Health & Community Law Alert: Aged Care Update – Serious Incident Response Scheme commences

By Alison Choy Flannigan

The new Serious Incident Response Scheme (SIRS) for residential aged care providers commenced on 1 April 2021.

What is SIRS and to whom does it apply?

SIRS is an initiative (amending previous compulsory reporting requirements) to help prevent and reduce incidents of abuse and neglect in residential aged care services subsidised by the Australian Government. SIRS sets new arrangements for approved providers of residential aged care to manage and take reasonable action to prevent incidents with a focus on the safety, health, wellbeing and quality of life of aged care.

SIRS was implemented under:

  • the Aged Care Legislation Amendment (Serious Incident Response Scheme and Other Measures) Act 2021, which amended the Aged Care Act 1997 (Cth) (the Act); and
  • the amended Quality of Care Principles 2014 (Cth).

When does it commence?

From 1 April 2021, providers of residential aged care must have in place an effective incident management system and are required to report all ‘Priority 1’ incidents to the Commission within 24 hours of becoming aware of the incident.

From 1 October 2021, residential aged care providers will also be required to report all ‘Priority 2’ incidents to the Commission within 30 days of becoming aware of the incident.

What responsibilities do aged care providers have under the SIRS?

Under the Scheme, aged care providers will have responsibilities under two key components:

  • incident management; and
  • compulsory reporting.

What are the incident management obligations?

The SIRS requires every residential aged care service to have in place an ‘effective incident management system’ – a set of protocols, processes, and standard operating procedures that staff are trained to use. This means adopting a systematic approach to minimise the risk of – and respond to – incidents that occur in a residential care setting.

The Best Practice Guidance, published by the Aged Care Quality and Safety Commission, provides information for providers to help them to develop and embed a best practice incident management system that enables them to respond to and manage specific incidents and ‘near misses’. The Best Practice Guidance defines an effective risk management system as including the following:

  • leadership commitment;
  • corporate and clinical governance;
  • culture of compliance;
  • incident management system of identification and reporting;
  • risk management;
  • open disclosure;
  • accountability;
  • documented, readily accessible and consistently applied;
  • respond in a timely manner;
  • responding to ‘near misses’;
  • consumer centred;
  • outcomes focussed;
  • continuous improvement – both remedial and preventative;
  • comprehensive policies and procedures;
  • regulatory compliance;
  • feedback and complaints;
  • orientation and training (including for agency staff);
  • identifying trends; and
  • support for those affected.

Further, as outlined under the Quality Standards, providers must use an open disclosure process. This means that providers should facilitate an open discussion with consumers and their representatives when something goes wrong that has harmed or had the potential to cause harm to a consumer.

Providers are expected to practice open disclosure in their prevention and management of any incidents impacting consumers.

What are the Compulsory reporting requirements?

Additionally, residential aged care approved providers will be required to report specified serious incidents involving aged care consumers to the Aged Care Quality & Safety Commission (the Commission), and the police where the incident is criminal in nature. This reporting includes incidents that occur, or are alleged or suspected to have occurred, and will include incidents involving a care recipient with cognitive or mental impairment such as dementia.

A key feature of the Scheme is the broadened definition of a ‘reportable incident’, which is:

  • unreasonable use of force – for example, hitting, pushing, shoving or rough handling.
  • unlawful sexual contact or inappropriate sexual conduct – such as sexual threats, stalking, or sexual activities without consent.
  • psychological or emotional abuse – such as yelling, name calling, ignoring a consumer, threatening gestures, or refusing a consumer access to care or services as a means of punishment.
  • unexpected death – in the event of a fall, untreated pressure injury, or the actions of a consumer result in the death of another consumer.
  • stealing or financial coercion by a staff member – for example, if a staff member coerces a consumer to change their will to their advantage, or steals valuables from the consumer.
  • neglect – withholding personal care, untreated wounds, or insufficient assistance during meals.
  • inappropriate physical or chemical restraint – for example, where physical or chemical restraint is used without prior consent or without notifying the consumer’s representation as soon as practicable; where physical restraint is used in a non-emergency situation; or when a provider issues a drug to a consumer to influence their behaviour as a form of chemical restraint.
  • unexplained absence from care – this occurs when the consumer is absent from the service, it is unexplained and has been reported to the police.

Reporting timelines

The Scheme sets out reporting timelines depending on whether an incident can be categorised as ‘Priority 1’ or ‘Priority 2’.

‘Priority 1’ incidents must be reported to the Commission within 24 hours of becoming aware of the incident. This is a reportable incident where the incident has caused, or could reasonably have caused, physical or psychological injury or discomfort to a care recipient that requires medical or psychological treatment to resolve, or where there are reasonable grounds to report the incident to police. Instances of unexplained absence from care and any unexpected death of a consumer are always to be regarded as Priority 1 reportable incidents.

'Priority 2’ incidents must be reported to the Commission within 30 days of becoming aware of the incident. This includes all other reportable incidents that do not meet the criteria for a ‘Priority 1’ incident.

Other key features of the Act

Victimisation prohibited

The Act sets out different mechanisms to protect persons who disclose information relevant to a reportable incident.

In particular, under section 54-6 of the Act, conduct that actually causes or threatens to cause detriment to another person who disclosed information to the Commission, the approved provider or a police officer is expressly prohibited.

The civil penalty for breaching this section is 500 penalty units (or $111,000).

Further, a person is liable to compensate the other person for damage caused by their breach of section 54-6.

Defamation and qualified privilege

There are also qualified privilege protections for disclosures which are made under the Act which are made without malice (providing a defence against a claim of defamation): 54-5

What about privacy?

While disclosures under the Act are required or permitted under law, and therefore permitted under privacy laws, including the Privacy Act 1988 (Cth), providers should take care that the scope of the personal information that they disclose to the Commission under the Act is limited to the reporting requirements.

Protecting informants’ identities

The provider is responsible for taking reasonable measures to protect the identity of the informant unless the disclosure is made to the Commission, an Authority to which the approved provider is required to report, the approved providers ‘key personnel’ (as defined) or a police officer.


There is likely to be some ambiguity as to what is or is not’ neglect’ and what is Priority 1 vs Priority 2 in practice. For example, when is a fall reportable? This will depend upon the facts of each case.

All allegations are reportable (whether or not they are substantiated). Issues are likely to arise when one or more unsubstantiated allegations are made by a claimant with a significant mental impairment or a medical condition such as paranoia. In these circumstances, residential aged care providers should consult the care recipient’s authorised representative (such as guardian) in making a decision to report.

It is important that appropriate analysis is done of the data before any interpretation is made by the Commission on trends and that approved providers who have good reporting systems are not penalised for having a higher number of reports.

This article was written with the assistance of Lauren, Krejci, Paralegal.


Alison Choy Flannigan

Alison Choy Flannigan

Partner & Co-Lead, Health & Community

Alison specialises in advising clients in the health, aged care, disability, life sciences and community sectors. 

Related industries

You might be also interested in...

Health & Community | 4 Mar 2021

Health & Community Law Alert: Aged Care Update – Royal Commission into Aged Care Quality and Safety final report released

The Final Report of the Royal Commission into Aged Care Quality and Safety has been published and released by the Australian Government, as has the Government’s press release in response. We provide commentary on the findings.

Health & Community | 12 Feb 2021

Health & Community Law Alert: liability issues with COVID-19 and COVID-19 vaccines – who should be responsible for adverse events?

With the current debate on whether or not COVID-19 vaccines should become mandatory and vaccination programs underway in many countries, the question arises – who should be responsible for adverse events in relation to the vaccines?