Checklist
AI Vendor Scorecard — Fill-In Template
One page to score any AI vendor before you switch them on — scribe, receptionist bot, recall tool, marketing AI. Six questions that decide whether your practice can use it safely, a row per vendor, and a simple traffic-light verdict you can defend later.
Every week another AI vendor pitches dental practices, and the demo always looks great. The questions that actually matter — where does patient data go, is it used for training, can you delete it, who else touches it — never come up unless you ask them. This scorecard makes you ask them, the same way every time, with the answers written down before you sign.
Free. No patient data required. General template — adapt to your practice.
AI Vendor Scorecard — Fill-In Template
The AI vendor scorecard for ________________________ (practice name). Completed by ________________________. Vendor assessed: ________________________. Date: __________.
How to use this: before any AI tool goes live — and before renewal of anything already live — sit down with the vendor's answers (or their privacy policy and your sales rep) and fill in one column per vendor. If the vendor can't or won't answer a question, that is the answer: score it red. Keep the completed scorecard with your practice policies and add the vendor to your AI Tool Register.
The six questions that decide it
Score each: Green (clear, written, acceptable answer) · Amber (vague, verbal-only, or "on the roadmap") · Red (no, unknown, or refused).
| # | Question | Vendor's answer (write it down) | Score |
|---|---|---|---|
| 1 | Where is our data stored and processed? Country and provider — and if overseas, do they acknowledge Australian privacy obligations apply? | __________________ | green / amber / red |
| 2 | Is our data used to train their models? Default on or off? Can we opt out in writing? | __________________ | green / amber / red |
| 3 | Who else touches the data? Sub-processors listed in writing? Are any of them overseas? | __________________ | green / amber / red |
| 4 | Can we delete it? Patient-level deletion on request, and full export + deletion if we leave? | __________________ | green / amber / red |
| 5 | Is there an audit trail? Can we see who accessed what, when — and can they show it during an incident? | __________________ | green / amber / red |
| 6 | What's the patient consent story? Does the tool require consent we don't currently collect (recording, transcription, profiling) — and who provides the wording? | __________________ | green / amber / red |
The verdict
| Verdict | Rule of thumb |
|---|---|
| Proceed | All green, or one amber with a written remediation date |
| Proceed with conditions | Ambers only — write the conditions on this page and diarise the review |
| Stop | Any red on questions 1, 2 or 4 — these are the ones you can't unwind later |
Verdict for this vendor: ______________ Review date: __________ Owner sign-off: ______________
Three habits that make this work
- Ask in writing, keep the writing. A sales call answer is amber at best. An email from the vendor is evidence.
- Score the contract, not the demo. The demo shows what the tool does; the contract shows what happens to your data. They are often different stories.
- Re-score on renewal and on any "new AI feature" announcement. Vendors change models, sub-processors and training defaults — your last scorecard may already be stale.
Where this fits
This scorecard is the worked version of the seven questions guide — read that first if a vendor pitch is sitting in your inbox. Tools that pass still belong on your AI Tool Register, and if the tool touches clinical notes or patient conversations, walk through the AI Scribe Consent Checklist before go-live.
General template, not legal advice. Review and adapt before use; scoring a vendor green here is your practice's own assessment, not a certification.