Version: 7

Published: 18 October 2022, 4:38 PM

Last edited: 29 September 2022, 4:04 PM


Approved: 18 October 2022, Ben Barrie, Chief Governance Officer

Next review: 17 December 2023



An incident at Humanity Health Group is any of the following:

  1. a conflict of interest,
  2. contraction of Covid, or being a close contact,
  3. a clinical incident* (usually related to Participant),
  4. a safety incident (usually related to Staff),
  5. a privacy or data incident,
  6. unethical behaviour,
  7. a natural disaster,
  8. legal action against the business,
  9. a complaint,
  10. anything illegal,
  11. anything that results in notification of a regulator by us or another entity, and
  12. anything which deviates from standard policy or procedure that did, or could have created risk for a customer, client, staff member or the business.

* A clinical incident should be entered into the system in one of these scenarios:

  1. there has been an adverse event related to, or which happened during, prior to or immediately after our intervention
  2. there has been an event which resulted in engagement of an Emergency Services
  3. there has been a suicide attempt which occurred after we commenced services


Note that internal reporting requirements requirements do not replace legislated reporting requirements. External agencies which may need to be notified as a priority include the police, child protection agencies, the NDIS commission, the Office of Australian Information Commission.


If the incident involves an NDIS participant, the participant has the right to (and must be supported to) access an advocate at any step of this process, if they wish.

Policies relevant to this process

  • Anti Bribery, Laundering and Corruption
  • Child safe
  • Incident management


Identify incident and take immediate action

1. Identify incident and take immediate action

Take any immediate actions that are required to ensure that everyone is safe and well. This may include:

  • attending to injuries
  • undertaking first aid
  • calling emergency services (000)
  • moving participants, clients or staff out of harm’s way
  • managing any immediate risks (e.g. immediately removing a person with Covid from contact with others)
  • Meet clinical reporting requirements such as reporting of child protection matters

Step performed by Staff Member

Policies relevant to this step:

  • Incident management
  • Reporting incidents


Escalate serious or covid related incidents (step 2)

2. Escalate serious or covid related incidents

All reportable incidents must be escalated to a senior line manager within your business unit such as a State Manager / ANOM

/ NOM / CEO to direct the immediate incident response.

External Notification Guidelines:

Incidents that represent a risk of harm to children must be escalated via State / Territory specific child protection authorities. Read the Child Family Community Australia Resource Sheet to be directed to the correct notification pathway.

Under Work Health and Safety Legislation Death, Serious Injury or Dangerous Incidents must be notified according to Safe Work Australia’s Incident Notification Information Sheet.

A data breach, where there is a serious risk of harm to the persons affected by the data breach, must be reported to the Office of the Australian Information Commissioner (OAIC).


NDIS External Notification Guidelines:

The NDIS Commission must be notified of all reportable incidents (including alleged reportable incidents) that occur (or are alleged to have occurred) in connection with the provision of NDIS supports or services we deliver. Reportable Incidents in the

NDIS are defined as any of the following:

  • the death of a participant while being supported
  • a serious injury of a worker while on duty, or a participant while being supported
  • abuse or neglect of a participant while being supported
  • unlawful sexual or physical contact with, or assault of, a participant while being supported, or a worker while on duty
  • sexual misconduct committed against, or in the presence of, a participant while being supported, including grooming of
  • the person for sexual activity
  • unauthorised use of a restrictive practice in relation to a participant
  • any discrimination, bullying or harassment of a participant while being supported, or a worker while on duty
  • a data breach or breach of privacy and confidentiality which poses a serious risk to the individuals affected as a result of the breach.

If the reportable incident occurred in connection with services of another Provider we should seek confirmation from that Provider that they have notified the NDIS. If that other Provider does not notify the NDIS of the incident then we will make a complaint to the NDIS.

Likewise we will complain about the Provider if they do not agree to take actions to ensure the safety of the Participant. An example of when we might complain about another Provider is if a Participant complains of sexual assault by a Support Worker and the Provider does not remove the access of the alleged perpetrator from the Participant.

Link to NDIS Commission Guidance.


Documentation of External Notifications:

External notifications, or confirmation that another Provider has made a Notification, must be documented on the case file.

Step performed by Staff Member

Policies relevant to this step:

  • Incident management
  • Responsibilities of key management personnel.



Submit incident (step 3)

3. Submit incident

Record the following details about the incident in Humanity’s incident management system:

  • who reported the incident
  • the type of incident
  • the incident time and date
  • the business unit
  • location of the incident
  • a brief summary and a description of the incident
  • contributing factors to the incident
  • name of any employees involved
  • the name and contact details of witnesses or other relevant parties

Save and submit the incident to your line manager.

