Federal Register of Legislation - Australian Government

Primary content

Rules/Other as made
This instrument prescribes arrangements relating to the implementation and maintenance of incident management systems and the notification and management of reportable incidents by registered NDIS providers under the National Disability Insurance Scheme (NDIS). The primary purpose of the instrument is to: 1. Set out the minimum requirements of incident management systems that must be implemented by registered NDIS providers; 2. Set out the process and requirements for reporting a reportable incident to the Commissioner of the NDIS Quality and Safeguards Commission (the Commissioner); 3. Set out the powers of the Commissioner in dealing with reportable incidents and how those powers are to be exercised; 4. Provide guidance on the actions that the Commissioner may take in relation to reportable incidents and how that action should be taken.
Administered by: Social Services
Registered 18 May 2018
Tabling HistoryDate
Tabled HR21-May-2018
Tabled Senate18-Jun-2018

EXPLANATORY STATEMENT

 

 

Issued by the authority of the Commissioner of the NDIS Quality and Safeguards Commission

 

National Disability Insurance Scheme Act 2013

 

National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 2018

 

Purpose

The National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 2018 (instrument) are made under sections 73Y, 73Z and 209 of the National Disability Insurance Scheme Act 2013 (the Act). This instrument prescribes arrangements relating to the implementation and maintenance of incident management systems and the notification and management of reportable incidents by registered NDIS providers under the National Disability Insurance Scheme (NDIS).

Section 209 of the Act provides that the Minister may, by legislative instrument, prescribe matters required or permitted by this Act to be prescribed or which are necessary or convenient to be prescribed in order to carry out or give effect to this Act.

Section 73Y of the Act provides that a registered NDIS provider must implement and maintain an incident management system that is appropriate for the size of the provider and for the classes of supports or services provided by the provider; and complies with the requirements (if any) prescribed by the NDIS rules for the purposes of this paragraph.

Section 73Z(1) of the Act provides that the NDIS rules must prescribe arrangements relating to the notification and management of reportable incidents that occur, or are alleged to have occurred, in connection with the provision of supports or services by registered NDIS providers.

The primary purpose of the instrument is to:

1.    Set out the minimum requirements of incident management systems that must be implemented by registered NDIS providers;

2.    Set out the process and requirements for reporting a reportable incident to the Commissioner of the NDIS Quality and Safeguards Commission (the Commissioner);

3.    Set out the powers of the Commissioner in dealing with reportable incidents and how those powers are to be exercised;

4.    Provide guidance on the actions that the Commissioner may take in relation to reportable incidents and how that action should be taken.

Background

The NDIS is designed to provide people with disability the reasonable and necessary supports they need to live their lives and have choice and control in relation to the supports and services they receive. Safe and high quality supports are important to the everyday quality of life of people with disability.

This instrument is informed by the NDIS Quality and Safeguarding Framework (the Framework). This Framework identified that a new national consistent system in relation to incident management and reportable incidents needed to be implemented that recognised the increased risk that some people with disability experience and address the limitations with current systems.

The Framework also cited recent inquiries that have identified issues with some current systems, including that organisational cultures have not always respected the rights of people with disability and the failure in some systems to take appropriate action when abuse and neglect has occurred.

Recent inquiries have identified that existing systems can lack systematic data collection to assess the extent of abuse and neglect against people with disability and can lack the coordination required to address identified systemic issues. These concerns are addressed in this Instrument by setting out the minimum requirements of an incident management system, which includes the collection and recording of specified information.

Under Chapter 6A of the Act (as amended), the Commissioner has responsibility for a registration and reportable incidents function (paragraph 181D(1)(b) and section 181F). This function includes the functions conferred on the Commissioner by Division 2 of Part 3A of Chapter 4, about registered NDIS providers.

Incident Management Systems

Registered NDIS providers have primary responsibility for preventing and managing all incidents related to people with disability receiving supports and services from them, and as such this instrument prescribes the minimum requirements of a registered NDIS provider’s incident management system. The types of supports and services that may be provided by registered NDIS providers, and the structure of that providers is varied, therefore they are required to implement and maintain an incident management system that is appropriate to the size of the provider and the types of supports or services provided.  The Commissioner will provide guidance to assist providers to implement and maintain an appropriate incident management system. This guidance will be available on the NDIS Quality and Safeguards Commission’s (the Commission) website at www.ndiscommission.gov.au.

The purpose of an incident management system is to ensure that NDIS providers, key personnel and workers are aware of their responsibilities in relation to incidents, while persons with disability, their families, carers, advocates and others are aware of their rights and the support and protections available to them. The instrument requires providers to have a series of procedures in place which must be complied with by workers, key personnel and any person employed or otherwise engaged by an NDIS provider

An incident management system must also record details of incidents and the provider’s response to them. Providers are required to use this data to prevent incidents, improve their practices and support the capacity of workers to respond quickly and appropriately to incidents when they occur. This also ensures that quality auditors can assess a provider’s history of incidents and incident management and refer issues to the Commissioner if necessary.

Some incidents which are managed in the incident management system may meet the threshold for being notified to the Commissioner as a reportable incident. An incident management system must specify the person or role who is responsible for reporting incidents that are reportable incidents to the Commissioner.

Reportable Incidents

In addition to maintaining an incident management system, some incidents are reportable incidents which must be notified to the Commissioner. Subsection 73Z(4) of the Act provides that the following are reportable incidents:

·         the death of a person with disability;

·         serious injury of a person with disability;

·         abuse or neglect of a person with disability;

·         unlawful sexual or physical contact with, or assault of, a person with disability;

·         sexual misconduct committed against, or in the presence of, a person with disability, including grooming of the person for sexual activity;

·         the use of a restrictive practice in relation to a person with disability, other than where the use is in accordance with an authorisation (however described) of a State or Territory in relation to the person

A reportable incident should trigger a response that seeks to address the health, wellbeing and immediate safety of the people involved, and to ensure continuous improvement in operational practices as appropriate to prevent the risk of further harm.

Providers have responsibility for dealing with reportable incidents, including conducting investigations into the causes of an incident and identifying and implementing appropriate remedial measures.

The Commissioner will have oversight of the management of reportable incidents and focus on building the capacity of NDIS providers to respond to incidents and to prevent recurrence of avoidable incidents.

The Commissioner also has the power to intervene and require a provider to take certain action where appropriate. In addition to the Commissioner’s compliance and enforcement powers provided under division 8 of part 3A of the Act, the Commissioner has the power to conduct inquiries into a reportable incident, or a series of reportable incidents.

