The Australian healthcare compliance glossary
Plain-English definitions of the terms, acronyms, and obligations that Australian medical and allied health practices actually have to deal with. Every entry explains what the term means, why it matters for your practice, and what a regulator or assessor expects to see.
NDIS
Certification Audit
A certification audit is the more rigorous of the two NDIS registration audit pathways, required for providers delivering higher-risk or more complex supports. It is a two-stage assessment by an approved quality auditor: a Stage 1 desktop review of your documentation, followed by a Stage 2 on-site audit with interviews. Certified providers also have a mid-term audit around 18 months in.
Read definitionNDIS Code of Conduct
The NDIS Code of Conduct sets out the standards of behaviour expected of everyone who works with or delivers supports to people with disability. It applies to both registered and unregistered providers and their workers, covering rights, privacy, safe and competent delivery, integrity, and the prevention and reporting of harm. The NDIS Commission can enforce it with bans and penalties.
Read definitionNDIS Worker Screening Check
An NDIS Worker Screening Check is a national criminal history and risk assessment that determines whether a person is cleared to work in a risk-assessed role delivering NDIS supports. A clearance is valid for up to five years, is subject to ongoing monitoring that can suspend or revoke it, and is required for workers in risk-assessed roles and key personnel of registered providers.
Read definitionRegistration Groups
Registration groups are the categories of support a provider applies to be registered for with the NDIS Commission. There are 36 registration groups across professional and support categories. The groups you choose are decisive: they determine which NDIS Practice Standards apply to you and whether you face a certification or verification audit.
Read definitionReportable Incident
A reportable incident is a serious incident, or an allegation of one, that happens in connection with NDIS supports or services and must be notified to the NDIS Quality and Safeguards Commission. The six categories are death, serious injury, abuse or neglect, unlawful sexual or physical contact, sexual misconduct, and the unauthorised use of a restrictive practice.
Read definitionRestrictive Practice
A restrictive practice is any action that has the effect of restricting the rights or freedom of movement of a person with disability. The NDIS regulates five types: seclusion, chemical restraint, mechanical restraint, physical restraint, and environmental restraint. Using a regulated restrictive practice requires a behaviour support plan and, in most cases, state or territory authorisation.
Read definitionSupport Coordination
Support coordination is an NDIS support that helps a participant understand and use their plan, connect with providers, and build the skills to coordinate their own supports. It is delivered at three levels, from support connection through to specialist support coordination, and carries specific conflict-of-interest and Code of Conduct obligations for the providers who deliver it.
Read definitionSupported Independent Living(SIL)
Supported Independent Living (SIL) is an NDIS support that funds help with everyday tasks to enable a participant to live as independently as possible, usually in shared living arrangements. SIL is a higher-risk support: it sits on the certification audit pathway, and from 1 July 2026 SIL providers must be registered with the NDIS Commission.
Read definitionVerification Audit
A verification audit is the lighter of the two NDIS registration audit pathways, used for lower-risk, less complex supports. It is a document-only desktop review by an approved quality auditor, with no on-site visit, no participant interviews, and no observation of service delivery. The auditor checks that your documentation demonstrates you meet the relevant requirements.
Read definitionMedicare & Billing
80/20 Rule
The 80/20 rule is a Medicare compliance trigger. A practitioner who renders 80 or more professional attendances on each of 20 or more days in a 12-month period is deemed to have engaged in a prescribed pattern of services, which results in a mandatory referral to the Professional Services Review. It is one of the few automatic, non-discretionary PSR triggers.
Read definitionAssignment of Benefit(AoB)
Assignment of benefit is the process by which a patient agrees to assign their Medicare benefit to the provider, which is what makes a service bulk billed. From 1 July 2026, the consent can be captured digitally by SMS or web link rather than only on paper, with consent able to be obtained before or after the service and records kept for two years.
Read definitionBulk Billing Practice Incentive Program(BBPIP)
The Bulk Billing Practice Incentive Program (BBPIP) is a Medicare payment that began on 1 November 2025. Practices registered in MyMedicare earn an extra 12.5% loading on the Medicare benefit for eligible bulk-billed services, paid on top of the existing bulk billing incentive. The loading is split between the practice and the GP who delivered the service.
Read definitioneHealth Practice Incentive(ePIP)
The eHealth Practice Incentive (ePIP) is a payment under the Practice Incentives Program that rewards accredited Australian general practices for using digital health systems. To qualify, a practice must meet five eHealth requirements, the best known being to upload shared health summaries to My Health Record for at least 0.5% of its SWPE count each quarter.
