Blog

NDIS Complaint and Incident Management: Your Practical Guide

Complaint and incident management is not just about compliance; it is the foundation of safe, high-quality support for NDIS participants. For operational leaders and compliance managers, building a robust system protects participants, supports workers, and ensures your organisation meets its obligations to the NDIS Quality and Safeguards Commission. A strong framework demonstrates your investment to continuous improvement and builds trust with the people you support.

This blog provides a clear, practical roadmap to mastering NDIS complaint and incident management. We will break down key definitions, reporting timelines, and best-practice workflows. You will gain clarity on documentation, roles, and how to prepare for audits, empowering you to lead with confidence.

A well-handled complaint can nurture a relationship with a participant, while a properly managed incident prevents future harm. The NDIS Commission places a strong emphasis on these systems because they are direct indicators of a provider’s ability to safeguard participants and respond to their needs.

Getting this right assists you:

  • Protect Participants: Identify and mitigate risks to ensure participant safety and well-being.
  • Meet Legal Obligations: Comply with the NDIS Practice Standards and avoid regulatory action.
  • Improve Service Quality: Use feedback and incident data as powerful tools for continuous improvement.
  • Build Trust: Show participants, their families, and your staff that you are transparent, responsive, and committed to quality.

Why Complaint and Incident Management Matters

Understanding the language of the NDIS Commission is the first step. While related, complaints and incidents are distinct events with different handling requirements.

Complaint: Any expression of dissatisfaction about a support or service provided (or not provided). A complaint can come from a participant, their family, a carer, or another advocate. It can be formal or informal, verbal or written.

Incident: An act, omission, or event that results in harm (or the risk of harm) to a participant during the provision of support.

Reportable Incident: A specific subset of serious incidents that registered NDIS providers are legally required to notify the NDIS Commission about. The categories are clearly defined:

  • Death of a Person with a Disability: The death of a participant in connection with NDIS supports.
  • Serious Injury: A significant injury that requires assessment or treatment from a registered health practitioner.
  • Abuse or Neglect: Any act of violence, abuse, neglect, or exploitation.
  • Unlawful Sexual or Physical Contact: Any non-consensual sexual activity or physical contact, or any sexual activity with a child or young person.
  • Sexual Misconduct: Inappropriate sexual conduct committed by a worker, including grooming or sexual harassment.
  • Unauthorised Use of a Restrictive Practice: Using a restrictive practice without authorisation or not in line with a behaviour support plan.

Key Definitions: Complaint vs. Incident

The NDIS Commission mandates strict timeframes for reporting incidents. Failure to comply can result in serious penalties.

  • Immediate Reporting (within 24 hours): All Reportable Incidents must be notified to the NDIS Commission via the NDIS Portal within 24 hours of key personnel becoming aware of the event. This includes deaths, serious injuries, abuse, unlawful contact, and unauthorised restrictive practices.
  • 5 Business Days: After the initial notification, a more detailed “5-day report” is often required. This report provides further context, details of the investigation, and the actions taken to support the participant and prevent recurrence.
  • Unauthorised Restrictive Practices (within 5 business days): While still a Reportable Incident, the Commission has different initial reporting timelines for certain unauthorised restrictive practices if they are not causing immediate harm. However, best practice is to report as soon as possible and always within the required window.

Regulatory Obligations and Reporting Timeframes

A transparent and accessible complaints process is a core NDIS requirement. Your framework should be easy for participants to use and for staff to follow.

  1. Intake: Receive the complaint through multiple channels (phone, email, in-person, feedback form). Ensure the process is accessible.
  2. Acknowledge: Contact the complainant within 24 hours to confirm you have received their complaint and outline the next steps.
  3. Triage: Assess the complaint’s urgency and severity. Is it a simple misunderstanding or a serious allegation that could also be a Reportable Incident?
  4. Investigate: Gather information objectively. Speak with the relevant parties, review records, and document all findings.
  5. Resolve: Propose a fair and reasonable resolution. This could be an apology, a change in service, a refund, or staff training.
  6. Feedback & Appeal: Inform the complainant of the outcome and the reasons for your decision. Clearly explain their right to appeal the decision internally or escalate it to an external body like the NDIS Commission.

A Best-Practice Complaint Management Framework

When an incident occurs, your priority is the safety of the participant. A clear, rehearsed process ensures a calm and effective response.

  1. Immediate Safety: Your first priority is always the health, safety, and well-being of the participant. Provide first aid, contact emergency services if needed, and ensure they feel safe and supported.
  2. Notification: Immediately notify the designated person within your organisation (e.g., Incident Manager, Team Leader). This person is responsible for assessing if it is a Reportable Incident.
  3. Report to Commission (if required): If the incident meets the definition of a Reportable Incident, submit the notification via the NDIS Portal within 24 hours.
  4. Investigate: Conduct a thorough investigation to understand what happened, why it happened, and what can be done to prevent it from happening again.
  5. Corrective Actions: Implement actions to fix the immediate problem and prevent recurrence. This might involve staff training, policy updates, or environmental changes.
  6. Debrief and Support: Provide support to the affected participant and any staff involved. A debrief can help process the event and identify further opportunities for improvement.
  7. Continuous Improvement: Analyse incident data over time to identify trends and proactively address systemic risks.

