Incidents in NDIS supports and services
An ‘incident’ is:
- an act, omission, event or circumstance that has or could have caused harm to a person with disability, or
- when a person with disability has caused serious harm or the risk of serious harm to another person.
Incidents that happen as part of the delivery of NDIS supports and services need to be identified, assessed, recorded, managed and resolved, while making sure the person with disability feels safe, respected and informed.
Incident management systems
Providers should use an 'incident management system' to manage any incidents that occur. This is a dedicated set of processes and procedures that set out the actions and responsibilities of workers, the registered NDIS provider, and other stakeholders during the management of an incident. The system focuses on the safety and wellbeing of people with disability.
- All NDIS providers should have an ‘incident management system’.
- Registered providers must have an incident management system as part of their registration conditions. Registered providers must also report certain incidents to the NDIS Commission.
Reportable incidents
Registered providers must report some acts – or alleged acts – that relate to serious harm or unauthorised restrictive practices to the NDIS Commission. They are known as ‘reportable incidents’.
Definitions, instructions and timeframes are available at Reportable incidents.
Your incident management system should:
- be appropriate for your size and for the classes of supports or services you're delivering
- be documented in an accessible form
- be accessible to all workers employed or otherwise engaged by you and to persons with disability receiving supports or services from you.
Steps for managing incidents
The NDIS Code of Conduct requires all providers to respond to incidents that occur while delivering NDIS supports and services. When you’re dealing with an incident and a person with disability, you’re not just investigating and taking action – you’re making the person with disability feel safe, respected and involved, and working out what you can learn from the incident to improve the quality and safety of your supports and services.
1. Identify the incident
Incidents may be identified by:
- a worker or other person who witnessed the incident
- a person with disability providing the details of the incident to you
- another party who informs you they are aware of an incident.
Not all incidents are obvious. Sometimes there may be indirect indicators that an incident has happened, such as a change in behaviour or physical evidence. Possible indicators are listed in section 3.1 of the Incident Management Systems: Detailed Guidance for Registered NDIS Providers.
Your organisation should have a culture where workers and participants feel comfortable to report incidents to you. When you know about all incidents, you can work towards safer supports and services for people with disability.
2. Immediately support the impacted person
- Make sure anyone impacted by the incident – a person with disability, NDIS workers or others – are safe and well.
- Call 000 if the impacted person needs immediate medical care or you suspect a criminal offence has occurred. Do not delay taking this action.
A ‘response plan’ is good practice that gives staff guidance on what to do after an incident. A response plan can include:
- immediate actions to look after the health, safety, and wellbeing of people affected by the incident
- steps to assess any immediate risks, and guidance in minimising them
- where and how to report the incident to your key personnel or the NDIS Commission if it is or could be a reportable incident.
More information is available in section 3.2 of the Incident Management Systems: Detailed Guidance for Registered NDIS Providers.
3. Record the incident
You must record the details and any evidence of the incident. You must also store these records in a way that will maintain the privacy and confidentiality of the people affected by the incident. Your incident management system should describe where and how these records are created and stored, for example a process could describe an electronic form that is completed within 24 hours.
More information on the type of information that should be recorded and stored is in section 3.3 of the Incident Management Systems: Detailed Guidance for Registered NDIS Providers.
4. Reporting and assessing the incident
Your incident management system should include an internal procedure for reporting incidents. For example, you might have an online form that’s submitted in the appropriate business system and automatically assigned to the Client Safety Manager, then a face-to-face discussion to check if the response plan has been followed.
Next a member of your staff should assess the incident to determine:
- why the incident occurred
- whether the incident could have been prevented
- how well the incident was managed and resolved
- what needs to happen to prevent further similar incidents, or to minimise their impact
- whether other people or organisations need to be notified, including informing the NDIS Commission of any reportable incidents.
For more information see section 3.4 of the Incident Management Systems: Detailed Guidance for Registered NDIS Providers.
5. Investigation
If the initial assessment isn’t able to identify the right information, you may need to complete an investigation, or be required to complete one by the NDIS Commission. An investigation aims to:
- establish the cause of the incident
- determine its impact
- identify operational issues that may have contributed to its occurrence.
For more information see section 3.5 of the Incident Management Systems: Detailed Guidance for Registered NDIS Providers.
6. Learnings
The records, assessment and investigation of the incident are now a useful tool for identifying process changes and improving the safety of your services. See section 3.6 of the Incident Management Systems: Detailed Guidance for Registered NDIS Providers.
An NDIS provider helps Bonnie with daily support activities. She lives with cerebral palsy and has trouble communicating. During a care session, Tom, her support worker, saw Bonnie flinch when he moved her leg and noticed bruises. Bonnie looked worried and could not explain what happened. Concerned about her safety, Tom followed his employer’s procedure and reported the incident straight away. Tom felt comfortable to report the incident and knew the procedures.
The provider used a trauma informed approach and made sure Bonnie was safe and made sure she felt safe and supported. Tom assisted Bonnie to communicate via her preferred method – a speech device – to hear her concerns. Tom and the provider talked to Bonnie about her rights and about having someone to support her through the assessment and investigation. In consultation with Bonnie and her guardian, she was taken for a check-up to rule out serious injuries. Bonnie and her guardian were kept updated and included in resolving the incident.
The provider wanted to manage, resolve and to prevent the incident from occurring again. They:
- checked to see when and how the bruising happened
- talked to Bonnie’s doctors to check for any health issues
- assessed the environment and the people Bonnie had contact with.
The supervisor entered the details into their incident management system and followed the escalation steps. The reporting process was straightforward and responded to the level of risk, so there were no delays.
The unexplained bruises made this a reportable incident under NDIS rules, as they could be the result of abuse or neglect.
- The provider informed the NDIS Quality and Safeguards Commission within 24 hours.
- As part of the internal review, they interviewed all staff involved in Bonnie’s care.
- The provider assigned a manager to oversee the response and made sure all actions were documented and in line with compliance standards.
No staff misconduct was found. The provider spoke with Bonnie and her guardian after the internal investigation to find ways to improve their service. As a result, they:
- improved staff training in spotting and recognising the signs of possible abuse or injury
- developed a policy for finding injuries early in participants who have higher levels of support
- improved procedures for reviewing all unexplained injury incidents.
Requirements for registered providers: Incident management systems
Your requirements for an incident management system are described in the NDIS Practice Standards Core Module: Provider governance and operational management – Incident management.
Procedures
Your incident management system must include written procedures that describe:
- how incidents are identified, recorded and reported
- who incidents must be reported to
- the person who is responsible for notification of reportable incidents to the NDIS Commission
- how you will provide support and assistance to the impacted person of an incident (including information about access to advocates and supports)
- how the impacted person will be involved in the management and resolution of the incident
- details of any investigations conducted to establish the causes of a particular incident, its effect and any operational issues that may have contributed to the incident occurring, and the nature of that investigation
- when corrective action is required and the nature of that action.
Guidelines on effective incident management
The NDIS Commission has the Incident Management Systems: Detailed Guidance for Registered NDIS Providers that describes the detail of the practices and systems described above. It's written for registered providers but is useful for unregistered providers.