No Room for Shared Logins

Explore essential steps to manage PRODA accounts securely, prevent common mistakes, and keep sensitive participant data safe. Will and Winter unpack real-world scenarios and provide practical tips for NDIS providers.

This show was created with Jellypod, the AI Podcast Studio. Create your own podcast with Jellypod today.

Is this your podcast and want to remove this banner? Click here.

Chapter 1

Unique Accounts, Unique Responsibilities

Will, EnableUs Community

Alright, welcome back to Navigating PRODA! I'm Will, and as always, I'm here with Winter. Today, we're diving into something that honestly, I reckon gets overlooked way too often—why you can't just share PRODA logins around the office. Winter, have you ever seen this go wrong?

Winter, EnableUs Community

Oh, absolutely. And it's funny, because on the surface, it seems like a shortcut, right? Like, "Oh, just use my login, it'll be quicker." But it's actually a massive no-no. PRODA is built for individual access—one person, one account. No exceptions. It's not just a preference, it's a security thing.

Will, EnableUs Community

Yeah, and I mean, it's not just about following the rules for the sake of it. I remember this provider—won't name names, obviously—but they had a couple of staff using the same login. Everything seemed fine until they got audited. Suddenly, they couldn't track who did what, and it was a nightmare. The audit team basically said, "Look, if you can't prove who accessed what, that's a compliance risk." They nearly lost their portal access over it. Scary stuff.

Winter, EnableUs Community

That’s the thing—shared logins make it impossible to track accountability. And if something goes wrong, you can't say, "Oh, it was definitely this person." It’s just a mess. Plus, if someone leaves and you forget to change the password, they could still get in. Not good.

Will, EnableUs Community

Exactly. And the right way to do it is, every staff member creates their own PRODA account, using their legal name and all that. Then, you link them to your organisation’s provider profile. That’s done by the Registration Authority Contact, or RAC. The RAC is basically the gatekeeper for your organisation’s PRODA access.

Winter, EnableUs Community

Yeah, and the RAC’s job isn’t just a one-off thing. They’re responsible for linking new staff, keeping the access list up to date, and making sure only the right people have access. It’s a big responsibility, actually.

Will, EnableUs Community

And if you’re listening and thinking, "Oh, we’ve got a shared login floating around," now’s the time to fix it. It’s not just about ticking a box—it’s about protecting your business and your participants’ data.

Chapter 2

Getting Roles Right

Winter, EnableUs Community

So, once everyone’s got their own account, the next step is getting their roles right. And this is where people can get tripped up. There are a few main roles in the MyPlace Portal—Provider Administrator, Finance Officer, Support Coordinator, and Read-Only. Each one has different permissions, so you really want to match the role to the person’s actual job.

Will, EnableUs Community

Yeah, and I see this all the time—people just give everyone admin access because it’s easier. But that’s risky. If someone only needs to view info, give them Read-Only. If they’re handling claims, Finance Officer is the way to go. Don’t overdo it with the admin rights.

Winter, EnableUs Community

Totally. And, uh, I’ve got a story about this. At my old workplace, we had a staff member who changed roles, but no one updated her access. She still had admin rights, even though she was just doing support work. One day, she almost accidentally changed some payment details—like, it was a close call. If she’d hit save, it could’ve been a data breach. That was a wake-up call for us to review roles regularly.

Will, EnableUs Community

That’s a good point. And another thing—watch out for duplicate accounts. Sometimes, someone forgets they already have a PRODA account and makes a new one. Suddenly, you’ve got two accounts for the same person, and it gets confusing fast. It can even cause lockouts or mismatched data.

Winter, EnableUs Community

Yeah, and if you spot a duplicate, don’t just ignore it. You can contact PRODA support to merge or deactivate the extra account. It’s worth sorting out before it causes bigger problems.

Will, EnableUs Community

And just to circle back—don’t forget to update roles when someone changes jobs or leaves. If you leave old access hanging around, you’re basically inviting trouble. It’s like leaving the keys to your office in the mailbox. Not a good idea.

Chapter 3

Best Practices and Troubleshooting

Winter, EnableUs Community

So, how do you keep all this under control? Honestly, the best thing we ever did was set up a staff access register. Just a simple list—who’s got a PRODA account, what their role is, when they were linked or unlinked. It makes audits so much easier, and you can spot issues before they get out of hand.

Will, EnableUs Community

Yeah, and I’d say, set a quarterly reminder to review that list. Every three months, just check—does everyone still need access? Has anyone left? Are the roles still right? It’s a bit of admin, but it saves you so much hassle down the track.

Winter, EnableUs Community

And when someone leaves, don’t wait. Log in as the Provider Administrator, go to Manage Staff Access, and revoke their role straight away. If you use any internal software that connects to PRODA, make sure you disconnect them there too. It’s easy to forget, but it’s important.

Will, EnableUs Community

If you run into issues—like, say, someone forgets their MFA or password—they can reset it on the PRODA website. For duplicate accounts, like we said, PRODA support can help merge or deactivate them. And if you assign the wrong role by accident, just revoke it in MyPlace and assign the right one. No drama.

Winter, EnableUs Community

Oh, and if a new staff member isn’t showing up in the portal, double-check that the linking request went through. Sometimes it takes a day or two, so don’t panic straight away. But if it’s still not working after 48 hours, try the request again.

Will, EnableUs Community

Quick tip—if you’re ever stuck, don’t just keep clicking around hoping it’ll fix itself. Take a breath, check your access register, and if you’re still lost, reach out to PRODA support. Saves a lot of stress, trust me.

Winter, EnableUs Community

Alright, I think that’s a good place to wrap up. If you take anything from today, let it be this: one PRODA account per person, assign roles carefully, and keep your access list up to date. It’s not glamorous, but it’s what keeps your organisation safe and compliant.

Will, EnableUs Community

Couldn’t have said it better. Thanks for tuning in, everyone. We’ll be back soon with more tips to help you master PRODA and keep things running smooth. Winter, always a pleasure.

Winter, EnableUs Community

You too, Will. Thanks everyone—catch you next time!