An Effective Incident Management Framework

“If it’s not written down, it didn’t happen.” Meticulous record-keeping is your proof of compliance and due diligence.

What to Capture:

  • For Complaints: Complainant’s details, date received, nature of the complaint, steps taken to investigate, all communication, the final outcome, and the complainant’s satisfaction with the outcome.
  • For Incidents: Date, time, and location; people involved (participant, staff, witnesses); a factual description of the event; immediate actions taken to ensure safety; all notifications made (internal and to the Commission); investigation findings; and corrective actions implemented.

Where to Store It: Use a secure, centralised system like a Client Management System (CMS) or a dedicated incident register. Records must be confidential, accurate, and easily accessible for audits. Records must be kept for 7 years.

Documentation and Record-Keeping

Everyone in your organisation has a role in safeguarding participants.

  • Support Workers: Are the first line of defence. They must identify and respond to incidents, support participants, and report events to their supervisor immediately.
  • Team Leaders/Supervisors: Provide immediate guidance to workers, ensure participant safety, and escalate information to the incident manager.
  • Incident Manager/Compliance Officer: The central point for managing the incident process, assessing if an incident is reportable, and ensuring all regulatory obligations are met.
  • The ‘Responsible Person’ (e.g., CEO/Director): Ultimately accountable for the organisation’s compliance and for fostering a culture of safety and transparency.

Roles and Responsibilities

Simply closing an incident report is not enough. To prevent recurrence, you must understand the underlying cause. RCA techniques help you move beyond “who did it” to “why it happened.” Ask the “Five Whys.” For example:

  • Problem: A participant missed their medication.
  • Why? The support worker didn’t administer it.
  • Why? It wasn’t listed on the daily run sheet.
  • Why? The new medication schedule wasn’t updated in the system.
  • Why? The person who received the schedule was on leave and there was no handover process.
  • Why? (Root Cause): Our process for updating participant information relies on a single person and lacks a backup system.

Corrective Action: Implement a new process where all critical participant updates must be confirmed by a second staff member.

The Power of Root Cause Analysis (RCA)

Your policies are only as good as the people implementing them. Regular, practical training is essential for all staff on identifying, responding to, and reporting complaints and incidents.

Crucially, you must foster a “no-blame” culture. Staff must feel safe to report incidents and near-misses without fear of punishment. When people hide mistakes, you lose valuable opportunities to learn and improve. Frame incident reporting as a positive contribution to safety and quality.

Training and a 'No-Blame' Culture

  • Pitfall: Under-reporting due to fear or lack of clarity.
    • Solution: Provide regular training and promote a no-blame culture.
  • Pitfall: Missing the 24-hour reporting deadline.
    • Solution: Have a clear on-call system and ensure multiple people are trained to use the NDIS Portal.
  • Pitfall: Poor documentation that lacks detail.
    • Solution: Use structured forms and templates to guide staff on what information to capture.
  • Pitfall: Failing to “close the loop” with complainants.
    • Solution: Implement a tracking system to ensure every complaint is followed up with a formal outcome.

Common Pitfalls and How to Avoid Them

An auditor will want to see evidence of a living, breathing system.

  • Are your Complaint and Incident Management policies up-to-date and accessible?
  • Can you provide a register of all complaints and incidents?
  • Does your documentation show evidence of timely reporting, thorough investigation, and corrective actions?
  • Can you show evidence of staff training on these policies?
  • Is there evidence that your leadership team reviews incident and complaint data to drive improvement?
  • Is information about how to make a complaint readily available and accessible to all participants?

Your Audit-Ready Checklist

You don’t need to start from scratch. Consider using:

  • Incident Report Forms: A structured template ensures all necessary information is captured consistently.
  • Complaint Register: A spreadsheet or database to log and track all complaints from intake to resolution.
  • Investigation Plan Template: A simple document to outline the scope, method, and timeline for investigating a serious event.

Helpful Templates and Tools

FAQ

You must follow both processes. Manage the complaint by communicating with the complainant while also meeting your reporting obligations to the NDIS Commission for the incident.

A ‘near miss’ is an event that could have resulted in harm but didn’t. While not reportable, these should absolutely be recorded and investigated internally as they are free lessons in risk prevention.

Yes. All expressions of dissatisfaction, regardless of format, should be logged in your complaints system.

Mastering NDIS complaint and incident management moves your organisation beyond a culture of compliance to one of genuine continuous improvement. It places participant safety and voice at the heart of everything you do. By implementing clear processes, providing robust training, and fostering a culture of transparency, you build a resilient organisation that delivers the highest standard of care.

Don’t wait for an incident to test your system. Take action now. Review your policies against this guide and schedule a drill with your team to walk through a mock incident. Preparedness is the key to excellence.

To find out more about NDIS Complaint, contact us Today

Conclusion: From Compliance to Continuous Improvement