Section 4 of the Acts Interpretation Act 1901 (AI Act), concerns the exercise of power between the passing and commencement of an Act. It applies if, at a time (the start time), an Act will confer a power to make an appointment or to make an instrument of legislative or administrative character, and either (a) the Act will commence at the start time, or (b) the Act will be amended by another Act that commences at the start time: subsection 4(1). Subsection 4(2) of the AI Act permits, in limited circumstances, the power to be exercised before the commencement of the Act.  These circumstances include, bringing the appointment or instrument into effect, bringing the Act concerned into operation, making the Act concerned or the other Act as amended fully effective at or after the start time of the Act concerned. Subsection 4(3), of the AI Act authorises anything to be done before the start time for the purpose of enabling the exercise of the power, or of bringing the appointment or instrument into effect, as if the relevant commencement had occurred. Paragraph 13(1)(a) of the Legislation Act 2013 provides that the AI Act applies to any instrument so made as if it were an Act and as if each provision of the instrument were a section of an Act. The instrument of appointment of the Commissioner of the NDIS Quality and Safeguards Commission and the Minister’s delegation instrument operate subject to section 4 of the AI Act.

This instrument is a legislative instrument for the purposes of the Legislation Act 2003 and is an NDIS rule for the purposes of section 209 of the Act.

Commencement

This instrument commences on 1 July 2018 (immediately after the instrument of appointment of the Commissioner of the NDIS Quality and Safeguards Commission and the delegation instrument to the Commissioner commence).

Consultation

Subsection 209(8) of the Act prescribes certain NDIS rules to be ‘category D’ rules. Subsection 209(7) requires the Minister to consult with each host jurisdiction in relation to the making of all category D rules. In compliance with this requirement, the Commonwealth has undertaken extensive consultation with all States and Territories in relation to the design and content of the instrument. This consultation was ongoing throughout the development and drafting process and included numerous opportunities to provide written feedback and submissions, as well as direct face to face consultations.

Close consultation was also undertaken with the National Disability Insurance Agency.

The Commonwealth has also undertaken a targeted consultation process with a range of peak bodies representing people with disability and carers, providers of services for people with disability and workers providing supports or services to people with disability. The peak bodies were provided with an opportunity to review an advanced draft of the instrument and provide submissions to the Department. All feedback received during the numerous rounds of consultation was considered and where appropriate incorporated into the instrument and/or associated guidance.

Regulation Impact Statement (RIS)

The Office of Best Practice Regulation (OBPR) has been consulted and has advised that a RIS is not required (OBPR ID 16842).

Explanation of the provisions

Preamble

The Preamble sets out the overall policy objectives underlying the instrument. The content of the preamble is based in part on the NDIS Quality and Safeguarding Framework, available on the Department of Social Services website at https://www.dss.gov.au/disability-and-carers/programs-services/for-people-with-disability/ndis-quality-and-safeguarding-framework.

Part 1 – Preliminary

Section 1 – Name

Section 1 provides how this instrument is to be cited, that is, as the National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 2018

Section 2 – Commencement   

Section 2 provides that this instrument commences on 1 July 2018.

Section 3 – Authority

Section 3 provides that this instrument is made under the National Disability Insurance Scheme Act 2013.

Section 4 – Definitions

The legislative note provides a signpost to some of the expression used in the Act that have the same meaning as when used in the Act.

Section 4 provides definitions of words used in the instrument. In the instrument, a reference to ‘Act’ means the National Disability Insurance Scheme Act 2013. A number of expressions used in the Instrument are defined in section 9 of the Act including key personnel, registered NDIS providers and reportable incident.

Part 2 – Incident management system of registered NDIS providers

Division 1 – Introduction

Section 5 – Simplified outline of this Part

Section 5 provides a simplified outline of Part 2 of this instrument.

Section 6 – Purpose of this Part

Section 6 provides that Part 2 of the instrument is made for the purpose of paragraph 73Y(b) of the Act. Part 2 sets out what must be included in the incident management systems of registered NDIS providers.

The legislative note 1 sets out that a failure to implement an incident management system in accordance with Part 2 of the instrument is a breach of a condition of registration under paragraph 73F(2)(g) of the Act and may lead to compliance and enforcement action under Division 8 of Part 3A of the Act.

The legislative note 2 sets out that a registered NDIS provider has additional obligations if an incident is the subject of a complaint under section 73W and 73X of the Act and the National Disability Insurance Scheme (Complaint Management and Resolution) Rules 2018, including if a provider became aware of an incident through the receipt of a complaint. Obligations in relation to complaints are set out in the National Disability Insurance Scheme (Complaint Management and Resolution) Rules 2018, which are made for the purposes of sections 73W and 73X of the Act.

Section 7 – Incidents that are also reportable incidents

Section 7 provides that if an incident is of a kind to be covered by an incident management system, and is a reportable incident, the requirements of Part 2 and Part 3 of this instrument must be complied with.

The legislative note sets out that section 9 of this instrument makes provision for the kinds of incidents that must be covered by an incident management system. The meaning of reportable incident is set out in subsection 73Z(4) of the Act and section 16 of this instrument.

Division 2 – Incident management system requirements

Section 8 – System must comply with this Division

Section 8 requires a registered NDIS Provider to implement and maintain an incident management system that complies with the requirements set out in division 2 of part 2 of this instrument.

The legislative note sets out that it is a requirement of the Act that the incident management system must also be appropriate to the size of the provider and for the classes of supports or services provided by the provider.

This means that, while all registered NDIS providers have the same minimum obligations, the nature of the procedures in place will differ between providers. Quality auditors will assess whether an incident management system is appropriate and proportionate as part of the general audit process prescribed in the National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018 made for the purpose of 73T of the Act providing for the NDIS Practice Standards.

Section 9 – Incidents that must be covered

Section 9 prescribes the incidents that must be covered by the incident management system.

An incident management system must cover incidents that consist of acts, omissions, events or circumstances that occur in connection with the provision of supports or services to a person with disability where that incident has, or could have, caused harm to the person with disability.

The concept of harm in this context is broad and is not limited to serious harm or injury. It encompasses emotional and psychological as well as physical harm.

An incident management system must also cover all incidents that consist of acts by a person with disability that occur in connection with the provision of supports or services to a person with disability and have caused serious harm, or a risk of serious harm, to another person.

Another person may include (but is not limited to) a worker, other person with disability or member of the community.

An incident management system must also cover reportable incidents that are alleged to have occurred in connection with providing supports or services to a person with disability as though that incident was a ‘confirmed’ incident. This is to ensure that all potential reportable incidents are adequately assessed and addressed. Many reportable incidents will initially be ‘alleged’ reportable incidents until an assessment or investigation takes place.

The phrase “in connection with” is broad and includes incidents that may have occurred during the course of supports or services being provided or the alteration or withdrawal of supports or services. An incident may not have occurred during the provision of supports, but is connected because it arose out of the provision of supports or services. For example, an incident would be in connection with the provision of supports or services if the person with disability was under the supervision of a provider or at the premises of a provider when the incident occurs.

If an incident did not occur in connection with the provision of supports or services, it is not required to be recorded in an incident management system.

Section 10 – Incident management system procedures

Section 10 prescribes the minimum procedures and requirements that must make up an incident management system. A registered NDIS provider may have additional procedures and requirements if appropriate to the type and size of the provider. The procedures for managing incidents should be transparent and affected people with disability should have a central role in the process of addressing and responding to an incident.

Subsection 1 prescribes that the incident management system must establish procedures to be followed in identifying, managing and resolving incidents. This must include procedures that specify certain matters.