Read definitionMedicare Benefits Schedule(MBS)
The Medicare Benefits Schedule (MBS) is the listing of medical, diagnostic, and allied health services that the Australian Government subsidises through Medicare. Each service has a unique item number, a descriptor that defines what the service must include, and a schedule fee used to calculate the Medicare benefit. Billing an item whose descriptor is not met is a compliance risk.
Read definitionMyMedicare
MyMedicare is a voluntary patient registration model that formally links a patient to a single general practice and a usual GP. Registration unlocks Medicare items and incentive payments available only for registered patients, including longer telehealth items, the tripled bulk billing incentive for longer consultations, and eligibility for the Bulk Billing Practice Incentive Program.
Read definitionPractice Incentives Program(PIP)
The Practice Incentives Program (PIP) is a set of Services Australia payments that reward accredited general practices for activities that support quality care, capacity, and rural access. It has seven incentives grouped into three streams: Quality, Capacity, and Rural Support. Most PIP payments are scaled to a practice's patient load, measured by its SWPE.
Read definitionProfessional Services Review(PSR)
The Professional Services Review (PSR) is the Commonwealth scheme that reviews whether a practitioner has engaged in inappropriate practice when providing Medicare or PBS services. It is the main enforcement mechanism behind Medicare billing compliance, with powers to require repayment of benefits, reprimand practitioners, and disqualify them from billing Medicare.
Read definitionStandardised Whole Patient Equivalent(SWPE)
A Standardised Whole Patient Equivalent (SWPE) is a Services Australia measure of a practice's patient load, where each patient is weighted by the average cost of services for their age and sex. It is the standard denominator used to calculate Medicare practice incentive payments, including the eHealth Practice Incentive (ePIP) and the Bulk Billing Practice Incentive Program (BBPIP).
Read definitionRACGP & Accreditation
Clinical Governance
Clinical governance is the system of responsibilities and accountabilities through which a practice ensures the safety and quality of the care it delivers. It brings together leadership, risk management, quality improvement, and clinical safety into one framework. The RACGP Standards, particularly the 6th edition, expect practices to show a functioning clinical governance system, not just individual good intentions.
Read definitionContinuous Quality Improvement(CQI)
Continuous quality improvement (CQI) is the ongoing, systematic process of using your practice's data and feedback to identify problems, make changes, and measure whether those changes worked. It is a core requirement of the RACGP Standards: practices must show evidence of quality improvement activities, such as a clinical audit, a PDSA cycle, or a significant event analysis.
Read definitionMandatory Indicator
A mandatory indicator is an item in the RACGP Standards that a general practice must meet to achieve accreditation. The Standards distinguish mandatory indicators from other indicators: a practice can be working toward some non-mandatory items, but a failure against a single mandatory indicator means the practice cannot be accredited until it is rectified.
Read definitionPDSA Cycle(PDSA)
A PDSA cycle (Plan, Do, Study, Act) is a structured, four-step method for testing and implementing a change on a small scale before adopting it widely. It is the quality improvement methodology that RACGP assessors most readily recognise, and it provides a clear way to document a continuous quality improvement activity from idea to embedded change.
Read definitionRACGP Accreditation
RACGP accreditation is the independent assessment of a general practice against the RACGP Standards for general practices. An approved accrediting agency reviews the practice's systems and evidence, and a successful practice is accredited for a three-year cycle. Accreditation is what makes a practice eligible for Practice Incentives Program payments and signals a baseline of safety and quality.
Read definitionSignificant Event Analysis(SEA)
A significant event analysis (SEA) is a structured, team-based review of a single notable event, good or bad, to understand what happened, why, and what should change. In Australian general practice it is one of the recognised types of continuous quality improvement evidence that the RACGP Standards expect practices to be able to demonstrate.
Read definitionPrivacy & Data Protection
Australian Privacy Principles(APPs)
The Australian Privacy Principles (APPs) are the 13 principles in the Privacy Act 1988 that govern how organisations handle personal information across its whole life cycle, from collection through use, disclosure, storage, and access. Every Australian healthcare practice is bound by the APPs, because the small-business exemption does not apply to providers that hold health information.
Read definitionHealth Information
Health information is information or an opinion about a person's health, disability, or health services they have received, including the clinical records a practice holds. It is a subset of sensitive information under the Privacy Act 1988, the most protected category of personal information, and it generally cannot be collected without consent. Holding it is what brings a practice fully within the Privacy Act.
