24 Hours or Bust: NDIS Incident Reporting That Protects Your Registration

24 Hours or Bust: NDIS Incident Reporting That Protects Your Registration

Audits across the NDIS are zeroing in on timeliness, consistency and evidence of learning. Under workforce pressure and shifting participant expectations, even small gaps in incident triage can trigger compliance notices, expanded audits, registration conditions and a rapid loss of trust. Here’s how to stay audit‑ready and protect your registration.

1) The Situation: Regulatory Compliance Under Intensified Scrutiny

A common shift scenario: a participant presents with an unexplained bruise. The incident is logged, but the team debates “reportable or not?” A manager isn’t reached until hour 36. The late notification forces corrective actions and exposes unclear thresholds across sites. This is not a one‑off—it’s a pattern auditors now expect you to prevent.

Type of situation: Regulatory compliance update and emerging risk (mandatory incident reporting and record‑keeping under the NDIS Quality and Safeguards Commission).

2) Why It Matters to Your Business

Incident missteps are business risks, not just paperwork problems.

• Compliance notices, corrective action plans and registration conditions.
• Expanded audit scope (time, cost, stress) and heightened oversight.
• Payment Assurance reviews: if records are incomplete, payments can be questioned or recovered.
• Reputational damage with participants, families and referrers; morale drops among staff.
• Leaders lose time to reactive remediation instead of service quality and growth.

3) Know the Rules in Plain English

Core expectations under the NDIS (Incident Management and Reportable Incidents) Rules 2018

• Notify the NDIS Commission within 24 hours for death, serious injury, abuse or neglect, unlawful sexual or physical contact/assault, and sexual misconduct.
• Unauthorised use of restrictive practice: notify within 5 business days (within 24 hours if it results in serious injury).
• Submit the 5‑day follow‑up report with outcomes, actions and evidence of learning.
• Keep incident and investigation records for at least 7 years. Keep invoicing/claim records for at least 5 years to satisfy the Provider Payment Assurance Program.
• Usually only one registered provider reports a participant death—coordinate promptly to avoid duplication or gaps.

The NDIS Commission registers and regulates providers, handles complaints and responds to reportable incidents. Providers must operate and comply with relevant Australian laws, rules and regulations.

4) Where It Breaks: The Unexplained Bruise

A fast‑moving shift, a slow decision

1. T+0: Support worker notes bruise, logs a low‑detail entry in the incident register.
2. T+8h: Team chat debates whether it’s “reportable.” No clear threshold or decision owner.
3. T+36h: Manager reviews, decides it is reportable. Notification is late.
4. T+45h: Corrective actions and retraining ordered; audit scope expands to other sites.

Business impact: avoidable non‑compliance, operational drag, and a preventable trust hit.

5) Quick Win: Run a “24‑Hour Rule” Drill This Week

1. Pick 3 scenarios: unexplained injury, suspected neglect, unauthorised restrictive practice.
2. Practice the clock: start a timer; confirm which are reportable and within what window (24 hours vs 5 business days).
3. Assign roles: who decides reportability, who notifies, who drafts the 5‑day follow‑up, who briefs the participant/family.
4. Capture evidence: contemporaneous notes, photos (if appropriate), witness accounts, actions taken.
5. Rehearse the 5‑day follow‑up report: complete a template with causes, actions, and evidence of learning.
6. Debrief: identify bottlenecks, clarify thresholds, and update the SOP.

Evidence to capture from the drill

• Time‑stamped decision trail (who decided what, when, and why).
• Correct form versions and file locations in your incident register.
• Training attendance and competence checks for staff involved.

6) System Fix: Document Once, Guide Everyone

Build a single source of truth

• Minimal incident SOP: definitions (what’s reportable), decision tree, escalation matrix, notification templates, and 5‑day follow‑up checklist.
• Role clarity: on‑call decision owner 24/7; backup if unreachable.
• Records architecture: incident and investigation records retained ≥7 years; invoicing/claim records ≥5 years; consistent naming conventions; index for audits.
• Remote‑ready instructions: mobile‑friendly forms, offline capture, and a hotline for urgent triage.
• Continuous learning loop: after‑action reviews logged, actions tracked to closure, changes version‑controlled.

Document your business or get out. When every worker—on‑site or remote—has the same instructions, the “Is it reportable?” debate becomes a 60‑second lookup, not a 36‑hour delay.

7) Strategic Edge: Be Audit‑Ready by Design

• Leading indicators: time to decision, time to notify, percentage of incidents with complete evidence, and follow‑up closure within 5 days.
• Dashboards: site and shift comparisons to spot training needs and threshold confusion.
• Payment assurance alignment: link incident records to support delivery records to demonstrate service integrity.
• Third‑party assurance: periodic internal audits or peer reviews to validate consistency.

“Evidence of learning” looks like trends improving month‑on‑month, decisions documented, and actions closed—not just policies on a shelf.

8) Your Next Move

Schedule a 30‑minute “24‑hour rule” drill this week. Confirm the timeframe, responsible role and evidence required for three scenarios. Update your SOP, communicate changes to all staff, and set automated reminders for the 5‑day follow‑up. That single hour can prevent a compliance notice, protect your registration and reinforce trust with participants and families.

Related Links:

• NDIS Commission: Incident reporting, management and prevention (factsheet)
• NDIS: Invoicing and record‑keeping for providers
• NDIS: Safeguards and provider responsibilities

Recent Posts: