Allied Health Compliance Guide

Allied Health Compliance Checklist for Small Practices Australia

A practical guide for physiotherapy, occupational therapy, speech pathology, psychology, dietetics, and other allied health practices in Australia managing AHPRA, privacy, and WHS compliance obligations.

Why compliance is complex for small allied health practices

Allied health practices operate under multiple overlapping compliance frameworks simultaneously: AHPRA registration requirements, the Privacy Act (including health information obligations under the Australian Privacy Principles), NDIS Practice Standards (for NDIS-registered providers), WHS obligations as an employer, and Medicare compliance requirements for practices billing through Medicare.

For small practices — often run by a practitioner-owner with limited administrative support — keeping up with every obligation across every framework is genuinely challenging. The most common compliance failures are not poor clinical practice but missed administrative obligations: expired CPD records, outdated privacy policies, incomplete incident documentation, and lapsed NDIS audit preparation.

Allied health compliance checklist

This checklist covers key compliance obligations for small allied health practices in Australia. Keep evidence — certificates, policies, training records, and incident logs — for every item.

1. AHPRA registration and CPD

  • All registered practitioners have current AHPRA registration — checked and documented annually
  • CPD requirements met for the current registration period — records of all CPD activities kept
  • Professional indemnity insurance current and at required coverage levels
  • AHPRA registration conditions (if any) understood and complied with
  • Practitioners in supervised practice have supervision agreements in place and documented

2. Privacy and health information

  • Privacy Policy in place, current, and given to patients at first contact
  • Health records managed in accordance with Australian Privacy Principles (APP) and state health records legislation
  • Patient consent for collection, use, and disclosure of health information obtained and documented
  • Records retention policy in place (7 years for adults, until age 25 for minors in most states)
  • Data breach response plan in place — staff know what to do if a breach occurs
  • Notifiable Data Breach (NDB) scheme obligations understood — Office of the Australian Information Commissioner (OAIC) notified for eligible breaches

3. NDIS compliance (for NDIS-registered providers)

  • NDIS Practice Standards relevant to your registration group understood and policies in place
  • NDIS Worker Screening Checks completed for all workers in risk-assessed roles
  • Worker Orientation Module completed by all workers and records kept
  • Incident management system in place — reportable incidents submitted to NDIS Commission within required timeframes
  • Complaints management procedure documented and communicated to participants
  • Audit preparation: evidence of compliance with each Practice Standard collected and organised

4. Clinical governance

  • Clinical governance framework documented — covers scope of practice, supervision, and quality improvement
  • Informed consent procedure in place and documented for all clinical interventions
  • Clinical incident register maintained — adverse events and near-misses recorded and reviewed
  • Complaints register in place — all complaints documented with resolution outcomes
  • Scope of practice policy in place — practitioners only providing services within their competence

5. Workplace health and safety (WHS)

  • WHS policy in place, signed by management, and communicated to all staff
  • Risk assessments completed for clinical and non-clinical workplace hazards
  • Manual handling and ergonomics risks assessed — particularly for hands-on practitioners
  • Aggression and occupational violence risk assessment and management plan in place
  • Incident register maintained — all WHS incidents and near-misses recorded and investigated
  • Workers' compensation insurance current

6. HR and staff management

  • Employment contracts in place for all staff — reviewed against current Award obligations
  • Staff induction records kept — privacy, WHS, and clinical governance training documented
  • Performance review and supervision records maintained
  • Working with Children Checks current for all staff working with minors
  • Police check records on file where required by funding body or registration

7. Medicare and billing compliance (if applicable)

  • Medicare billing reviewed against current MBS item descriptors — services match items billed
  • Provider numbers current and linked to correct practice locations
  • Medicare compliance policies in place — billing reviewed internally for accuracy
  • GP referral requirements met for Medicare-referred services (Team Care Arrangements, etc.)
  • Private health fund billing compliant with registered provider obligations

The compliance burden on small allied health practices

Most allied health practitioners are excellent clinicians who became practice owners almost by accident. The clinical skills that make them great practitioners don't automatically translate to compliance management skills — and compliance across AHPRA, privacy law, NDIS, and WHS is genuinely complex.

The most effective approach for small practices is to convert your compliance policies and frameworks into a trackable list of obligations — assigned to the right person, with a due date, and with evidence attached when completed. That turns compliance from an annual scramble before an audit into something that gets done continuously as part of how the practice operates.

Turn your allied health policies into audit-ready actions

CompliAI reads your AHPRA, NDIS, privacy, and WHS policy documents, extracts every compliance obligation, and turns them into assigned tasks with due dates and an audit trail — so your practice stays continuously compliant, not just at audit time.

Try CompliAI free →

Key regulators for allied health practices in Australia

  • AHPRA: Australian Health Practitioner Regulation Agency — ahpra.gov.au
  • NDIS Quality and Safeguards Commission: ndiscommission.gov.au
  • OAIC (Privacy): Office of the Australian Information Commissioner — oaic.gov.au
  • Medicare: Services Australia — servicesaustralia.gov.au
  • WHS: Safe Work Australia — safeworkaustralia.gov.au

Related compliance guides