Do therapeutic supports providers need to meet the full NDIS Practice Standards?

Yes. Registered therapeutic supports providers must meet the NDIS Practice Standards core module, which covers rights, provider governance, provision of supports, and support planning. Depending on the specific supports delivered, additional module requirements — such as those covering specialist behaviour support — may also apply.

How often must NDIS policies and procedures be reviewed?

The NDIS Practice Standards require providers to have a continuous improvement system, which in practice means policies should be reviewed at minimum annually and whenever there are changes to legislation, Practice Standards, or your service model. Each review should be dated and version-controlled.

What is the difference between a verification audit and a certification audit for therapeutic supports?

Verification audits apply to lower-risk registration groups and typically involve desktop review of documents and records. Certification audits apply to higher-risk or more complex supports and include on-site inspections, worker interviews, and participant interviews. Therapeutic supports may attract either type depending on the registration groups held.

Do all workers delivering therapeutic supports need an NDIS Worker Screening Check?

Yes. Workers employed or engaged by a registered NDIS provider to deliver NDIS supports or services must hold a valid NDIS Worker Screening Check. This includes contractors and volunteers in risk-assessed roles. The check must be obtained through the relevant state or territory screening agency.

What must a clinical governance policy include for a small allied health practice?

At minimum, a clinical governance policy for a small allied health practice should cover: supervision arrangements and frequency, continuing professional development requirements, credentialing and professional registration verification, clinical file audits, and how clinical risks are identified and managed. The policy must be proportionate to the size and complexity of the organisation.

Is a restrictive practices policy required if we do not use any restrictive practices?

Yes. Even if your organisation does not authorise or implement restrictive practices, you should have a documented position stating this, explaining how workers recognise a restrictive practice, and outlining your obligation to report and refer to a registered behaviour support practitioner if a participant is subject to such practices in their other supports.

NDIS therapeutic supports provider: policies and procedures you need (2026)

Who this guide is for

If you are a registered NDIS provider delivering therapeutic supports — including occupational therapy, speech pathology, physiotherapy, psychology, dietetics, or other allied health services — you must comply with the NDIS Practice Standards and Code of Conduct. From 2026, the NDIS Commission's strengthened registration and audit framework places heightened scrutiny on whether providers can demonstrate their policies are genuinely embedded in practice, not merely filed in a folder.

This guide identifies the specific policies and procedures therapeutic supports providers need, what each must contain, and what an approved quality auditor will look for during a certification or verification audit.

Why therapeutic supports carries specific obligations

Therapeutic supports sits within the NDIS Practice Standards module covering Specialist Support and, where applicable, High Intensity Daily Personal Activities depending on the nature of the supports delivered. The core module applies to all registered providers, while additional module requirements apply when therapeutic work intersects with behaviour support or complex clinical needs.

The NDIS Code of Conduct requires all workers — employees and contractors — to act with respect, provide safe and competent supports, and promptly raise concerns. Your policies must operationalise these obligations in your specific service context.

The core policy framework: what you must have

The following policy areas are non-negotiable for a therapeutic supports provider seeking or maintaining NDIS registration. Each should be a standalone documented policy with associated procedures and, where relevant, forms or templates.

1. Rights and responsibilities

Participants must be informed of their rights under the NDIS Act and your service agreement. Your policy must cover:

How rights are communicated at intake (accessible formats, plain language, translation where needed)
How you support self-advocacy and decision-making
What a participant can do if they feel their rights have not been respected

2. Informed consent

Therapeutic intervention requires informed consent. Your procedure must specify:

Who obtains consent and when (initial, ongoing, for specific assessments or interventions)
How consent is documented
What happens when capacity to consent is in question, including how substitute decision-makers are engaged
How consent can be withdrawn and the effect on service delivery

3. Privacy and confidentiality

Providers handling health information under therapeutic supports have obligations under both the NDIS Act and the Privacy Act 1988 (Cth). Your policy must address:

Collection, storage, and disposal of personal and sensitive information
Access by workers on a need-to-know basis
Disclosure to third parties, including other providers and family members
Data breach response

4. Incident management

The NDIS (Incident Management and Reportable Incidents) Rules 2018 require all registered providers to have a documented incident management system. For therapeutic supports providers, this must include:

Clear definitions of what constitutes an incident, near-miss, and reportable incident
Reporting pathways for workers, including after-hours contacts
Timeframes for internal escalation and NDIS Commission notification (certain reportable incidents must be notified within 24 hours)
Investigation procedures and root-cause analysis
Corrective action and feedback loops to prevent recurrence

