Skip to main content

Best Practices for Shared Office Computer Use

Henrik Joreteg avatar
Written by Henrik Joreteg
Updated this week

Recommended Setup: Individual Logins

Whenever possible, we recommend that each team member has their own Xchart login. This provides:

  • Appropriate access control: Each person gets the correct role (e.g., member, provider, admin). If everyone shares one login, they all get the same permissions, which could allow unintended actions like signing records or deleting appointments.

  • Audit trails: Individual logins let Xchart log who did what, which is essential for accountability and audits.

  • Easy deactivation: When a team member leaves, you can simply remove their access without affecting others.

What if individual logins aren’t practical?

We understand that in some operatories, staff members rotate frequently and logging in and out—especially with two-factor authentication—can be a hassle. If that’s your situation, here’s our suggestion:

Shared Login Setup: “Office Assistant” with Provider’s Phone for 2FA

  1. Create a new member account by going to the Members page in your Xchart Case Manager, and give it a name like Office Assistant.

  2. Ensure the account is not assigned the "provider" or "admin" role. This limits permissions appropriately and prevents assistants from signing records or accessing sensitive settings.

  3. Use a shared office email (e.g., [email protected]) to receive the invite.

  4. Before accepting the invite, log out of any existing Xchart session on the device you’ll be using.

  5. Accept the invite via the email and complete account setup.

  6. If you're a doctor or admin setting this up, you can reuse your phone number for two-factor authentication (2FA). While Xchart doesn’t allow the same email on multiple accounts, the same phone number can be used for 2FA on different accounts.

  7. Important: Use the provider’s phone number for 2FA on this shared account or someone who will always be available—not an assistant’s—so that access can still be authorized when needed.

Using This Shared Account

  • Once you're logged into the operatory computer, two-factor authentication (2FA) won’t be required again—unless you sign out or no one logs in for an extended period.

  • If the computer is in a secure location or already requires a login to use, you might consider saving the password in a local password manager (or even in the browser).

  • This way, assistants can log in quickly without needing to reauthenticate with 2FA each time.

  • If you ever need to log in on a different device, a provider will need to complete 2FA again to authorize it.

Did this answer your question?