Step performed by Staff Member

Policies relevant to this step

  • Incident management
  • Responsibilities of workers
  • Organisational responsibilities when responding to incidents


Investigate incident (step 4)

4. Investigate incident

An investigation fitting with the scope and nature of the risk should be carried out.

If the incident relates to a standard clinical response such as the completion of a self harm risk assessment the investigation might be to call the clinician who conducted the investigation and to talk through the findings and the mitigation strategy to be confident that our response to the incident meets clinical expectations and standards. This might be conducted by the Direct Manager or State Manager or ANOM.

If the incident relates to a serious clinical incident, such as the death of a participant or client, then a comprehensive investigation shall be carried out. This might be conducted by the CGO or his delegate such as the Risk Officer or Privacy Officer (if the incident related to a privacy matter) or an external investigator.

System Documentation

Within this step of the incident management system the investigator documents:

  1. Whether the incident is notifiable
  2. If the incident is notifiable confirm that the Clinician has made the necessary notification (eg. a child protection matter) or escalate to the relevant internal party to facilitate any business level notifications (eg. Unauthorised Restrictive Practices to ANOM / NOM; Privacy issues to Privacy Officer; WHS issues to Risk Officer)
  3. Complete the Risk Assessment ratings – consequence vs likelihood
  4. Document who the staff member consulted with to manage the incident
  5. Document and or arrange EAP or debrief support either already accessed or required
  6. Document Interim Measures Taken – immediate control strategies that go beyond the initial response, such as ceasing services temporarily

Comprehensive Investigations

An investigation involves the planned and systematic gathering and analysis of all relevant facts through obtaining evidence by interviewing witnesses, examining documentation, skilled observation and obtaining expert opinion. An investigation into alleged worker to participant incidents or unexplained injuries must be person centred.

The investigation report should include:

  • a description of the matter investigated
  • details about the investigation methodology, e.g. documented evidence reviewed, witnesses interviewed
  • summary of evidence gathered and /or chronology of events
  • summary of key regulatory guidelines relevant to the incident
  • conclusions and findings based on the salient evidence.

Refer to the Investigate incident process for more details.

  • Step performed by Direct Manager, consulting with Assistant National Operations Manager, Brand CEO, CGO, National Operations Manager, Privacy Officer, Risk Officer, State Manager


Resolve incident (step 5)

5. Resolve incident

Resolving an incident involves addressing any underlying patterns or causes of the incident and implementing improvements to the service to minimise reoccurrence of similar incidents.

System Documentation

At this stage the system prompts documentation of

  1. a root cause category and description
  2. lessons learnt
  3. corrective actions


Communicating to key stakeholders

Provide appropriate feedback to all parties of the outcome of the investigation and the resolution while keeping in mind confidentiality and privacy requirements.

Provide participants or clients, their family, and advocate (if involved), opportunities to provide feedback on the response, investigation (if a formal investigation was carried out) and resolution.

Verifying or carrying out notification

If the incident is a notifiable data breach, urgent remedial action is required and affected persons notified.

If there is the requirement for Child Protection or Police notification this should be verified as having occurred or be facilitated.

If there is the requirement for NDIS notification to (eg. for Covid cases) or NDIS complaint (eg. unauthorised restrictive practice without appropriate remediation and reporting by the implementing provider)

Step performed by Direct Manager


Review of incident and Company Risk Register (step 6)

6. Review of incident and Company Risk Register

Review the incident by examining the incident from start to finish, analysing the investigation report (if a formal investigation was carried out), and reviewing response and feedback.

Improvements or corrections can now be made to ensure a similar incident does not occur again. These may include:

  • ¬†additional training of workers
  • better supervision of workers
  • changes to routines or rosters within a service
  • reviewing and refining support plans for certain participants
  • improving information security (if the incident was a data breach).

Where these corrective actions have been facilitated they will be documented in the Risk Register.

Where these corrective actions are required, and not yet carried out, they should be entered as a Corrective Action and/or Assigned as a project.

System Documentation:

At this stage the system prompts identification of:

  1. Risks involved (from the predetermined Risk Register list)
  2. Whether the Risk Register has been reviewed
  3. The Risk Register Category
  4. The outcome of the Risk Register review (where corrective actions that have been implemented can be documented)
  5. Corrective Actions where these are required

Step performed by Risk Officer, consulting with Privacy Officer




Your Privacy

We use cookies to offer you a better experience and analyse site traffic. By continuing to use this website you consent to the use of cookies in accordance with our {{Privacy Policy}}.

Chat with us
Request a call back

Request a call back