Why this matters for your practice
A medical practice is a workplace with an unusual concentration of hazards: sharps and clinical waste, infectious patients, chemicals and sterilising equipment, heavy manual handling of patients with limited mobility, aggression at the front desk, and staff working alone on home visits or in community and NDIS settings. WHS is the law that requires you to manage all of it, and the duty runs to patients and visitors in your waiting room, not just employees.
It matters commercially as well as ethically. Failing to manage a foreseeable risk can lead to a serious injury, a workers compensation claim, a regulator investigation, and prosecution of the practice (and in serious cases its officers). WHS evidence is also assessed at accreditation: RACGP Standards expect a safe physical environment and safe systems, so the same records serve both purposes.
What the WHS duty actually requires
Most of Australia operates under harmonised WHS laws based on the model WHS Act. The practice, as the "person conducting a business or undertaking" (PCBU), must ensure health and safety so far as is reasonably practicable. That phrase is the heart of the duty: you weigh the likelihood and seriousness of harm against what it takes to eliminate or reduce it, and you do what a reasonable practice in your position would do.
The duty is owed to all "workers", which is broader than employees. It includes employed reception and nursing staff, contractor GPs and allied health practitioners, students on placement, and volunteers. You must also consult your workers on health and safety matters, rather than deciding for them.
Two jurisdictions sit slightly apart. Victoria runs its own Occupational Health and Safety Act 2004 (regulated by WorkSafe Victoria) using "employer" and "employee" language, though the risk-management principles are the same. Western Australia adopted the WHS Act model from 2022. Check the Act and regulator for the state each of your sites operates in.
What the regulator expects
The state WHS regulator (SafeWork NSW, WorkSafe Victoria, Workplace Health and Safety Queensland, and their equivalents) expects a systematic risk-management cycle, not a one-off document:
- Identify hazards specific to your practice (clinical, physical, and psychosocial).
- Assess the risk each one presents.
- Control it using the hierarchy of controls (eliminate first, then substitute, isolate, engineer, use administrative controls, and use personal protective equipment last).
- Review the controls after incidents, changes, or on a schedule.
Regulators also expect you to follow the relevant codes of practice (including the code on managing psychosocial hazards, now enforceable in several states), to notify the regulator of a notifiable incident (a death, serious injury or illness, or dangerous incident) immediately and preserve the site, and to keep records that show the system is real: a WHS policy, a hazard and risk register, incident reports, workplace inspections, and induction and training records.
Common healthcare hazards to have controls for
- Biological: needlestick and sharps injuries, exposure to infectious patients, safe handling of clinical waste.
- Manual handling: transferring and mobilising patients, especially in aged care and NDIS support.
- Occupational violence and aggression: abusive or threatening patients at reception or during home visits.
- Psychosocial: high workload, exposure to distressing presentations, understaffing, and bullying.
- Lone and remote work: staff conducting home visits or working after hours alone.
- Chemical and physical: sterilising agents, cold-chain and equipment safety, slips and trips.
Common mistakes
- Treating WHS as paperwork: having a policy but never running an inspection, drill, or review.
- Forgetting psychosocial hazards, which are now an explicit, enforceable part of the duty.
- Excluding contractors and students from induction, when the duty clearly covers them.
- Not notifying the regulator of a notifiable incident, or disturbing the site before you are allowed to.
- No consultation: deciding controls without involving the staff exposed to the hazard.
Frequently Asked Questions
Does a small medical practice have to comply with WHS laws?
Yes. WHS duties apply to any business regardless of size. A solo GP practice with one receptionist is a PCBU and owes the primary duty of care to its worker, its patients, and its visitors, so far as is reasonably practicable.
Who does the WHS duty protect in a practice?
Everyone affected by the practice's work. That includes employees, contractor practitioners, students on placement, volunteers, and also patients and visitors on the premises. The concept of a "worker" under WHS law is deliberately broad.
Are psychosocial hazards part of WHS?
Yes. Managing psychosocial risks such as high workload, occupational violence, and bullying is an explicit WHS duty, and several states have made the code of practice on psychosocial hazards enforceable. Healthcare is a high-exposure sector, so practices are expected to actively identify and control these risks.
What is a notifiable incident and what do I do?
A notifiable incident is a death, a serious injury or illness (as defined in the Act), or a dangerous incident. You must notify your state WHS regulator immediately, usually by phone, and preserve the incident site until told otherwise. Keep a written record of what happened and what you did.
Is WHS checked at accreditation?
Indirectly but consistently. RACGP Standards require a safe physical environment and safe working systems, so the WHS policy, risk register, and inspection and training records you keep for WHS compliance also serve as accreditation evidence.
Related terms
Go deeper
Last reviewed