NDIS incident reporting exists to protect participants from fraudulent claims. It’s one of the most important compliance obligations you have as a registered provider, but it’s also one of the most confusing. You need to know which incidents require formal reporting to the Commission, which ones you handle internally, and how to meet strict timelines without missing deadlines or keeping inadequate records.
Here’s where it gets tricky. The NDIS Commission requires you to report six specific categories of serious incidents: death, serious injury, abuse or neglect, unlawful sexual or physical contact, sexual misconduct, and unauthorised restrictive practices. They must also fall within tight timeframes that start the moment you become aware of the incident. Miss a deadline, fail to report something that meets the threshold, or keep poor documentation, and you’re facing infringement notices, registration suspension, or enforcement action. Get it right, and you protect participants, build trust with families, and create evidence of your commitment to safety and compliance.
What Counts as a Reportable Incident?
NDIS incident reporting is a regulatory requirement that protects vulnerable people with disabilities and maintains the integrity of the NDIS scheme. When incidents occur, whether related to participant safety, worker conduct, or service delivery problems, providers have specific obligations to report serious incidents to the NDIS Quality and Safeguards Commission. The reporting framework distinguishes between incidents that must be reported to the Commission (reportable incidents), incidents that should be managed and documented internally (non-reportable incidents), and incidents that may be reportable depending on their severity or circumstances.
Understanding this distinction is foundational to compliance. Not every incident in a disability support organisation requires Commission notification. Many incidents are appropriately managed through internal processes, investigation, and corrective action. However, failing to report an incident that meets the reportable threshold constitutes a compliance breach that can trigger enforcement action.
The NDIS Commission has been clear that incident reporting is not punitive. The purpose is to identify systemic risks, support providers in improving service quality and safety, and ensure that vulnerable participants are protected. Providers who report incidents promptly, investigate thoroughly, and implement improvements demonstrate commitment to participant safety and compliance.
What Constitutes a Reportable Incident?
The NDIS scheme identifies six specific categories of reportable incidents. Understanding these categories and the threshold for reporting is essential for compliance.
The Six Categories of NDIS Incident Reporting You Need to Know
The six reportable incident categories are designed to capture incidents involving participant death, serious injury, abuse or neglect, unlawful sexual or physical contact, sexual misconduct, and unauthorised restrictive practices. Each category has specific definitions and thresholds that determine whether an incident meets the reportable standard.
|
NDIS Reportable Incident Category |
Description |
|---|---|
|
Death of a Person with Disability |
Any death of an NDIS participant connected to the delivery of supports or services is reportable and must generally be notified to the NDIS Commission within 24 hours. |
|
Serious Injury of a Person with Disability |
Injuries sustained during NDIS support delivery that result in hospitalisation, medical treatment, or potential long-term harm must be reported as serious injuries. |
|
Abuse or Neglect |
Any incident involving physical, psychological, emotional, or sexual abuse, or failure to provide adequate care or supervision that harms a participant, must be reported. |
|
Unlawful Sexual or Physical Contact and Assault |
Any unlawful sexual contact with a participant or physical assault connected to NDIS service delivery is a reportable incident and typically triggers investigation. |
|
Sexual Misconduct and Grooming |
Sexual misconduct or grooming behaviour toward a participant, including actions intended to build trust for sexual exploitation, must be reported to the Commission. |
|
Unauthorised Restrictive Practices |
The use of restrictive practices not included in an approved behaviour support plan or applied improperly constitutes a reportable incident. |
1. Death of a Person with Disability
The death of a participant is always reportable, regardless of circumstance. If a death occurs in connection with delivering NDIS supports or services, during support provision, at NDIS service locations, or related to NDIS-funded supports, the provider must report the death to the Commission. This includes deaths that appear unrelated to the disability or support provision, provided they occurred in connection with service delivery.
Deaths should be reported as soon as practical within 24 hours. If a participant dies unexpectedly or the cause of death is initially unclear, the provider should report the incident even if full details aren’t yet available and provide additional information as investigations progress.
