Information Management: NDIS Provider Governance and Operational Management
Published: 23 August 2021
Providers of National Disability Insurance Scheme (NDIS) services must ensure that NDIS participants’ information is collected, stored and disclosed appropriately and in a way that respects their privacy and confidentiality.
What is Health Information?
The term health information refers to any information regarding a person’s health or disability, and any information that relates to a health service they have received or will receive (Better Health Channel 2015).
What is Information Management?
Information management involves obtaining, analysing and protecting health information in both digital and handwritten forms (AHIMA n.d.).
According to the International Organization for Standardization, the steps of effective information management are:
Establishing an ‘Inventory of Information Assets’ that keeps track of:
Every location where information is stored, processed or accessible, such as:
The owners of this information.
Collecting and classifying information in accordance with a classification system
Labelling all information
Handling information in a secure way depending on its classification type, according to the organisation’s policies and procedures.
Information Management Tips
The top 10 administrative record-keeping tips, as listed by the Australian Department of Health (2021), are:
Planning what processes are needed for information to be effectively maintained, and determining how these processes can be achieved
Collecting and storing information consistently and ensuring that all workers follow the same policies and procedures
Clearly communicating expectations to workers and ensuring they understand the relevant policies and procedures
Providing appropriate staff training
Appropriately allocating the resources (e.g. workers and physical resources) needed in order to manage information
Modifying the information management system if a more efficient method arises
Embracing new technology that may improve efficiency
Delegating information management responsibilities to appropriate workers
Being aware of responsibilities and obligations, such as what to record, how to maintain records and how long records should be kept
Reviewing the information management system and seeking feedback from workers in order to facilitate continuous improvement.
Information Management in the NDIS Practice Standards
This Practice Standard aims to ensure that providers manage health information in a way that ensures it is identifiable, accurately recorded, up-to-date and confidential. Furthermore, this information should be easily accessed by participants and appropriately used in the delivery of supports (NDIS 2020).
NDIS providers must meet the following quality indicators:
Providers must obtain consent from participants before obtaining, using, retaining or disclosing their information. Participants should be informed about situations in which their information could be disclosed, including without consent if required by law
Participants should be informed about:
How their information is being stored and used
When and how they can access or change their information
When and how they can revoke or change their prior consent
Providers maintain an information management system that is relevant and proportionate to the size and scale of the organisation and records participant information accurately and in a timely manner
Providers store documents with appropriate use, access, transfer, storage, security, retrieval, retention, destruction and disposal processes. These processes must be relevant and proportionate to the scope and complexity of the supports being delivered.
NDIS participants, or a nominated individual, can make the decision to give the provider access to the participant’s health records or to withhold them.
While this is optional, giving workers access to this information will help them to provide the best care possible. However, workers are required to protect participants’ privacy and confidentiality (Better Health Channel 2015).
Note: a person always maintains a right to access their own medical records.
The NDIS and NDIS providers may collect and access participants’ health information, as well as other personal information if it is ‘reasonably necessary’ for them to do so in order to perform their role. This information might include:
Name, contact details, date of birth and age
Health details (e.g. physical health, mental health, any disabilities)
Names, contact details and addresses of guardians and nominees
Centrelink Customer Reference Number (CRN)
Feedback or complaints about services
Recording Health Information
The recording of progress notes and other information is crucial to the delivery of high-quality supports (Sinor 2020).
Effectively documenting information helps to:
Improve the efficiency of operations
Maintain the security of confidential information
Support staff to work more effectively
Increase staff retention
Improve business continuity
Measure progress towards the participant’s goals
Provide a record of events that have occurred during an appointment or shift
Ensure members of the care team can identify, communicate and coordinate around the participant’s needs
Provide evidence that supports are being delivered properly and the participant is being appropriately cared for.
When recording progress notes, clinical records, reports or planning documents, workers should:
If writing by hand:
Ensure that writing is legible
Use a pen rather than a pencil
Correct errors by ruling a line through the mistake, writing the correction and initialling the change. The original entry should still be readable. Avoid erasing or using whiteout
Ensure that observations and actions are documented accurately and the facts of the situation are clearly stated
Use familiar and comfortable language and avoid technical jargon
Record information as completely and concisely as possible, ensuring that documentation is brief, simple and direct
Prioritise quality over quantity; avoid ‘padding’ and exaggerations
Ensure observations, events and conversations are recorded as soon as possible after they occur so that entries are as complete and accurate as possible
Ensure all entries are signed and labelled with the correct date and time
Follow their organisation’s policies and procedures on date and time format, use of initials, position designations and other identifiers
Ensure that participants’ records are easily distinguishable
Ensure they have the correct participant’s record before making an entry, especially when documenting healthcare or medicines
Check previous entries and progress notes to ensure continuity and coordination in supports
Only use abbreviations that are listed in organisational guidelines.
In some cases, the NDIS might need to disclose a participant’s personal information. Where possible, this information will be de-identified before disclosure. Examples of when disclosure may occur include:
The participant consenting to have their information disclosed
The NDIS referring a participant to an external provider
Disclosure being necessary in order to deliver the NDIS
Disclosure being required under law
Disclosure being necessary in order to prevent or reduce a serious and immediate threat to someone’s life
Disclosure being necessary in order to prevent or reduce a threat to public safety
Disclosure being required as part of an internal complaints investigation
The NDIS engaging a contractor that requires personal information in order to perform required services
Data sharing or data integration with Australian Government agencies.
Laws may differ by State and there are certain exemptions that may apply in law enforcement situations and in a court of law. Keep in mind, health information privacy laws only apply rights to people who are living (Better Health Channel 2015).