing from a dental practice, the theft almost never happens in the checkbook. It happens inside the practice management software, in the adjustments, deleted transactions, reversed payments, and quietly rewritten ledgers that hide the money before it ever reaches a bank statement. What most owners do not realize is that Dentrix, Open Dental, and Eaglesoft are all watching. Each one keeps an audit trail: a running record of who did what, and when. Read correctly, that record can expose an embezzler.
What is an audit trail in dental practice management software?
An audit trail is a log the software keeps in the background as staff use it. Every time someone posts a payment, edits a charge, deletes a transaction, changes a fee, or reverses an entry, the system can record three things: the action, the user account that performed it, and the date and time it happened. Unlike the printed day sheet, which shows the practice as the embezzler wants it to look, the audit trail shows what actually happened, including the entries that were later erased.
That distinction is the whole game. A skilled embezzler can make today’s numbers balance. What they cannot easily do is erase the history of how those numbers got there.
How does an audit trail expose embezzlement?
Most dental embezzlement follows a small number of patterns, and each one leaves a distinct signature in the audit trail:
- Deleted or reversed payments. A patient pays cash, the payment is posted, and then it is deleted so the money can be pocketed. The ledger looks clean, but the audit trail still shows the payment being entered and then removed.
- Unwarranted adjustments and write-offs. Balances are written off as courtesy discounts, insurance adjustments, or bad debt to make a stolen payment disappear. A pattern of adjustments tied to one user account is a classic red flag.
- Backdated or after-hours entries. Changes posted late at night, on days the office was closed, or backdated to an earlier period often signal someone covering their tracks when no one is watching.
- Repeated edits to the same accounts. The same patients being touched over and over, especially cash-paying patients, can reveal where the money is being skimmed.
Any one of these can be innocent. It is the pattern across hundreds or thousands of logged actions, correlated to a specific user and a specific time, that turns raw data into proof. That analysis is the heart of a digital forensic examination, and it is where the most common digital red flags surface.
Where the audit trail lives in Dentrix, Open Dental, and Eaglesoft
Dentrix
Dentrix maintains an audit trail that records additions, changes, and deletions to ledger and account activity, along with the operator and timestamp. Reviewed properly, a Dentrix audit trail can reconstruct payments that were entered and then deleted, adjustments that do not match a legitimate business reason, and edits made outside normal hours. This is exactly the kind of review we perform in a Dentrix Audit Trail Review.
Open Dental
Open Dental keeps one of the more detailed audit trails in the industry. Its permission-based logging can capture a wide range of actions, including who inserted, edited, or deleted payments, adjustments, and appointments, each tied to a user and a date and time. That granularity makes Open Dental data especially useful for reconstructing exactly how a theft was carried out and concealed.
Eaglesoft
Eaglesoft records account and transaction history, including edits and reversals to ledger activity. As with the others, the value is not in any single entry but in the pattern of changes across time and across user accounts. A forensic review can surface where balances were manipulated and trace the activity back to the responsible login.
One important caveat: audit trails vary by software, version, and configuration. Some can be limited by settings, retention windows, or how logins are managed, and the person committing the fraud is sometimes the same person who controls those settings. Knowing what a given system does and does not capture, and how to preserve it correctly, is part of the forensic work.
Why shared logins can blind the audit trail
An audit trail is only as good as the login attached to each action. When the front desk, the billing assistant, and the office manager all share one username and password, every entry points to the same account and no one can be individually identified. Shared logins are one of the most common ways a practice unknowingly destroys its own evidence before a case ever begins. We cover this in depth in the one password your entire practice relies on. Giving every team member a unique login is the single easiest step an owner can take to keep the audit trail meaningful.
Can an audit trail be used as evidence in court?
Yes, when it is collected and interpreted correctly. Practice management data and its audit trail can become part of the record in civil litigation, criminal referral, and insurance claims, but it has to be handled the right way. The data must be preserved without altering it, the analysis has to be defensible, and the findings usually need to be explained by a qualified expert who can withstand scrutiny in a deposition or at trial. See how electronic dental records become legal evidence for more on that process.
This is where an investigation and an expert witness engagement differ. Finding the theft is one job. Proving it to a court, an insurer, or a regulator is another, and it is the work we do every day.
What should you do if you suspect embezzlement?
- Do not confront anyone yet. Tipping off a suspect gives them time to delete records, change settings, or walk out with data.
- Do not start deleting or “cleaning up” the system yourself. Well-meaning changes can overwrite the very evidence you need.
- Preserve the data. The audit trail and underlying database should be captured intact by someone who knows how to do it without altering the record.
- Call a forensic examiner. A confidential, off-site review can confirm whether theft occurred and quantify it before you take any action.
Since 2004, Hiltz & Associates has conducted hundreds of dental embezzlement and digital forensic investigations, quietly and off-site, and supported dentists and their attorneys through high-stakes litigation. If the numbers in your practice are not adding up, the answer may already be sitting in your audit trail.
Frequently asked questions
Can a dentist read the audit trail themselves?
You can view parts of it, but interpreting it forensically is a different task. The logs can be long, and the meaningful signal is the pattern across many entries tied to a user and a time, not any single line. Handling the data the wrong way can also compromise it as evidence, so it is best reviewed by a forensic examiner in a way that will hold up under scrutiny.
Can an embezzler delete the audit trail?
It depends on the software, the version, and the settings, and the person committing the fraud is sometimes the one who controls those settings. Even so, deletions and gaps tend to leave their own traces, and other data sources can corroborate the record. That is exactly why preserving the system quickly, before anyone is alerted, matters so much.
Which is better for catching embezzlement: Dentrix, Open Dental, or Eaglesoft?
All three keep an audit trail that can help expose theft. Open Dental’s logging tends to be especially detailed, but the bigger factors are whether each staff member has a unique login and whether the data is preserved correctly once a problem is suspected. Good practices matter more than the brand.
How far back does an audit trail go?
That depends on the system’s retention settings and how long the practice has used the software. Some systems retain years of history, others are more limited. The sooner the data is preserved, the more complete the picture a forensic review can build.
Concerned about what your audit trail might reveal? Start with a confidential Dentrix Audit Trail Review, or read our Dental Embezzlement FAQ.