Paragraph (1)(a) provides that the system must include procedures that specify how incidents are identified, recorded and reported. For example, the incident management system should prescribe where and how incidents are recorded having regard to section 11 of the instrument, as well as the timeframe and manner of reporting an incident. An incident may be identified through a variety of ways including through witnessing an incident and being told about an alleged incident by a person with disability or their representative.

Paragraph (1)(a) provides that the system must include procedures that specify to whom incidents must be reported. For example, an incident management system may require incidents to be reported a supervisor, manager or member of the key personnel. The person to whom an incident must be reported may vary depending on the type and nature of the incident.

Paragraph (1)(b) provides that the system must include procedures that specify the person who is responsible for reporting incidents that are reportable incidents to the Commissioner. For example, this could be the person who first becomes aware of the incident, the manager or supervisor on duty at the time of the incident, or a specific person who holds that responsibility.

Paragraph (1)(c) provides that the system must include procedures that specify how the registered NDIS provider will provide support and assistance to persons with disability affected by an incident (including information about access to advocates such as independent advocates), to ensure their health, safety and wellbeing. One of the ways in which support and assistance may be provided to a person with disability is by facilitating contact with specified persons, such as family members or carers, and providing those persons with support and assistance. The incident management system may also set out how information will be obtained from a person with disability, having regard to the nature of their disability (for example, if they have a cognitive impairment).

Paragraph (1)(d) provides that the system must include procedures that specify how persons with disability affected by an incident will be involved in the management and resolution of the incident. For example, the incident management system should set out when and how information about the incident is provided to a person with disability, and how an affected person with disability’s point of view and concerns will be considered in the management and resolution of the incident.

Paragraph (1)(e) provides that the system must include procedures that specify when an investigation by the registered NDIS provider is required to establish the causes of a particular incident, its effect and any operational issues that may have contributed to the incident occurring, and the nature of that investigation.

Paragraph (1)(f) provides that the system must include procedures that specify when corrective action is required and the nature of that action. For example, if system failure or worker actions contributed to an incident, the incident management system should set out a process for addressing those issues.

An incident management system may include additional procedures if a provider considers that it is appropriate or necessary.

Subsection 2 provides that the procedures may vary depending on the seriousness of the incident. For example, there may be different procedures in place regarding to who incidents must be reported and how it should be recorded where an incident is a minor incident as opposed to a more significant or reportable incident.

Subsection 3 provides that the incident management system must require all incidents to be assessed in relation to the following:

·         whether the incident could have been prevented;

·         how well the incident was managed and resolved;

·         what, if any, remedial action needs to be undertaken to prevent further similar incidents from occurring, or to minimise their impact;

·         whether other persons or bodies need to be notified of the incident.

In assessing an incident, the provider must take into consideration the views of persons with disability affected by the incident. Where appropriate, the views of persons with disability affected by an incident should be sought after an incident has occurred, during the management, assessment or investigation of an incident, and at the conclusion of the incident management process.

Subsection 4 provides that the incident management system must set out procedures for ensuring that the requirements of subsection 3 are complied with.

Subsection 5 provides that the incident management system must provide that, if the incident is a reportable incident, the incident must also be notified and managed in accordance with Part 3 of this instrument (explained below).

Subsection 6 provides that the incident management system must also provide for the periodic review of the system to ensure its effectiveness;

This ongoing review will ensure that a provider’s incident management system remains fit for purpose and evolves to meet any emerging risks or changes faced by the provider, or the NDIS sector as a whole. It will also ensure that the provider will be able to meet the requirement under the Act that an incident management system must be appropriate to the size of the provider and for the classes of supports or services provided.

Section 11 – System must afford procedural fairness

Section 11 provides that the incident management system of a registered NDIS provider must require that people are afforded procedural fairness when an incident is dealt with by the provider. For this purpose, the Commissioner may, by notifiable instrument, make guidelines relating to procedural fairness.

Guidelines made for this purpose will be known as the National Disability Insurance Scheme (Procedural Fairness) Guidelines 2018. These guidelines will assist providers to ensure that their incident management system accords people procedural fairness. The guidelines will explain the nature of procedural fairness and will set out steps that providers may take in dealing with incidents in order to ensure that people are afforded procedural fairness.

Procedural fairness is a common expectation that people have when decisions that may affect them are being made by government, employers and other organisations. In essence, people expect that a decision will be based on relevant facts and circumstances; that they will have an opportunity to contribute to the decision and to contest any adverse material; the decision-maker will be impartial and even-handed; and an adverse decision will be explained.

Section 12 – Documentation, record keeping and statistics

Section 12 provides that a registered NDIS provider must document its incident management system. It is crucial that the incident management system is documented so that compliance with the system can be monitored and enforced, including by quality auditors and the Commissioner.

Section 12 sets out the minimum requirements in relation to record keeping. It is necessary for NDIS providers to keep accurate records to enable them to identify any systemic issues and to be able to provide those records to a quality auditor or the Commissioner if necessary.

It is expected that all records are kept in an organised, accessible and legible manner. The incident management system should provide for the records to be kept in a manner that is appropriate to the provider. For example, a smaller provider may have a centralised file or document for keeping records, while large providers may be expected to have an appropriate ICT system in place.

Subsection 1 provides that a registered NDIS provider must document its incident management system and that a copy of the documented system must be provided in an accessible form to the following persons:

·         persons with disability receiving supports or services from the registered NDIS provider; and

·         each person employed or otherwise engaged by the registered NDIS provider; and

·         the family members, carers, independent advocates and significant others of persons with disability receiving supports or services from the registered NDIS provider.

The documented system refers only to the procedures that make up the incident management system and does not refer to any documents or records relating to incidents.

A registered NDIS provider must assist such persons to understand how the documented system operates.

Persons employed or otherwise engaged by a registered NDIS provider must have ready access to a documented copy of the incident management system to ensure that they are able to understand and comply with the requirements of the system.

It is also important that persons with disability and their family members, carers, independent advocates and significant others have access to the documented incident management system. This will allow such people to understand the protections that are in place for persons with disability receiving supports or services from the provider, and their own rights during the incident management process.

Providing the documented system in a manner that is readily accessible may include providing the system in languages other than English, in braille or via an audio recording.

Subsection 2 provides that the incident management system must provide for the following details to be recorded in relation to each incident that occurs:

·         a description of the incident, including the impact on, or harm caused to, any person with disability

·         whether the incident is a reportable incident

·         if known—the time, date and place at which the incident occurred;

·         if the time, date and place at which the incident occurred is not known (that is, if the provider becomes aware of an incident has occurred but they do not know when or where it occurred) —the time and date the incident was first identified;

·         the names and contact details of the persons involved in the incident;

·         the names and contact details of any witnesses to the incident;

·         details of the assessment undertaken in accordance with the requirements of subsection 10(3);

·         the actions taken in response to the incident, including actions taken to support or assist persons with disability affected by the incident;

·         any consultations undertaken with the persons with disability affected by the incident;

·         whether persons with disability affected by the incident have been provided with any reports or findings regarding the incident;

·         if an investigation is undertaken by the provider in relation to the incident—the details and outcomes of the investigation;

·         the name and contact details of the person making the record of the incident.

