NDIS Risk Assessment: The Dual Compliance Challenge
NDIS service providers operate under a dual compliance framework that is unique among Australian industries: they must simultaneously meet their obligations under Work Health and Safety law — which requires them to protect their workers — and their obligations under the NDIS Quality and Safeguards Commission's Practice Standards — which require them to protect the participants they support. These two frameworks overlap, interact, and sometimes create tensions that a generic workplace risk assessment cannot adequately address.
A risk assessment for an NDIS provider is not simply a workplace hazard identification exercise. It must assess risks to participants — including risks arising from the participant's specific disability, health conditions, behaviour support needs, medication interactions, and living environment — as well as risks to the workers providing support. It must be consistent with the participant's NDIS Plan and their individualised support plan. And it must be reviewed and updated as the participant's circumstances, support needs, and health status change over time.
The consequences of inadequate risk management in NDIS services are severe. Participants in disability support services are among the most vulnerable members of the Australian community. Incidents including falls, medication errors, restraint injuries, choking, aspiration, and abuse by workers or other participants have caused deaths and serious harm to NDIS participants. These incidents are subject to mandatory reporting to the NDIS Quality and Safeguards Commission and may result in registration bans, prosecution under the NDIS Act, or concurrent prosecution under WHS legislation.
At the same time, workers providing disability support services — particularly those delivering high-intensity supports such as complex bowel care, tracheostomy management, enteral feeding, and manual patient transfers — face significant occupational health risks. Back injury from manual patient handling, psychological injury from exposure to challenging behaviours, and infectious disease exposure are among the highest-incidence workers' compensation claim categories in the disability services sector.
A CIH-reviewed NDIS risk assessment bridges both frameworks: it assesses participant risks in a manner consistent with the NDIS Practice Standards and it assesses worker risks in a manner consistent with the WHS Act and WHS Regulation.
NDIS Practice Standards: Risk Assessment Requirements
The NDIS Quality and Safeguards Commission administers the NDIS Practice Standards, which set the minimum quality and safety requirements for registered NDIS providers. Risk assessment is a pervasive requirement throughout the Practice Standards, appearing in multiple modules.
**Core Module — Provision of Supports:** The Core Module requires registered providers to assess and manage risks to participants from the supports provided. This includes identifying risks arising from the participant's specific support needs, their environment, and the interaction between supports provided by multiple providers. Providers must document their risk assessments and make them accessible to relevant workers.
**Core Module — Support Provision Environment:** Providers must identify and manage risks to the health and safety of participants arising from the environment in which supports are provided — including the participant's home, community settings, shared living arrangements, and day programs. This includes risks from the physical environment (falls, fire, inadequate sanitation) and from the social environment (interactions with other participants, visitors, and household members).
**High Intensity Supports Module:** Providers delivering high-intensity daily activity supports — complex bowel care, subcutaneous injections, urinary catheter management, tracheostomy management, enteral feeding, ventilation management, and complex wound management — must have specific risk management procedures for each type of support. These procedures must be developed by a health practitioner, documented, and followed by workers who have been assessed as competent to deliver the support.
**Behaviour Support Module:** Providers implementing behaviour support plans — including plans that involve regulated restrictive practices — must conduct risk assessments that identify the risks associated with the participant's behaviours and the proposed strategies for managing those behaviours. The risk assessment must consider the impact of proposed strategies on the participant's rights, dignity, and wellbeing, as well as the physical safety of the participant and support workers.
**NDIS (Incident Management and Reportable Incidents) Rules:** The NDIS Incident Management Rules require providers to have a written incident management system. The risk assessment is the foundation of this system: it identifies the scenarios that constitute foreseeable incidents, determines the controls that should prevent those incidents, and establishes the reporting and response procedures when incidents occur despite the controls.
Non-compliance with the Practice Standards can result in compliance notices, sanctions, and deregistration. The NDIS Commission has the power to impose conditions on a provider's registration, suspend registration, or ban individuals from working as NDIS supports.
