Audio Coursesby JellypodLesson 09 of 17
Overview
Will, EnableUs Community: Alright, welcome back to Navigating PRODA. I’m Will, and I’m here with Winter. Today, we’re diving into something that, honestly, gets overlooked way too often—keeping your PRODA and MyPlace Portal staff access up to date and, you know, actually compliant.
Winter, EnableUs Community: Yeah, and it’s not just a box-ticking exercise. I mean, the risks are real. If you’re sharing logins or forgetting to remove someone’s access after they leave, you’re basically inviting trouble. Data breaches, compliance headaches, you name it.
Will, EnableUs Community: Exactly. And I think people underestimate how strict the NDIS is about this stuff. Like, during audits, assessors will literally check if every staff member has their own PRODA account and if their access matches their role. No shortcuts, no “oh, we just share the login for convenience.”
Winter, EnableUs Community: And it’s not just about ticking off a compliance checklist. If you give the wrong person access, or if someone who’s left still has their login, you’re risking participant privacy. That’s huge. PRODA’s got so much sensitive info—claims, participant details, all of it.
Will, EnableUs Community: Yeah, and, look, I’ve seen it go wrong. There was this provider I worked with—won’t name names, obviously—but they forgot to remove a staff member’s access after they left. Months later, they got flagged in an audit. It was a scramble to prove nothing dodgy happened. They got lucky, but it could’ve been a disaster.
Winter, EnableUs Community: That’s the thing, right? It’s not just about trust, it’s about being able to show you’re in control. If you can’t prove who accessed what and when, you’re in trouble. And honestly, it’s not that hard to get it right if you set up good systems from the start.
Winter, EnableUs Community: So, let’s talk about what “good systems” actually look like. Onboarding and offboarding—those are the big ones. When someone new joins, first step is always: help them set up their own PRODA account. No sharing, no shortcuts.
Will, EnableUs Community: Yeah, and then you link them to your organisation using Access Manager. You just log in, pick your org, hit “Manage Access,” and add their RA Number. After that, you assign their roles—like, only what they actually need. Don’t just give everyone admin because it’s easier. I mean, I get the temptation, but it’s risky.
Winter, EnableUs Community: And when someone leaves, you’ve gotta remove their access straight away. Like, don’t wait until you remember next week. Go into Access Manager, take them off, and update your internal systems. We actually have an offboarding checklist for this—otherwise, it’s way too easy to miss a step.
Will, EnableUs Community: I heard about a provider who automated the whole process. As soon as HR marks someone as “left,” their PRODA access gets flagged for removal. Cuts out manual errors, which is, honestly, genius. Less chance of someone slipping through the cracks.
Winter, EnableUs Community: Yeah, we do something similar. We keep an access register—just a simple list of who’s got access, what roles they have, and why. It sounds basic, but if you don’t keep it updated, you end up with people on there who shouldn’t be. And then, if you get audited, you’re scrambling to explain why someone who left six months ago still has access.
Will, EnableUs Community: It’s one of those things where, if you do it right from the start, you save yourself a world of pain later. But, yeah, it’s easy to let it slide if you’re busy or if your team’s growing fast.
Will, EnableUs Community: So, you’ve got your onboarding and offboarding sorted. But that’s not the end of it. You’ve gotta keep reviewing who’s got access, like, every three to six months. Otherwise, things get out of date fast.
Winter, EnableUs Community: Yeah, we actually put a reminder in the calendar—every quarter, we sit down and check the access register. Who’s still here, who’s changed roles, who needs what. It’s a bit of admin, but it’s way better than finding out the hard way that someone’s got access they shouldn’t.
Will, EnableUs Community: And don’t forget training. It’s not just about the tech side—your team needs to know why this matters. Data privacy, responsible use of the MyPlace Portal, all that. If people don’t get it, they’re more likely to make mistakes.
Winter, EnableUs Community: Totally. I know a provider who caught a potential data breach just because they were proactive with their reviews. They spotted someone with outdated permissions before anything went wrong. It’s one of those “thank goodness we checked” moments.
Will, EnableUs Community: Yeah, and honestly, it’s not about being paranoid—it’s about being professional. If you’re not sure your PRODA access is as tight as it should be, now’s the time to fix it. Don’t wait for an audit to find out you’ve missed something.
Winter, EnableUs Community: Alright, I think that’s a good place to wrap up. If you’re listening and you’re not sure where your access management stands, take a look today. It’s worth it.
Will, EnableUs Community: Yeah, and we’ll be back next time with more tips to help you master PRODA and keep your NDIS admin running smooth. Thanks for joining us, Winter.
Winter, EnableUs Community: Thanks, Will. And thanks to everyone for tuning in. Catch you next time!
Will, EnableUs Community: See ya!