An NDIS provider may also decide to record any further information that it deems necessary or appropriate.

Subsection 3 provides that the incident management system must provide for the following details to be recorded in relation to each reportable incident that is alleged to have occurred:

·         a description of the alleged incident;

·         if known – the time, date and place at which the incident is alleged to have occurred;

·         the names and contact details of the persons involved in the alleged incident;

·         the names and contact details of any witnesses to the alleged incident;

·         details of the assessment undertaken in accordance with the requirements of subsection 10(3);

·         the actions taken in response to the alleged incident, including actions taken to support or assist persons with disability affected by the incident;

·         any consultations undertaken with the persons with disability affected by the alleged incident;

·         whether persons with disability affected by the incident have been provided with any reports or findings regarding the alleged incident;

·         if an investigation is undertaken by the provider in relation to the alleged incident—the details and outcomes of the investigation;

·         the name and contact details of the person making the record of the alleged incident.

An NDIS provider may also decide record any further information that it deems necessary or appropriate.

Subsection 4 provides that a record made for the purposes of Section must be kept for a period of 7 years from the day that the record is made. Section 73Q of the Act makes it a specific condition of registration that a registered NDIS provider must keep records of the kind, and for the period, prescribed by NDIS rules.

The legislative note sets out that registered NDIS providers may be required to comply with record keeping requirements imposed under other State, Territory or Commonwealth laws.

The record keeping requirements under this instrument are in addition to record keeping requirements imposed under other State, Territory or Commonwealth laws, for example in relation to medical records. Further, any reportable incident that may also be a criminal offence may have an associated statute of limitations that is longer than 7 years. Providers may want to consider retaining records in relation to certain reportable incidents until the relevant statute of limitations has expired.

Subsection 5 provides that the incident management system must require the collection of statistical and other information in relation to incidents to enable the registered NDIS provider to report information relating to incidents to the Commissioner, if requested by the Commissioner. Statistical information may include:

·         the number and frequency of incidents;

·         when and where incidents occur;

·         the type of incidents that occur; and

·         who is involved in incidents (for example, whether particular workers and/or people with disability are involved in multiple incidents).

The collection of statistical information will enable the provider, quality auditors and, if necessary, the Commissioner, to monitor and identify any ongoing or systemic issues so that they can be dealt with in a timely and effective manner.

Section 13 – Roles, responsibilities, compliance and training of workers

Section 13 addresses the roles and responsibilities of persons employed or otherwise engaged by the registered NDIS provider related to the incident management system. In order for an incidents management system to operate effectively, people employed or otherwise engaged by a registered NDIS provider play a crucial role in implementing the system.

Subsection 1 provides that the incident management system must set out the roles and responsibilities of persons employed or otherwise engaged by the registered NDIS provider in identifying, managing and resolving incidents and in preventing incidents from occurring. This makes sure that the system operates effectively to protect persons with disability.

Subsection 2 provides that without limiting subsection (1), the incident management system must provide that each person employed or otherwise engaged by the registered NDIS provider must comply with the incident management system.

Subsection 3 provides that the incident management system must include requirements relating to the provision of training to persons employed or otherwise engaged by the registered NDIS provider in the use of, and compliance with, the incident management system.

The form, method and extent of training must be appropriate to the size of the provider and the class of supports or services provided. For example, a large provider who provides supports or services in several jurisdictions or locations, may be expected to have a formal training program. Alternatively, providers that provide supports or services to people with disability that may have specific vulnerabilities, such as children or persons with an intellectual disability, may have specific training in how to obtain information relating to an incident and how to provide subsequent support.

Part 3 – Reportable Incidents

Section 14 – Simplified outline of this Part

Section 14 provides a simplified outline of Part 3 of this instrument.

Section 15 – Purpose of this Part

Section 15 provides at subsection (1) that Part 3 of this instrument is made for the purposes of section 73Z of the Act. Subsection (2) provides that Part 3 is about reportable incidents that occur (or are alleged to have occurred) in the connection with the provision of supports or services by registered NDIS providers. Such reportable incidents must be notified and managed in accordance with part 3 of the instrument.

The legislative note 1 sets out that Part 3 covers reportable incidents that may have occurred as well as those that have actually occurred. As explained above, the phrase “in connection with” is broad and includes incidents that may have occurred during the course of supports or services being provided or the alteration or withdrawal of supports or services.

The legislative note 2 sets out that the definition of reportable incident is in subsection 73Z(4) of the Act and in section 16 of this instrument.

Subsection 3 provides reportable incidents (as described under subsection 15(2) of this instrument) must be notified and managed in accordance with Part 3. If an incident did not occur in connection with the provision of supports or services, it is not a reportable incident. For example where a person with disability is assaulted but it is not in connection with the provision of supports or services, that assault would not be a reportable incident. However, providers would still be expected to report the incident to police or other relevant authorities and assist the person with disability to access appropriate support services. Additionally, there may be State or Territory mandatory reporting requirements that apply to a worker or other person who becomes aware that an incident has occurred.

The legislative note sets out that a failure to comply with the requirements of Part 3 of the instrument constitutes a breach of a condition of registration under paragraph 73F(2)(h) of the Act and may lead to compliance action under Division 8 of Part 3A of the Act.

Section 16 – what is a reportable incident?

Section 16 describes what incidents are reportable incidents and is made for the purposes of subsection 73Z(5) of the Act, which provides that the NDIS Rules may provide:

·         that a specified act, omission or event is a reportable incident;

·         that a specified act, omission or event is not a reportable incident.

Paragraph 73Z(4)(d) of the Act provides that the unlawful sexual or physical contact with, or assault of, a person with disability is a reportable incident.

Subsection 2 provides that an act specified in paragraph 73Z(4)(d) of the Act that occurs in relation to a person with disability is not a reportable incident if:

·         the act is unlawful physical contact with a person with disability; and

·         the contact with, and impact on, the person with disability is negligible.

The above will still be incidents, and as such will still need to be dealt with and recorded in accordance with the incident management system. This will ensure that patterns of incidents which are not reportable are still picked up and addressed.

A negligible impact is one that is so small or slight that it is unlikely to have any adverse impact on a person with disability.  In assessing whether the contact with, or impact on, a person with disability is negligible, it is expected that providers will consult with any person with disability affected by an incident and as appropriate, their family, carers or representative.

Paragraph 73Z(4)(f) of the Act provides that the use of a restrictive practice in relation to a person with disability, other than where the use is in accordance with an authorisation (however described) of a State or Territory in relation to the person is a reportable incident.

Authorisation in this context encompasses the range of processes in relevant State or Territory legislation or policy and obtaining informed consent of a participant and/or their guardian; approval from a guardianship board or administrative tribunal; and seeking approval from an authorised State or Territory officer.