2. Serious Injury of a Person with Disability
Serious injury is reportable when a participant sustains an injury in connection with receiving NDIS supports and the injury is classified as serious. The definition of “serious injury” is significant. NDIS considers injury serious if it results in hospitalisation, requires medical treatment, causes ongoing pain or disability, or creates a reasonable likelihood of serious long-term effects. Minor injuries such as small cuts, bruises, or sprains that don’t require medical intervention are generally not reportable.
Serious injuries must be reported within 24 hours of the incident occurring or becoming aware of the injury. Providers should not wait for medical assessment results before reporting. If an injury appears serious and meets the threshold, it should be reported promptly.
3. Abuse or Neglect
The abuse or neglect of a participant is reportable. Abuse encompasses physical abuse, psychological abuse, emotional abuse, and sexual abuse. Neglect includes failure to provide adequate care, supervision, or support that results in harm to the participant. Reported incidents of alleged abuse or neglect trigger thorough investigation by the NDIS Commission and may result in referral to law enforcement or child protection authorities if the participant is a minor.
Abuse or neglect incidents should be reported within 24 hours. If the incident is alleged rather than confirmed, it should still be reported. The Commission investigates alleged incidents even when abuse or neglect cannot yet be confirmed.
4. Unlawful Sexual or Physical Contact and Assault
Any unlawful sexual contact with a participant, or physical assault of a participant, is reportable. This category includes incidents involving workers or other people in connection with service delivery. Incidents should be reported immediately (within 24 hours) and are likely to result in Commission investigation and referral to law enforcement.
5. Sexual Misconduct and Grooming
Sexual misconduct committed against or in the presence of a participant, including grooming of a participant for sexual activity, is reportable. This category is broader than unlawful sexual contact and includes conduct that may not constitute a criminal offence but represents serious misconduct in the context of disability support. Grooming, the practice of building trust with a participant to facilitate sexual contact, is specifically called out as reportable conduct even if it hasn’t progressed to actual sexual contact.
6. Unauthorised Restrictive Practices
Restrictive practices are actions taken to restrict a person’s freedom of movement or normal activities with the intent of managing harmful behaviour. Examples include physical restraint, seclusion, or chemical restraint. Restrictive practices are only permissible when formally authorised. In many cases, they’re typically through a behaviour support plan approved by a qualified behaviour support practitioner and sanctioned by relevant authorities.
Unauthorised restrictive practices used without proper authorisation are reportable. If a worker uses a restrictive practice that isn’t included in the participant’s approved behaviour support plan, or if a restrictive practice is used inappropriately, this constitutes a reportable incident.
Distinguishing Reportable from Non-Reportable Incidents
Not every incident in a disability support organisation is reportable. Distinguishing between reportable and non-reportable incidents is critical for appropriate incident management.
The Threshold for Reporting
The key test for reportability is whether the incident involves one of the six reportable categories and meets the severity threshold. For example, a participant falling and experiencing a minor bruise is not a serious injury and is not reportable. However, the same participant falling and fracturing a bone requiring hospitalisation is a serious injury and is reportable. Similarly, a participant being upset with a worker is not abuse, but a worker using physical force to control a participant’s behaviour without authorisation is abuse and is reportable.
Incidents Managed Internally Only
Many incidents are appropriately managed through internal processes. Examples include minor injuries, complaints about service quality or staff conduct that don’t rise to the level of abuse, medication administration errors that don’t result in harm, near-misses or hazards identified before harm occurs, and worker disputes or interpersonal conflicts unrelated to participant care. These incidents should be documented, investigated internally, and corrective action taken, but they don’t require reporting to the Commission.
When in Doubt: Reporting Obligations
The NDIS Commission has made clear that providers should err on the side of reporting when uncertain whether an incident meets the reportable threshold. If a provider believes an incident might be reportable but is uncertain, the safe approach is to report it to the Commission. Reporting an incident that turns out not to be reportable doesn’t constitute a compliance breach. Conversely, failing to report an incident that should have been reported is a clear breach that can result in enforcement action.