Read definitionNotifiable Data Breach(NDB)
A notifiable data breach is unauthorised access to, disclosure of, or loss of personal information that is likely to result in serious harm to an individual. Under the Notifiable Data Breaches scheme in the Privacy Act 1988, an Australian healthcare practice that has one must notify both the affected individuals and the Office of the Australian Information Commissioner (OAIC).
Read definitionOffice of the Australian Information Commissioner(OAIC)
The Office of the Australian Information Commissioner (OAIC) is the federal regulator for privacy and freedom of information. It administers the Privacy Act 1988, receives notifiable data breach statements and privacy complaints, issues guidance on the Australian Privacy Principles, and can investigate and seek civil penalties for serious or repeated privacy breaches.
Read definitionPersonal Information
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not it is true and whether or not it is recorded in a material form. Under the Privacy Act 1988, health information is a more sensitive subset of personal information and attracts the strongest protections.
Read definitionSerious Harm
Serious harm is the threshold that turns a data breach into a notifiable one. Under the Notifiable Data Breaches scheme, you must notify only when unauthorised access to, disclosure of, or loss of personal information is likely to result in serious harm to an individual. The Privacy Act does not define it precisely, but it covers physical, psychological, emotional, financial, and reputational harm.
Read definitionAHPRA & Registration
AHPRA(AHPRA)
AHPRA is the Australian Health Practitioner Regulation Agency, the body that administers the national registration and accreditation scheme for registered health professions, working with the National Boards. It maintains the public register of practitioners, sets registration standards, and handles notifications about practitioner health, performance, and conduct under the National Law.
Read definitionConditions on Registration
Conditions on registration are restrictions or requirements that AHPRA and a National Board can place on a health practitioner's registration to manage a risk to the public. They might limit a practitioner's scope, require supervision, mandate education, or restrict prescribing. Conditions are recorded on the public register, and an employer has a duty to know about and accommodate them.
Read definitionMandatory Notification
A mandatory notification is a report that must be made to AHPRA when a registered health practitioner has reasonable grounds to believe another practitioner (or a student) has engaged in notifiable conduct. Under the National Law, the four types of notifiable conduct are practising while intoxicated, sexual misconduct, an impairment that places the public at risk, and a significant departure from accepted professional standards.
Read definitionEmployment & Tax
Employee vs Contractor
The employee versus contractor distinction determines which legal obligations a practice owes a worker, including superannuation, PAYG withholding, leave, and payroll tax. There is no single test: Fair Work, the ATO, and state payroll-tax law each assess it differently, and getting the classification wrong can create significant back-payment and penalty exposure for a medical practice.
Read definitionPayday Super
Payday super is the reform requiring Australian employers to pay superannuation guarantee contributions at the same time as wages, rather than quarterly. From 1 July 2026, super must be received by employees' funds shortly after each payday. For medical practices, it changes payroll cash flow and makes correct worker classification and timely payment more important.
Read definitionPayroll Tax (Medical Practices)
Payroll tax is a state and territory tax on the wages an employer pays above a threshold. For medical practices the live issue is whether payments to contractor doctors are caught by state relevant-contract provisions and treated as wages. Several rulings have found common practice structures liable, and the rules and any concessions now differ markedly between states.
Read definitionCyber Security
Essential Eight
The Essential Eight is a set of eight baseline cyber security mitigation strategies published by the Australian Signals Directorate to help organisations protect themselves against common cyber threats. The strategies are grouped into preventing attacks, limiting their extent, and recovering data. Progress is measured against a maturity model from Maturity Level Zero to Maturity Level Three.
Read definitionRansomware Payment Reporting
Ransomware payment reporting is the obligation under the Cyber Security Act 2024 for certain entities to report a ransomware or cyber extortion payment to the government within 72 hours of making it or becoming aware it has been made. It applies to businesses above a turnover threshold and is separate from, and additional to, the notifiable data breach obligation.
Read definitionPractice Management
Accreditation Evidence
Accreditation evidence is the documented proof a practice presents to show it meets each indicator of the RACGP Standards. It is more than having policies: it includes records that a system is actually used, such as meeting minutes, audit results, training logs, drill records, and registers. Much of it must be built over time and cannot be created just before a survey.
Read definitionPractice Manager
A practice manager is the person responsible for the day-to-day running of a medical practice, spanning operations, staff, finance, and compliance. In the Australian context the role carries the practical burden of meeting obligations to many regulators at once, from AHPRA and Medicare to the privacy regulator, Fair Work, work health and safety, and the practice's accreditation body.
Read definitionBe the practice the assessor compliments.
Set up your frameworks this weekend. Walk into your next visit with every criterion linked to current evidence, and nothing left to chase.