Subsection 3 provides that despite paragraph 73Z(4)(f) of the Act, the use of a restrictive practice in relation to a person with disability where the use is in accordance with an authorisation (however described) of a State or Territory is a reportable incident if the use is not in accordance with a behaviour support plan for the person with disability.

This reflects the requirement in the National Disability Insurance Scheme (Restrictive Practices and Behaviour Support) Rules 2018 that regulated restrictive practices must only be used in accordance with a behaviour support plan.

Where a provider uses a regulated restrictive practice in relation to a person with disability, the use of that restrictive practice, in accordance with the Restrictive Practices and Behaviour Support Rules, must be used in accordance with a State or Territory authorisation process (however described) AND in accordance with a behaviour support plan that includes that restrictive practice. While a State or Territory authorisation process (however described) ensures the use of the Restrictive Practice is permitted in that State or Territory, the behaviour support plan is essential in ensuring there is a proper plan and process implemented for the use of the restrictive practice.

The legislative note sets out that the definition of reportable incident is in subsection 73Z(4) of the Act and in section 16 of this instrument.

Subsection 4 provides that despite paragraph 73Z(4)(f) of the Act, the use of a restrictive practice in relation to a person with disability where the use is not in accordance with an authorisation (however described) of a State or Territory is not a reportable incident if:

·         the use is in accordance with a behaviour support plan for the person with disability; and

·         the State or Territory in which the restrictive practice is used does not have authorisation process in relation to the use of the restrictive practice.

There is inconsistency in relation to the authorisation process (however described) in relation to restrictive practices across the States and Territories. It may be the case that there will be authorisation processes for some restrictive practices in a state or territory and no authorisation process for other restrictive practices within the same State or Territory. It may also be the case that a restrictive practice will be required to be authorised in one State or Territory and not another. This subsection reflects this state of affairs and ensures that providers are not having to report the use of a restrictive practice that is not in accordance with an authorisation process (however described) due to the fact that no authorisation process exists for the use of that restrictive practice in that State or Territory.

Section 17 – Reportable incidents include alleged reportable incidents

Section 17 provides that a reference in this Part to a reportable incident that has occurred includes a reference to a reportable incident that is alleged to have occurred.

Given the nature of reportable incidents, it is important that all allegations are taken seriously unless or until it is determined whether or not a reportable incident did in fact occur. This is an important safeguard to ensure that an allegation cannot be dismissed until it has been determined whether or not a reportable incident occurred, or at the minimum, all steps have been taken to look in to the allegation to attempt to determine whether or not a reportable incident occurred.

Section 18 – Duty of key personnel of registered NDIS providers in relation to reportable incidents

Section 18 provides that the following people must take all reasonable steps to ensure that reportable incidents that occur in connection with the provision of supports or services by a registered NDIS provider are notified to the Commissioner:

·         members of the key personnel of the provider;

·         the person or role specified in the provider’s incident management system, for the purposes of paragraph 10(1)(c).

Although workers have a duty to comply with an incident management system, and notify relevant persons of a reportable incident, the responsibility for ensuring that the requirements of this instrument in relation to reportable incidents lies with members of the key personnel and any other nominated or specified person.

Section 19 – Duty of workers to notify registered NDIS provider of reportable incidents

Section 19 provides that if a person employed or otherwise engaged by a registered NDIS provider becomes aware that a reportable incident has occurred in connection with the provision of supports or services by the provider, the person must notify one of the following of that fact as soon as possible:

·         a member of the provider’s key personnel;

·         a supervisor or manager of the person;

·         the person specified in the provider’s incident management system for the purposes of paragraph 10(1)(c).

It is expected that ‘as soon as possible’ will be considered with a sense of urgency. For example it would not be appropriate for a worker who becomes aware of a reportable incident at the end of a shift to wait for the next shift to notify the relevant person.

Section 20 – Certain reportable incidents must be notified to the Commissioner within 24 hours

Section 20 provides that certain reportable incidents must be notified to the Commissioner within 24 hours, and prescribes what information must be provided to the Commissioner and how that information is to be provided.

Subsection 1 provides that section 20 applies if a registered NDIS provider becomes aware that a reportable incident has occurred in connection with the provision of supports or services by the provider and the reportable incident is:

·         the death of a person with disability; or

·         the serious injury of a person with disability; or

·         the abuse or neglect of a person with disability; or

·         the unlawful sexual or physical contact with, or assault of, a person with disability, noting that pursuant to subsection 16(2) certain physical contact is not a reportable incident and so is not covered by the requirements of this section; or

·         sexual misconduct committed against, or in the presence of, a person with disability, including grooming of the person for sexual activity.

The legislative note sets out that for the purposes of paragraph (b)(iv), that under section 16(2) certain physical contact is not a reportable incident and so is not covered by the requirements of section 16.

Subsection (2) provides that registered NDIS providers have 24 hours to report an incident to the Commissioner.  Although this is the maximum timeframe for reporting, providers will be encouraged to notify the Commissioner of a reportable incident as soon as possible after the incident has occurred, particularly in the case of serious incidents having a major impact on a person with disability, such as a sexual assault. The 24 hours timeframe recognises that a provider’s first priority should be ensuring the health, safety and wellbeing of any affected person with disability.

Subsection 2 provides that, subject to subsection (3) the registered NDIS provider must notify the Commissioner of the following information within 24 hours:

·         the name and contact details of the registered NDIS provider;

·         a description of the reportable incident;

·         except for a reportable incident that is the death of a person with disability —a description of the impact on, or harm caused to, the person with disability;

·         the immediate actions taken in response to the reportable incident, including actions taken to ensure the health, safety and wellbeing of persons with disability affected by the incident and whether the incident has been reported to police or any other body;

·         the name and contact details of the person making the notification;

·         if known – the time, date and place at which the reportable incident occurred;

·         the names and contact details of the persons involved in the reportable incident, which may include independent advocates, nominees, representatives and guardians;

·         any other information required by the Commissioner.

The notification under subsection 2 may be given by telephone or in writing. If the notification is given in writing, the Commissioner must acknowledge its receipt within 24 hours. If the notification is given by telephone, the Commissioner is not required to acknowledge receipt as it is considered that by speaking with the provider on the phone, receipt of the notification has been acknowledged.

The legislative note sets out that the information required under paragraphs (b), (c), (f) and (g) may not need to be given in the circumstances described in section 22 of this instrument.

Subsection 3 provides that if, within 24 hours after the provider became aware that the incident occurred, the provider does not have sufficient information to inform the Commissioner of the time, date and place at which the reportable incident occurred, and/or the names and contact details of the persons involved in the reportable incident, the provider may provide that information within 5 business days after the provider became aware that the incident occurred. All other information listed above still needs to be provided within 24 hours.

It is important that, in the aftermath of a reportable incident, a provider’s first priority is managing with the consequences of the incident including ensuring the health, safety and wellbeing of people with disability, obtaining necessary medical attention, contacting support people for an affected person with disability and reporting incidents to law enforcement agencies where required. As such, it may not be possible to notify the Commissioner of all of the required information within 24 hours, and the remaining information can be provided within 5 business days. The information that must be provided within 24 hours is required to enable the Commissioner to determine whether the provider has taken the appropriate action.    