Worker Safety in Disability Support: WHS Obligations
In addition to their obligations under the NDIS Practice Standards, registered NDIS providers are PCBUs under the WHS Act and have the same worker safety obligations as any other employer. The specific hazards most prevalent in disability support work are as follows.
**Manual patient handling.** Personal care workers, support workers providing community access, and workers in residential settings perform frequent patient transfers — repositioning, bed-to-chair transfers, bathroom assistance — that impose significant spinal loads. The disability services sector has among the highest rates of manual handling-related workers' compensation claims in Australia. The WHS Regulation and the Hazardous Manual Tasks Code of Practice require PCBUs to assess and control manual handling risks. For NDIS providers, this means assessing the transfer needs of each participant, determining the appropriate mechanical aids required, and ensuring those aids are available in the participant's home or care setting.
**Challenging behaviours.** Workers providing supports to participants with autism spectrum disorder, acquired brain injury, intellectual disability, or mental health conditions may be exposed to physical aggression — hitting, biting, kicking, scratching — as well as verbal aggression and psychological distress. The WHS Regulation requires PCBUs to manage risks from hazardous situations arising from the work, including the risk of physical and psychological injury from challenging behaviours. A risk assessment must identify participants whose behaviour presents a risk to workers, document the known triggers and de-escalation strategies, and specify the supports and procedures workers should follow when challenging behaviours occur.
**Lone working.** Support workers providing in-home, community, and overnight support frequently work alone — without a colleague or supervisor present who could assist if an emergency occurred. Lone working increases the risk of delayed response to emergencies and the risk of harm from participant behaviours. The WHS Regulation requires PCBUs to manage the risks of working alone or in isolation. For NDIS providers, this means establishing check-in procedures, providing personal duress alarms or mobile devices with GPS capability, and ensuring workers know how to contact emergency services.
**Psychological and emotional demands.** Disability support work involves sustained emotional labour — supporting participants experiencing grief, pain, behavioural crises, and end-of-life situations. The WHS Regulation's 2025 amendments include specific provisions for managing psychosocial hazards, including the emotional demands of work. NDIS providers must assess and control the psychosocial risks associated with their workers' roles.
**Infectious disease exposure.** Workers providing personal care — particularly those delivering high-intensity supports involving wound care, catheter management, or bowel care — are exposed to blood-borne pathogen, enteric pathogen, and respiratory pathogen risks. The risk assessment must identify the infection control procedures required and ensure workers are trained in and compliant with those procedures.
Participant-Centred Risk Assessment: Key Components
A participant-centred risk assessment is a structured evaluation of the specific risks to a participant arising from their support needs, health status, living environment, and the support services being provided. It is distinct from a general workplace risk assessment in that the focus is the wellbeing of the participant, not only the safety of the worker — though both must be addressed.
**Participant profile.** The assessment must document the participant's age, primary disability, secondary health conditions, communication method, mobility status, medication regime, and any other factors relevant to their support needs and risk profile. This information is typically sourced from the participant's NDIS Plan, their GP or specialist, and consultation with the participant and their family or guardian.
**Support environment assessment.** The assessment must evaluate the physical environment in which supports will be provided — the participant's home, community settings, or residential facility. For in-home supports, this includes the layout of the home (accessibility, trip hazards, bathroom safety, kitchen safety), the availability and condition of any required assistive technology or equipment, and the presence of other household members or hazards (pets, unsecured medications, weapons).
**Activity-specific risk assessment.** For each type of support activity — personal care, community access, meal preparation, medication assistance, transport — the assessment must evaluate the specific risks associated with that activity for this participant. An activity that is routine for one participant may be high-risk for another with different mobility, cognitive, or health characteristics.
**Emergency planning.** The assessment must address emergency scenarios specific to the participant — what should a support worker do if the participant has a seizure, a fall, a choking incident, a behaviour emergency, or a medical deterioration? The emergency plan must be documented, communicated to all workers providing support to the participant, and tested.
**Review and update triggers.** Participant risk assessments must be reviewed when the participant's health or support needs change, after any incident involving the participant, at least annually, and whenever a new support worker is introduced to the participant. The review must be documented, with the nature of any changes recorded.