How compliant is your allied health practice?

Australian allied health practices have to manage compliance on five fronts simultaneously: (1) AHPRA registration and Board codes for each clinician (Psychology Board, Physiotherapy Board, OT Board, Podiatry Board, plus self-regulated speech pathology under SPA-CPSP); (2) Privacy Act 1988 (Cth) and the Australian Privacy Principles, including the Notifiable Data Breach scheme under Part IIIC; (3) Funder rules where they bill: Medicare Better Access (psychology), Chronic Disease Management items (most professions), DVA, HICAPS, private health funds; (4) NDIS Quality and Safeguards Commission Practice Standards if registered, or the NDIS Code of Conduct if unregistered but serving NDIS participants; and (5) State-based Health Records legislation in Victoria, NSW, and the ACT (others rely on APP 11). The quiz scores you across the eight risk areas auditors look at across all five fronts.

Each profession has its own AHPRA Board (or SPA-CPSP for speech pathology) with its own CPD requirements, scope of practice rules, and notation regime. The quiz wording adapts: psychology questions reference Better Access, endorsement, and supervision; physiotherapy questions reference dry-needling and acupuncture endorsements; OT questions reference equipment prescription and home assessments; speech pathology questions reference the CPSP standard rather than AHPRA registration; podiatry questions reference scheduled medicines endorsement and surgical-scope infection control. The 8 audit areas remain consistent so you can benchmark across professions if you run a multi-discipline practice.

Physiotherapy Board: 20 hours per registration year. OT Board: 30 hours per registration year, with at least half related to scope of practice. Psychology Board: 30 hours per registration year, including 10 hours of peer consultation. Podiatry Board: 20 hours per registration year. Speech Pathology Australia (CPSP): 20 hours of professional self-regulation activities per year. All Boards require a written learning plan, evidence retained for the audit window (typically 5 years), and CPD that is relevant to your scope of practice. Self-attestation is not enough. AHPRA can audit your CPD records at any time and the Boards regularly select random samples for review.

Not always. NDIS-registered providers can serve NDIA-managed, plan-managed, and self-managed participants. Unregistered providers can only serve plan-managed and self-managed participants. Either way, all providers serving NDIS participants must comply with the NDIS Code of Conduct and the worker screening requirements for risk-assessed roles. The Quality and Safeguards Commission can investigate any provider following a complaint, regardless of registration status. Most allied health providers are verification-stream registered (the lower-risk audit), with certification only required if you deliver SIL, behaviour support, restrictive practices, or community nursing.

The two biggest audit risks are CDM (Chronic Disease Management) item compliance and Better Access for psychology. CDM items 10960 to 10970 require a referral from a GP under a GP Management Plan or Team Care Arrangement, with notes that justify the level of service billed. Better Access (item 80000-series for general psychologists, 80100-series for clinical psychologists) requires a Mental Health Treatment Plan referral, capped sessions, and notes that demonstrate evidence-based treatment. Medicare can audit retrospectively for up to two years and recover overpayments where evidence is missing. Practices should keep referral letters, eligibility checks, and treatment notes on file for at least 5 years.

A defensible privacy and NDB plan has six elements: (1) an APP-aligned privacy policy, posted on the website and displayed in reception; (2) consent forms for clinical treatment and for information sharing (referrals, reports to GPs, NDIS plans); (3) a documented data breach response plan that walks through the s 26WE serious-harm test from Privacy Act Part IIIC; (4) a named Privacy Officer who owns breaches and DSAR requests; (5) a register of any breaches and near-misses; and (6) annual team training. Most practices we see have the policy and the consent forms but not the breach response plan or the trained Privacy Officer. Use our free Notifiable Data Breach Decision Tool when assessing an actual breach.

The standard rule across Australia is 7 years from the date of last service for adult patients, and until the patient turns 25 for minors. In Victoria, NSW, and the ACT, this is set by the relevant Health Records Act. In other states, the floor comes from APP 11 under the Privacy Act 1988 (Cth) plus professional Board codes. Profession-specific overlays apply: the Psychology Board, for example, has additional retention guidance for psychometric testing materials. Use our free Medical Record Retention Calculator to get the exact answer with the citation.

Health practitioners and employers must notify AHPRA when they reasonably believe another practitioner has: (1) practised while intoxicated by alcohol or drugs; (2) engaged in sexual misconduct in connection with the practice of the profession; (3) placed the public at risk of substantial harm because of an impairment; or (4) practised in a way that constitutes a significant departure from accepted professional standards. Employers also must notify when these grounds arise. Practitioners should have a documented decision pathway, brief the team annually, and consult their indemnity insurer or the Boards' guidance before lodging. Speech pathology is not under the National Law, but SPA has its own equivalent obligations under the CPSP code.

Yes. Under section 129 of the Health Practitioner Regulation National Law, every registered health practitioner must hold professional indemnity insurance arrangements appropriate to their scope of practice. This applies whether you are an employee, contractor, or sole practitioner. Practices engaging contractors should hold a copy of each contractor's policy schedule on file as part of credentialing. Run-off cover is also required for retiring practitioners. The Boards can request evidence of indemnity at any time during the registration year.

Each of the 8 questions has 4 options scored 0, 2, 5, or 10. Maximum total is 80, normalised to a 0-100 percentage. The traffic-light grade is: 85-100 Audit-Ready Practice (strong); 70-84 Solid Foundations (most in place, prioritise amber items); 45-69 Material Gaps (amber and red items would be flagged at audit); below 45 High-Risk Posture (significant exposure across multiple audit fronts). Each area is scored individually so you can see where to focus first.

No. The quiz is an educational self-assessment built from publicly available AHPRA Board codes, Privacy Act provisions, NDIS Practice Standards, and Medicare item descriptors. It is not endorsed by, affiliated with, or a substitute for, an assessment by AHPRA, any Health Profession Board, the NDIS Quality and Safeguards Commission, Medicare, or any auditor. Use it to prioritise your evidence preparation, then engage your professional Board, indemnity insurer, or compliance advisor for binding guidance.

Most practice owners complete it in 4 to 6 minutes once they have picked a profession. The 8 questions are answerable from memory if you run the practice; you do not need to gather documents to take the quiz. After you finish, the prioritised gap list tells you exactly which documents and processes to chase down.

Answers are processed in your browser to compute the score. When you submit your email, we create a Resend contact (Sydney data residency) and send you the report. We do not host a temporary results page beyond the active session, and we do not store your specific answers server-side, only the email and an indication of which tool was used. If you opt in, you join our occasional allied health compliance updates list and can unsubscribe at any time.

Yes. Run it once per profession. Many of our multi-discipline customers run it for each clinical team and consolidate the gap lists at the next team meeting. The 8 audit areas are consistent across professions, so you can compare scores across teams to see where the practice-wide gaps are (typically privacy, NDIS, and records).