Subsection 4 provides that the registered NDIS provider must also notify the Commissioner of the following information within 5 business days of becoming aware of a reportable incident:

·         the names and contact details of any witnesses to the reportable incident;

·         any further actions proposed to be taken in response to the reportable incident.

This notification under this subsection must be given in writing. This report is required regardless of whether further information is available since the initial notification was made. The Commissioner must acknowledge receipt of the notification within 24 hours.

Subsection 8 provides that the Commissioner must approve a form for the purposes of giving notifications in writing under this section. It is intended that the approved form will be an interactive form available on the Commission’s website (www.ndiscommission.gov.au).

Section 21 – Other reportable incidents must be notified to the Commissioner within 5 business days

Section 21 provides that certain reportable incidents need to be notified within 5 business days.

Subsection 1 provides that a registered NDIS provider must notify the Commissioner in accordance with this section if the registered NDIS provider becomes aware that a reportable incident has occurred in connection with the provision of supports or services by the provider; and the reportable incident is not of a kind covered by paragraph 20(1)(b).

The following are reportable incidents that are not covered by paragraph 20(1)(b):

·         the use of a restrictive practice in relation to a person with disability if the use is not in accordance with a behaviour support plan for the person with disability, even if it has been authorised by a State or Territory; and

·         the use of a restrictive practice in relation to a person with disability where the use is not in accordance with an authorisation (however described) of a State or Territory, noting that subsection 16(4) provides that such a use would not be a reportable incident if the use is in accordance with a behaviour support plan for the person with disability and the State or Territory in which the restrictive practice is used does not have authorisation process in relation to the use of the restrictive practice.  

There are also additional reporting requirements under the National Disability Insurance Scheme (Restrictive Practices and Behaviour Support) Rules 2018 where the reportable incident relates to the use of a restrictive practice which is not in accordance with a State or Territory authorisation or a behaviour support plan.

Reportable incidents in this category will also be referred to the Senior Practitioner for action and the 5 day reporting timeframe enables a provider to report on the outcomes, interventions and steps that have been taken to manage and prevent the further use of an unauthorised restrictive practice. The Senior Practitioner will be responsible for providing leadership in behaviour support, and in the reduction and elimination of the use of restrictive practices, by NDIS providers.

In the event that the use of an unauthorised restrictive practice results in another reportable incident, the incident will be reportable within 24 hours. For example if the restrictive practice results in:

·         the serious injury of a person with disability;

·         the abuse or neglect of a person with disability; or

·         the unlawful sexual or physical contact with, or assault of, a person with disability.

Subsection 2 provides that a notification given under this section must:

·         be given in writing; and

·         be given within 5 business days after the provider became aware that the reportable incident occurred; and

·         include all of the information required by subsection (3).

Subsection 3 provides that the information required is as follows:

·         the name and contact details of the registered NDIS provider;

·         a description of the reportable incident, including the impact on, or harm caused to, the person with disability;

·         the time, date and place at which the reportable incident occurred;

·         the names and contact details of the persons involved in the reportable incident, which may include independent advocates, nominees, representatives and guardians;

·         names and contact details of any witnesses to the reportable incident;

·         the immediate actions taken in response to the reportable incident, including actions taken to ensure the health, safety and wellbeing of persons with disability affected by the incident and whether the incident has been reported to police or any other body;

·         any further actions proposed to be taken in response to the reportable incident;

·         the name and contact details of the person making the notification;

·         any other information required by the Commissioner.

The legislative note sets out that the information required under paragraphs (b) to (e) may not need to be given in the circumstances described in section 22 of this instrument.

Subsection 4 provides that the Commissioner must acknowledge receipt of the notification within 24 hours after receiving it.

Subsection 5 provides that the Commissioner may approve a form for the purposes of giving notifications under this section. It is intended that the approved form will be an interactive form available on the Commission’s website (www.ndiscommission.gov.au).

Section 22 - Circumstances in which certain information relating to reportable incidents need not be notified

Section 22 provides that a registered NDIS provider is not required to obtain, or notify the Commissioner of certain information if obtaining the information would, or could reasonably be expected to:

·         prejudice the conduct of a criminal or other investigation;

·         cause harm to a person with disability.

The information that need not be obtained or notified is that mentioned in paragraphs 20(2)((b), (c), (f) or (g), 20(4)(a) or 21(3)(b), (c), (d) or (e), namely:

·         a description of the reportable incident;

·         except for a reportable incident that is the death of a person with disability —a description of the impact on, or harm caused to, the person with disability;

·         the names and contact details of the persons involved in the reportable incident;

·         the time, date and place at which the reportable incident occurred;

·         names and contact details of any witnesses to the reportable incident

For example, in the event that a person with disability makes a disclosure about abuse, a worker asking questions to obtain the information required under sections 20 and 21 may interfere in the proper conduct of a subsequent criminal or other investigation (including a Commission investigation). Further, a worker not specifically trained to seek information from a person with disability about, for example a sexual assault, may cause harm to that person if they ask questions to obtain the required information. 

The Commissioner will issue guidance for providers to assist them to identify situations where the information does not need to be provided. The guidance will be available on the Commission’s website (www.ndiscommission.gov.au).

Section 23 – Keeping the Commissioner updated

Section 23 provides that providers must keep the Commissioner updated in relation to reportable incidents.

Subsection 1 provides that section 23 applies if a registered NDIS provider gives notification under section 20 or 21 at a particular time, and the provider becomes aware of significant new information in relation to the incident after that time, and the significant new information:

·         is or relates to a change in the kind of reportable incident; or

·         is a further reportable incident.

For example, if the initial notification relates to the assault of a person with disability, and that person with disability later dies, the category of reportable incident has changed and the provider must notify the Commissioner.

Alternatively, if the initial notification relates to a physical assault, and during the course of investigating the incident, the provider identifies that a sexual assault also occurred as part of the same incident, that information would be considered significant new information in relation to the initial reportable incident and the provider must notify the Commissioner under this section.

If notification is given under this section of a further reportable incident, the registered NDIS provider is not required to notify the Commissioner of that incident under sections 20 or 21. That is, the provider is not required to make an additional notification, over and above the one required under this section.

Subsection 2 provides that a registered NDIS provider must notify the Commissioner of significant new information as soon as reasonably practicable after becoming aware of the information.

Subsection 3 provides that the notification must be given in writing.

Subsection 5 provides that the Commissioner may approve a form for the purposes of giving notifications in writing under this section.

Section 24 - Providing the Commissioner with a final report

Section 24 imposes a requirement on registered NDIS providers to provide a final report to the Commissioner in relation to a reportable incident, and sets out the requirements of such a report.

Subsection 1 provides that if a registered NDIS provider gives notification of a reportable incident under subsection 20(4) or section 21, the Commissioner may require the provider to give the information specified in subsection (2) to the Commissioner. That information must be given within 60 business days after the initial notification is given under subsection 20(4) or section 21, or a longer period specified by the Commissioner.

Subsection 2 sets out the information that must be provided as part of the final report. This includes:

·         details of any internal or external investigation or assessment that has been undertaken in relation to the incident, including:

o   the name of person who undertook the investigation; and

o   when the investigation was undertaken; and

o   details of any findings made; and

o   details of any corrective or other action taken after the investigation;

·         a copy of any report of the investigation or assessment.

·         whether persons with disability affected by the incident (or their representative) have been kept informed of the progress, findings and actions relating to the investigation or assessment.

·         any other information required by the commissioner.

For the purposes of subsection (2) ‘assessment’ includes, but is not limited to, an assessment undertaken for the purposes of subsection 10(3) of this instrument. An ‘investigation’ includes, but is not limited to, an investigation undertaken for the purposes of paragraph 10(1)(f) or an investigation required by the Commissioner under paragraphs 26(1)(d) or 26(1)(e).

A ‘report’ includes, but is not limited to, a record made for the purposes of paragraphs 12(2)(g) or 12(3)(e), being a record of an assessment that was undertaken for the purposes of subsection 10(3).

Subsection 3 provides that the above information must be given in writing.

Subsection 4 provides that the Commissioner must approve a form for the purposes of giving information under this section. It is intended that the approved form will be an interactive form available on the Commission’s website (www.ndiscommission.gov.au).

Section 25 – Record keeping

Section 25 sets out the minimum requirements on a registered NDIS provider to keep records relating to reportable incidents. Section 73Q of the Act makes it a specific condition of registration that a registered NDIS provider must keep records of the kind, and for the period, prescribed by NDIS rules.

These record keeping requirements are in addition to record keeping requirements imposed under other State, Territory or Commonwealth laws, for example in relation to medical records.

Subsection 1 provides that if a registered NDIS provider becomes aware that a reportable incident has occurred in connection with the provision of supports or services by the provider, the provider must keep a record of the incident.

Subsection 2 provides that the record must be kept for 7 years from the day that notification of the reportable incident is given under subsection 20(2), paragraph 21(2)(b) or subsection 23(2) as the case requires.

Any reportable incident that may also be a criminal offence may have an associated statute of limitations that is longer than 7 years. Providers may want to consider retaining records in relation to certain reportable incidents until the relevant statute of limitations has expired.

The legislative note sets out that providers may be required to comply with other Commonwealth, State or Territory laws in relation to the retention of records.

Subsection 3 provides that it is sufficient compliance with this section if the provider keeps the record of the reportable incident required to be made under section 12.

Section 26 – Action by the Commissioner in relation to reportable incidents

Section 26 sets out the action that the Commissioner may take in relation to a reportable incident.

Subsection 1 provides that the Commissioner may, upon receiving notification that a reportable incident has occurred in connection with the provision of supports or services by a registered NDIS provider, take one or more specified courses of action.

Paragraph (1)(a) provides that the Commissioner may refer the incident to another person or body with responsibility in relation to the incident (such as a State or Territory agency responsible for child protection). Other examples of persons or bodies may include consumer protection agencies, state and territory Coroners and work health and safety regulators. This is subject to the information protections established under the Act.

Paragraph (1)(b) provides that the Commissioner may require or request the provider to undertake specified remedial action in relation to the incident within a specified period, including remedial action to ensure the health, safety and wellbeing of persons with disability affected by the incident. For example, the Commissioner may require a provider to implement new systems or procedures to provide additional protections or safeguards for people with disability.

Paragraph (1)(c) provides that the Commissioner may require the provider to carry out an internal investigation in relation to the incident, in the manner and within the timeframe specified in by the Commissioner, and to provide a report on the investigation to the Commissioner. This may be in addition or instead of an investigation carried out by the provider under paragraph 10(1)(f). If the Commissioner is not satisfied with the internal investigation, the Commissioner may require the provider to undertake further investigation or work.

Paragraph (1)(d) provides that the Commissioner may require the provider to engage an appropriately qualified and independent expert, at the expense of the provider, to carry out an investigation in relation to the incident, in the manner and within the timeframe specified in by the Commissioner, and to provide a report on the investigation to the Commissioner. This may be in addition to an internal investigation required under paragraph (1)(d). The Commissioner may specify the person or body who should carry out the investigation including by requesting a provider to nominate one or more persons or bodies for the Commissioner to specify.

Paragraph (1)(e) provides that the Commissioner may carry out an inquiry in relation to the incident in accordance with section 27.

Paragraph (1)(f) provides that the Commissioner may take any other action that the Commissioner considers reasonable in the circumstances. This may include providing information to state and territory worker screening bodies.

The legislative note sets out that Commissioner may also share information in relation to a reportable incident in accordance with section 67E of the Act and the National Disability Insurance Scheme (Protection and Disclosure of Information - Commissioner) Rules 2018. For example, the Commissioner is able to share information with appropriate bodies or agencies, for example with a body or entity that has responsibility for regulating health practitioners such as the Australian Health Practitioner Regulation Agency.

Subsection 2 provides that if an investigation is carried out under paragraph (1)(c) or (d) in relation to a reportable incident, the Commissioner may take any action that the Commissioner considers appropriate.  For example, to provide advice, information and direction about responses to the investigation and monitor the implementation of actions taken in response to the findings of an investigation.

Subsection 3 provides that, without limiting subsection (2), the Commissioner may provide, or require the registered NDIS provider to provide, information on the progress or outcome of the investigation to:

·         the person with disability involved in the incident (or a representative of the person); and

·         with the consent of the person with disability (or a representative of the person)—any other person.

For example, information may be provided to independent advocates, and support people.

Part 4 – Inquiries by the Commissioner

Section 27 – Inquiries by the Commissioner in relation to reportable incidents

Section 27 prescribes how and when the Commissioner may undertake an inquiry in relation reportable incidents and is made for the purposes of section 73Z of the Act.

The inquiry process is intended to determine or define potential matters including any systemic issues which may be connected with supports or services provided under the NDIS.  Where the Commissioner determines or defines an issue but has no direct ability to further consider or resolve the matter, the Commissioner may provide a report and recommendations to assist in the resolution of issues and further the Commissioner’s functions in relation to promoting and protecting the rights, health, safety and wellbeing of people with disability.  An inquiry may also lead to the Commissioner engaging monitoring or investigation powers in relation to NDIS provider compliance with the Act.

Inquiries also assist the Commissioner to carry out his or her reportable incidents function under paragraph 181F(g) which provides that one of the Commissioner’s functions is to collect, correlate, analyse and disseminate information relating to incidents, including reportable incidents, to identify trends or systemic issues.

Subsection 2 provides that the Commissioner may carry out an inquiry in relation to a reportable incident that has occurred in connection with the provision of supports or services by a registered NDIS provider.

Subsection 3 provides that the Commissioner may carry out an inquiry in relation to a series of reportable incidents that have occurred in connection with the provision of supports or services by one or more registered NDIS providers. This allows the Commissioner to inquire into emerging risks or areas of concern across the NDIS market, and not just in relation to a specific provider or incident.