5. Complaints management

Your complaints procedure must make it easy for participants, families, and advocates to raise concerns. It must cover:

Multiple channels for receiving complaints (in person, phone, written, online)
Acknowledgement timeframes
Investigation and resolution process, including escalation to the NDIS Commission if unresolved
How feedback is used to improve service quality
Protection from retribution for anyone who makes a complaint

6. Worker screening and recruitment

All workers delivering NDIS supports must hold a valid NDIS Worker Screening Check or, for unregistered providers in certain states, an equivalent check. Your policy must cover:

Pre-engagement verification of screening status
How you check that registrations and professional memberships (AHPRA, AASW, SPA, etc.) are current
What action you take if a check lapses or a worker is excluded
Reference checking and supervision requirements for new workers

7. Clinical governance and quality of supports

This is the area most likely to attract auditor scrutiny for therapeutic providers. Your clinical governance framework must include:

Supervision structures — frequency, format (individual, group), and documentation
Continuing professional development requirements and how compliance is monitored
Credentialing for specific therapeutic modalities
File audit and case review procedures
Evidence-based practice standards referenced in assessments and reports

8. Restrictive practices (where applicable)

If your therapeutic work includes behaviour support, or if participants in your care are subject to regulated restrictive practices, you must have a dedicated policy and procedure. This must reference the relevant state or territory authorisation framework and compliance with the NDIS (Restrictive Practices and Behaviour Support) Rules 2018. Even if you do not authorise or implement restrictive practices directly, you need a policy stating your position and your obligations to report and refer.

9. Safe environment and risk management

Whether therapy is delivered in a clinic, home, or community setting, your procedures must cover:

Risk assessment before and during service delivery
Safe physical environments — equipment checks, infection control (particularly relevant post-COVID)
Lone worker safety procedures
Emergency and evacuation procedures for fixed premises

10. Feedback and continuous improvement

The Practice Standards require a demonstrable commitment to continuous improvement. This is not satisfied by a single annual review. Your procedure should specify:

How participant feedback is collected (surveys, interviews, outcome measures)
How complaints, incidents, and audits feed into service review cycles
Who is responsible for implementing and tracking improvements
How changes are communicated to workers and participants

What auditors actually check

Under the 2026 strengthened framework, NDIS Commission approved quality auditors move beyond document review. Expect auditors to:

Interview workers at all levels — not just management — to test whether policies are known and followed in practice
Interview participants and, where appropriate, their nominees
Review a sample of participant files against your consent, assessment, and service delivery procedures
Request evidence of incident reporting — not just that a system exists, but that it has been used correctly
Ask for evidence of staff supervision records and CPD completion
Check that your complaints register reflects a realistic volume of feedback (no complaints ever recorded is a red flag, not a green one)

Common non-conformances for therapeutic providers

Non-conformance	Common cause	Fix
Consent forms not tailored for therapeutic context	Generic template not updated	Include assessment consent, intervention consent, and report sharing separately
Incident management policy not linked to NDIS reportable incidents rules	Policy written pre-2018	Update definitions and timeframes to match current Rules
Supervision not documented	Informal arrangements not recorded	Introduce a supervision log signed by supervisor and supervisee
Complaints policy does not reference external escalation to the NDIS Commission	Policy only covers internal resolution	Add explicit reference to Commission complaints pathway and contact details
Worker screening status not systematically monitored	Initial check done, renewals missed	Maintain a screening register with expiry dates and calendar reminders

Keeping your policies audit-ready

Policies must be reviewed at least annually or whenever legislation, the Practice Standards, or your service model changes significantly. Assign a named policy owner for each document, record every review in a version history, and ensure all workers can access the current version — not a printed copy from two years ago kept in a binder.

If you are building your documentation library from scratch or preparing for your first certification audit, ndiscompliant.com.au offers a 74-document audit-ready compliance kit covering all core and supplementary Practice Standards modules, including therapeutic supports — a practical starting point rather than beginning with a blank page.

Summary checklist

Rights and responsibilities policy with accessible participant-facing materials
Informed consent procedure covering capacity and substitute decision-makers
Privacy policy aligned to the Privacy Act 1988 (Cth)
Incident management system linked to NDIS reportable incidents Rules
Complaints procedure with external escalation pathway
Worker screening and credentialing register and procedure
Clinical governance framework with supervision documentation
Restrictive practices policy (even if a position of non-use)
Risk management and safe environment procedures
Continuous improvement procedure with documented review cycle

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.