Incident management and reportable incidents (NDIS Providers)

In New South Wales and South Australia, registered NDIS providers require an incident management system to record and manage incidents that occur while providing supports or services to people with disability.

What is an incident management system?
Under the National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 2018  an incident management system must cover:

  • ‘reportable incidents’ and
  • acts, omissions, events or circumstances connected with the provision of supports or services to a person with disability that have or could have caused harm to the person with disability
  • acts of the person with disability connected with the provision of supports or services to a person with disability that have caused serious harm to another person or risked doing so.

As a registered provider, you are responsible for preventing, responding to, and managing these incidents. Your incident management system needs to include procedures for identifying, assessing, recording, managing, resolving and reporting incidents. You must record all these incidents (not just reportable incidents) and ensure you respond appropriately and take steps to prevent such incidents from happening again.

The NDIS Commission has developed guidance to assist you in developing or improving your incident management systems to meet the requirements for the size and scope of your organisation and the services and supports you deliver.

You need to be prepared to make your incident records available to the NDIS Commission if required and to any approved quality auditor as part of the auditor’s assessment of your compliance with the NDIS Practice Standards.

Reportable incidents

Reportable incidents are particular types of serious incidents that have, or are alleged to have, occurred in connection with the provision of supports and services by registered NDIS providers. In New South Wales and South Australia, registered NDIS providers must report these incidents to the NDIS Commission. The incidents concerned are:

  • the death of a person with disability
  • serious injury of a person with disability
  • abuse or neglect of a person with disability
  • unlawful sexual or physical contact with, or assault of, a person with disability
  • sexual misconduct committed against, or in the presence of, a person with disability, including grooming of such a person for sexual activity
  • the use of a restrictive practice in relation to a person with disability that is unauthorised use or not in accordance with a behaviour support plan.

Reporting a serious incident or allegation to the NDIS Commission does not replace your existing obligations to report suspected crimes to the police and other relevant authorities.
If you have any questions or concerns about reportable incidents, email the NDIS Commission.

The NDIS Commission’s role
The NDIS Commission provides guidance to build the capacity of NDIS providers to prevent and respond to incidents. However, if a reportable incident raises a serious compliance issue, the NDIS Commission has powers to take action. Action might include requiring the provider to undertake specified remedial action, carry out an internal investigation about the incident, or engage an independent expert to investigate and report on the incident. The NDIS Commission can also conduct its own investigation and take appropriate enforcement action such as issuing a compliance notice or asking a court to impose a civil penalty.

How to notify the NDIS Commission of a reportable incident

STEP 1. Notify the NDIS Commission
The NDIS Commission requires a registered provider to notify the Commission of most reportable incidents within 24 hours of becoming aware of it occurring.

The exception is notifying the NDIS Commission of the use of a restrictive practice that is unauthorised or not in accordance with a behaviour support plan. In these instances, the provider must notify the NDIS Commission within 5 business days of being made aware of the incident. If the incident has resulted in harm to a participant, however, it must be reported within 24 hours.

To notify the NDIS Commission of a reportable incident, download and complete the Reportable incident – Immediate notification form. Once completed, you can email it to the NDIS Commission directly or submit it using FilePoint

The form asks for information about:

  • your organisation (provider details)
  • you (the person making the notification)
  • the reportable incident  
  • the people involved in the incident, and
  • any actions taken in response to the incident.

STEP 2: Submit a detailed report
You must submit more detailed report about the incident and actions taken in response to it within five business days. Download and complete the Reportable incident – 5-day notification form. Once completed, you can email it to the NDIS Commission directly or submit it using FilePoint.

STEP 3. Submit a final report, if required
You may also need to complete a final report within 60 business days of submitting the five-day report. The NDIS Commission will advise you if this is required.

NEXT STEPS
In all cases, providers must assess:

  • the impact on the NDIS participant
  • whether the incident could have been prevented
  • how the incident was managed
  • what, if any, changes will prevent further similar events occurring.

Privacy and data security

There are inherent risks associated with the transmission of information via email and over the Internet. If you have concerns about privacy and data security, the NDIS Commission can obtain and provide information using other methods, including mail, telephone and our secure file transfer system, FilePoint.

For advice on how to use FilePoint, please contact the NDIS Commission on 1800 035 544 during business hours. Outside of these hours, please email the NDIS Commission for information on how to report an incident through FilePoint.

Once the NDIS Commission receives information from you via email or any other means, the information you have provided is stored in a secure environment. The NDIS Commission will not release personal information unless permitted by law or you grant us permission.