Subsection 4 provides that an inquiry may be carried out whether or not notification of the reportable incident or reportable incidents has been received under section 20 or 21. This allows the Commissioner to authorise an inquiry where they become aware of a reportable incident or alleged reportable incident that has not been reported to the Commissioner. The Commissioner may become aware of a reportable incident that has not been notified as part of the quality auditing process or when the Commissioner requests information for another purpose. The Commissioner may also become aware of a reportable incident through a complaint or through public statements or media reports.

Subsection 5 provides that an inquiry may be carried out as the Commissioner thinks fit and the Commissioner is not bound by any rules of evidence. Although the Commissioner is not bound by the rules of evidence, he or she must comply with the principles of natural justice and broader administrative law. As required by section 28, the Commissioner must also comply with principles of procedural fairness.

Subsection 6 sets out some of the actions that the Commissioner may take in conducting an inquiry and provides that the Commissioner may:

·         consult with other persons, bodies and governments on matters relating to the inquiry; or

·         request information that is relevant to the inquiry from any person; or

·         provide opportunities for people with disability to participate in the inquiry.

This subsection does not limit the actions that the Commissioner may take in carrying out an inquiry. In requesting information, the Commissioner is able to use the information gathering power in section 55A of the Act to require a person (other than a person with disability receiving supports or services or a prospective participant) to provide information or documents within their custody or control if the Commissioner considers that that information may be relevant to the Commissioner’s reportable incidents function, which encompasses inquires in relation to reportable incidents. Registered NDIS providers are also subject to a condition of registration that they provide information to the Commissioner upon the Commissioner’s request (paragraph 73F(2)(i) of the Act).

Subsection 7 provides that the Commissioner may prepare and publish a report setting out his or her findings in relation to the inquiry.

The content and form of the report are at the discretion of the Commissioner. For example, the Commissioner may decide not to publish certain findings where those findings may compromise the privacy, or the health, safety and wellbeing of a person with disability.

Part 5 – Other matters

Section 28 – Commissioner must comply with procedural fairness rules

Section 28 provides that in dealing with a reportable incident, the Commissioner must have due regard to the rules of procedural fairness. The Commissioner may make guidelines for the purposes of dealing with reportable incidents, including in relation to matters of procedural fairness under subsection 181D(2) of the Act.

Procedural fairness is a common expectation that people have when decisions that may affect them are being made by government, employers and other organisations. In essence, people expect that a decision will be based on relevant facts and circumstances; that they will have an opportunity to contribute to the decision and to contest any adverse material; the decision-maker will be impartial and even-handed; and an adverse decision will be explained.

The legislative note sets out that the Commissioner may make guidelines under subsection 181D(2) of the Act for the purposes of dealing with reportable incidents including addressing matters of procedural farness.

Section 29 – Commissioner may take action under the Act

Section 29 provides that nothing in this instrument prevents the Commissioner from taking action under Division 8 of Part 3A of the Act in relation to:

·         an incident, including a reportable incident, that occurs in connection with providing supports or services to a person with disability; or

·         information received by the Commissioner under this instrument.

Division 8 of Part 3A of the Act sets out the compliance and enforcement framework for monitoring compliance with the Act and taking action to enforce compliance.  This section makes it clear that the Commissioner is able to take compliance and/or enforcement action regardless of any other action taken (or not taken) under the instrument.

 


Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

 

National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 2018

The National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 2018 (the instrument) is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview of the legislative instrument

The instrument prescribes a scheme for the management of incidents by registered NDIS providers, and the management of reportable incidents my the Commissioner of the NDIS Quality and Safeguards Commission (the Commissioner).

The instrument sets out the minimum requirements of an incident management system. The purpose of an incident management system is to ensure that NDIS providers, key personnel and workers are aware of their responsibilities in relation to incidents, while persons with disability, their families, carers, advocates and others are aware of their rights and the support and protections available to them. The instrument requires providers to have a series of procedures in place which must be complied with by workers, key personnel and any person employed or otherwise engaged by an NDIS provider

An incident management system must also record details of incidents and the provider’s response to them. Providers are required to use this data to prevent incidents, improve their practices and support the capacity of workers to respond quickly and appropriately to incidents when they occur. This also ensures that quality auditors can assess a provider’s history of incidents and incident management and refer issues to the Commissioner if necessary.

The instrument also sets out how reportable incidents are to be identified, recorded and responded to. Providers have responsibility for dealing with reportable incidents, including conducting investigations into the causes of an incident and identifying and implementing appropriate remedial measures.

The Commissioner will have oversight of the management of reportable incidents and focus on building the capacity of NDIS providers to respond to incidents and to prevent recurrence of avoidable incidents.

The Commissioner also has the power to intervene and require a provider to take certain action where appropriate. In addition to the Commissioner’s compliance and enforcement powers provided under division 8 of part 3A of the Act, the Commissioner has the power to conduct inquiries into a reportable incident, or a series of reportable incidents.

Human rights implications

This instrument engages the following rights:

·         The rights of people with disabilities in the Convention on the Rights of Persons with Disabilities (CRPD), especially articles 3, 4, 5, 7, 12, 14, 16, 17, 21, 22, 25, 28 and 31;

·         The rights of children in the Convention on the Rights of the Child (CRC), especially articles 16, 19, 23 and 24

·         Articles 7(b), 11 and 12 of the International Covenant on Economic, Social and Cultural Rights (ICESCR); and

·         Article 17 of the International Covenant on Civil and Political Rights (ICCPR).

Standards of living and health

The instrument engages the right to an adequate standard of living and the right to the enjoyment of the highest attainable standard of physical and mental health, as contained in articles 11 and 12of the ICESCR and articles 25 and 28 of the CRPD.

It outlines the minimum requirements that a registered NDIS provider is required to have in place to respond to, learn from and prevent incidents. It also specifies how the Commissioner will deal with reportable incidents to ensure the health, safety and wellbeing of people with disability. Reportable incidents include instances of violence, abuse and neglect.

Protection from exploitation, violence and abuse

This instrument engages with article 16 of the CRPD and article 19 of the CRC by taking legislative and other measures to protect persons with disabilities from all forms of exploitation, violence and abuse  and to ensure that instances of exploitation, violence and abuse against persons with disability are identified, investigated and where appropriate prosecuted.

The instrument requires registered NDIS providers to document and manage incidents, including reportable incidents, in consultation with people with disability and their representatives. The instrument also specifies how the Commissioner may respond to and deal with reportable incidents to ensure that people with disability are protected from exploitation, violence and abuse.  

Equality before the law and equal access to justice

By ensuring that people with disability are kept appropriately involved in the management of incidents, and by requiring measures that will protect people with disability who have been affected by an incident, the instrument engages the right of people with disability to equal recognition before the law and effective access to justice, in accordance with articles 12 and 13 of the CRPD.

Conclusion

The instrument is compatible with human rights as it promotes the human rights to an adequate standard of living, the highest attainable standard of physical and mental health, protection from exploitation, violence and abuse and equality before the law and equal access to justice. 

 

Graeme Head, Commissioner of the NDIS Quality and Safeguards Commission