Mandatory Reporting Timelines
The NDIS scheme establishes strict timelines for incident reporting, and missing these timelines constitutes a compliance breach.
24-Hour Reporting Requirements
Most serious incidents, e.g., deaths, serious injuries, abuse, assault, sexual misconduct, and unauthorised restrictive practices, must be reported to the NDIS Commission within 24 hours of the incident occurring or the provider becoming aware of it. This is a tight timeline that requires providers to have clear incident response procedures and designated staff responsible for NDIS incident reporting.
The 24-hour requirement is measured from when the provider becomes aware of the incident, not necessarily from when the incident occurred. For example, if a provider learns three days after an incident occurred that the incident meets the reportable threshold, the 24-hour clock starts from when the provider becomes aware, not from when the incident happened.
Five-Business-Day Reporting Requirements
Unauthorised restrictive practices are subject to a five-business-day reporting requirement rather than 24 hours. Providers must submit a formal incident report within five business days for unauthorised restrictive practices. This extended timeline provides providers with slightly more time to gather information and formally document unauthorised restrictive practice incidents.
Can Your Report Beyond the Initial Timeframe?
If a provider misses the initial reporting deadline, the incident should still be reported immediately upon realisation that reporting is required. While missing the deadline doesn’t excuse the provider from reporting, it may result in enforcement action or penalties. Providers should implement systems and procedures designed to ensure incidents are identified, assessed for reportability, and reported within the required timeframe.
How to Submit an NDIS Incident Report
Completing the Incident Report Form
The NDIS Commission provides a standardised incident report form that providers must complete and submit. The form requires specific information organised into sections: incident details (date, time, location), participant details, description of what occurred, people involved, actions taken, and any injuries or harm sustained.
Completing the form accurately and thoroughly is critical. Vague or incomplete forms may be rejected by the Commission, requiring resubmission. Conversely, comprehensive, detailed forms facilitate Commission investigation and demonstrate provider thoroughness.
Providing Required Information
The form requires specific information that providers should gather during their immediate incident response. Details include the following:
- full date and time the incident occurred (or when it was discovered)
- the participant’s name and NDIS plan number
- a detailed description of what occurred written in objective
- factual language, the names and roles of people involved
- whether the participant sustained any injuries and the nature of those injuries
- immediate actions taken to ensure participant safety
- whether police or emergency services were contacted
- what support was provided to the participant following the incident.
Providers should train staff on NDIS incident reporting requirements so that workers know to report incidents to management immediately upon occurrence, enabling prompt assessment and reporting to the Commission.
Submitting the Report to the NDIS Commission
The incident report form is submitted to the NDIS Quality and Safeguards Commission through their online portal. You can also send it via email to the designated reporting address. The Commission provides submission guidance on their website, and providers should ensure designated staff members understand the submission process and have access to the reporting system.
Provider Incident Management Systems
Beyond formal reporting to the Commission, providers must maintain comprehensive incident management systems that document incidents, investigate causes, implement corrective actions, and support continuous improvement.
Documentation and Record-Keeping Requirements
Providers must maintain detailed records of all incidents, reportable and non-reportable. Records should include the incident date and time, people involved, detailed description of what occurred, immediate actions taken, investigation findings, corrective actions implemented, and any follow-up monitoring or support provided. These records must be kept securely. Keep the access limited to authorised personnel, and retained for the periods specified in NDIS requirements (typically 5 to 10 years depending on incident severity).
Well-documented incident records demonstrate provider commitment to safety and provide evidence of appropriate incident management during quality audits. Conversely, poorly documented incidents or missing records during audits can result in audit findings and enforcement action.
Investigation and Response Processes
Following any incident, providers should conduct an investigation to understand what occurred and why. Investigations should be objective and thorough, examining not just the immediate incident but any systemic factors that contributed. Investigation findings should be documented, and corrective actions identified and implemented.
