Picture this: your front desk coordinator, your billing assistant, and your office manager all log into your practice management software – Open Dental, Dentrix, Eaglesoft, it doesn’t matter – using the same username and password.

It’s convenient. Nobody forgets their login. Nobody gets locked out. And when something goes wrong with a patient account, adjusted, deleted, or backdated, you have absolutely no idea who did it.

That’s not a hypothetical. It’s the single most common setup I walk into when a dentist calls us after discovering money is missing.

Shared logins obfuscate audit trails

Your practice management software keeps a security log. Every login, every deleted transaction, every adjustment to a posted payment, it’s all recorded. The log shows a timestamp, a user account and in some cases, , the workstation name.

When everyone shares one account, that log becomes worthless. You know that something happened, and when, but you have no idea who.

This is exactly the cover an embezzler needs. Every deletion, every zero-dollar adjustment, every insurance payment rerouted, all of it logged to a shared account that points at no one in particular.

A real pattern we see repeatedly: An employee embezzles by applying unauthorized write-offs to patient balances after payment is collected in cash. The money never hits the ledger. When we pull the security log, every adjustment is attributed to the shared “front desk” login, used by three people on different shifts. Without individual logins, the forensic trail becomes less valuable, and in some cases, useless.

What individual logins actually give you

When every staff member has their own credentials, with a unique username and password, and proper access level for their role, several things change immediately:

  • The security log becomes a meaningful record. Every entry is tied to a specific person.
  • You can set role-based permissions.
    • The hygiene coordinator doesn’t need access to write-off approvals. The billing clerk doesn’t need to delete posted payments.
  • Departures from the practice become clean.
    • When someone leaves, you deactivate one account, and not a shared password that then has to be changed everywhere simultaneously.
  • Suspicious activity becomes visible.
    • A pattern of adjustments clustering around one user, outside business hours, or from an unfamiliar workstation stands out immediately.

The objection I always hear

“But it slows everyone down.” I understand that. Logging in takes an extra ten seconds. Staff find shared logins more convenient.

So does your embezzler.

The inconvenience of individual logins is a feature, not a bug. It means every action taken in your software is attributable. It means an employee who knows their name is on every transaction they touch is less likely to take liberties with patient payments.

The deterrent effect alone is worth it.

This week’s action step

Pull up your practice management software’s user account settings today. If you see fewer user accounts than you have staff members, or worse, one shared account for the whole front office, that’s your starting point.

Create individual accounts. Assign permissions by role. Require password changes. Then pull the security log and see what it looks like when every entry has a name attached.

If what you find raises questions, that’s what we’re here for.

From Hiltz & Associates Forensic Investigations

Not sure what your security log is telling you?

We pull and analyze audit trails, identify suspicious patterns, and document findings for every practice we review — including as part of the FOURCORE practice assessment.

Talk to a Forensic Investigator →

Hiltz & Associates  ·  Dental-Exclusive Forensic Investigations  ·  Since 2004