NDIS Reporting Requirements: What You Need to Know

If you're a provider, knowing the NDIS reporting requirements is essential to protecting your company from non-compliance penalties.

In March 2023, NDIS provider Mirrors Care came under scrutiny after an incident between a client in their care and his elderly neighbor. The client, who is non-verbal and has “severe behavioral issues,” left his private care home, broke into the home of an 80-year-old woman and struck her. “It’s not the patients’ fault; the care that they’re subjected to is not nearly enough,” said the woman, expressing her belief that Mirrors Care employees were not adequately trained in providing support to their clients.

As a provider, you always want to do everything within your power to prevent harm to your clients and others. The way you handle incidents like this can impact the people you serve, your NDIS funding, your reputation as a company and the community at large. This article outlines what types of incidents should be reported to the NDIS, how and when to report them and how a case management solution like Case IQ can make the process easier.


What is an NDIS reportable incident?

According to the NDIS, an “act or event needs to have happened (or be alleged to have happened) in connection with the provision of supports or services” in order to be deemed reportable

This means the incident must have occurred between the provider and the client at some point in the care process. But if a physical altercation takes place between a provider and client who also happen to be family members or friends outside of the caregiving context, for example, that incident would not need to be reported to the NDIS.

NDIS reportable incidents include:

  • Death
  • Serious injury
  • Abuse or neglect
  • Unlawful sexual or physical contact or assault
  • Sexual misconduct done either to or in the presence of the client (e.g. sexual comments or joke, flirting, excessive physical touching)
  • “Use of a restrictive practice . . .where the use is not in accordance with an authorisation (however described) of a state or territory in relation to the person, or if it is used according to that authorisation but not in accordance with a behaviour support plan for the person.”


In short, if one of these incidents occurs while one of your employees is providing services to a client, you’re required to report it to the NDIS. In the next section, you’ll learn how and when to report to stay NDIS compliant.


How do I notify the NDIS commission?

When an incident occurs, you need to work quickly. Reporting an incident in a timely fashion protects both the client and your organization. NDIS requires providers to report any of the above incidents “within 24 hours of key personnel becoming aware” of it. There is an exception for the use of unauthorized restrictive practices, which must be reported within five business days.

But how do you submit these reports? As soon as possible, submit an Immediate Notification Form via the NDIS providers portal. This form asks you to provide details of the incident, including when and where it happened, who was involved and actions taken in response.

The NDIS might also ask you to complete a final report through their portal if they want further details on the incident. In this document, you’ll need to provide information on the outcome of your internal investigation, including:

  • Supporting documents
  • How you reached your conclusion
  • How you resolved/managed the incident
  • Plans to prevent similar incidents in the future


If you’re unable to access the portal for any reason, you can report an incident to your state’s or territory’s Reportable Incidents Team via email. You’ll find the complete list of email addresses on the NDIS website.

Want to learn how case management software can help you comply with reporting requirements?

Download our free Buyer's Guide.

Get the Guide

How Case IQ Can Help

Case IQ makes recording and tracking NDIS-reportable incidents easier and faster.

With a web-based application that’s accessible on any device with an internet connection, your team can record incidents in your Case IQ system from anywhere, at any time. This ensures team members won’t forget key details before they can get back to the office, and helps ensure compliance with the 24-hour notification requirement.

Case IQ realizes there’s no such thing as a one-size-fits-all approach to software. You need the flexibility to configure fields and workflows to meet your organization’s specific requirements, so you can be sure that all of the information you need is captured at the outset.

Beyond merely complying with NDIS reporting requirements, it’s crucial that you also keep track of all incident data. Case IQ’s BI tool uses this data to help you visualize trends in incident types, locations and more, giving you clear guidance on appropriate corrective and preventive measures.

Another point to keep in mind – protecting clients’ sensitive data is important both for compliance and for your reputation as a provider. Case IQ’s secure, centralized platform keeps all case information in one place, reducing the risk that data falls into the wrong hands. You can even set access rules by user, role and case to maximize privacy protection.

Learn more about how Case IQ’s modern case management solution can help you classify and report incidents and improve compliance here.