For serious incidents, providers may engage external investigators or specialists to conduct thorough, independent investigations. For less serious incidents, internal investigation may be appropriate, provided it’s conducted professionally and objectively.
Participant and Family Communication
Participants and their representatives must be informed promptly about incidents affecting them. Communication should be timely, honest, and compassionate. Providers should explain what occurred, what actions have been taken, and what support is available. Early, transparent communication helps maintain trust even when serious incidents occur.
Worker Support and Debriefing
Workers involved in or witnessing incidents often experience trauma or distress. Providers should offer support to affected workers, including debriefing, access to counselling or employee assistance programs, and opportunities to discuss the incident and processing. Supporting workers demonstrates duty of care and can prevent secondary trauma or disengagement.
How Auditors Review Your Incident Management
During quality audits, the NDIS Commission reviews provider incident management systems, including incident documentation, reporting compliance, and evidence of investigation and corrective action. Auditors examine whether all reportable incidents were reported within required timelines and assess the adequacy of non-reportable incident management.
Audit findings related to incident reporting can be significant. Missing incident reports, inadequate documentation, or failure to report within timelines can result in audit findings rated as non-compliance. Repeated findings or serious reporting failures can lead to enforcement action.
Providers should use audit findings as opportunities for system improvement. If audits identify gaps in incident identification, reporting, or documentation, providers should strengthen systems and training to prevent future issues.
Integrated Technology for Incident Management
Modern care management systems significantly enhance NDIS incident reporting compliance. Using NDIS provider software solutions, providers can record incidents, document investigations, track reporting timelines, and maintain audit-ready documentation. Integrated incident management features enable providers to ensure that all staff members understand incident reporting requirements. Help them report incidents promptly through connected systems.
Using rostering software and team collaboration features, providers can ensure that incident reports are captured systematically, relevant staff are notified, and investigations are tracked through to completion. Automated reminders help ensure reporting deadlines aren’t missed. Meanwhile, centralised incident documentation ensures all incident records are secure, accessible for audit purposes, and retained according to NDIS requirements.
Documentation management systems enable providers to attach investigation reports, corrective action plans, and follow-up evidence to incident records, creating comprehensive audit-ready incident files. Incident management is embedded in care management systems. As a result, providers can significantly reduce the risk of missed reporting deadlines or inadequate documentation.
FAQs About NDIS Incident Reporting
What is the difference between a reportable and non-reportable incident?
Reportable incidents fall into six specific categories: death, serious injury, abuse or neglect, unlawful sexual or physical contact, sexual misconduct, and unauthorised restrictive practices. Non-reportable incidents include minor injuries, minor complaints, and incidents that don’t meet the severity threshold. When in doubt, report to the NDIS Commission. Reporting an incident that isn’t reportable isn’t a breach, but failing to report one that is constitutes non-compliance.
What is the timeline for reporting incidents to the NDIS Commission?
Most reportable incidents must be reported within 24 hours of the incident occurring or the provider becoming aware of it. Unauthorised restrictive practices must be reported within 5 business days. The 24-hour clock starts when the provider becomes aware of the incident, not necessarily when the incident occurred.
What should we do if we miss an NDIS incident reporting deadline?
Report the incident immediately upon realisation that it should have been reported. While missing the deadline may result in enforcement action, continuing not to report constitutes ongoing non-compliance. Providers should implement systems to prevent future deadline misses, including staff training and automated incident reporting systems.
Support NDIS Incident Reporting Compliance Without Adding Admin Work
You need to know the six reportable categories, meet strict timelines, and maintain documentation that holds up under audit. When you’re unsure whether something’s reportable, default to reporting it. ShiftCare helps you manage NDIS incident reporting without the extra admin burden. You won’t have to worry about manually tracking incidents, documenting investigations, meeting deadlines, and maintaining audit-ready records.
Start your free trial today. See how ShiftCare simplifies compliance so you can focus on delivering quality care services.
