That Sinking Feeling: A Psychologist's Guide to the Serious Incident Response Scheme
It’s a scenario that plays out in the back of every psychologist’s mind. A client discloses something in session that rings alarm bells, not clinically, but ethically. Or a complaint lands in your inbox that feels like it’s escalating. It’s that sinking feeling when a situation feels like it’s spiralling beyond a standard clinical issue and into a formal incident. The question hits you with a jolt: ‘Does this need to be reported?’
This kind of professional anxiety is normal, especially when the lines feel blurry. It’s also why understanding the principles of a framework like the Serious Incident Response Scheme (SIRS) is so valuable, even if you don't work directly in aged care.
You’ve probably heard of SIRS in the context of aged care, but its core principles are becoming the benchmark for how AHPRA and the Psychology Board of Australia (PsyBA) expect all of us to manage serious client incidents. This isn't about another layer of bureaucracy. It's about having a clear, defensible, and ethical plan for when things go wrong, moving you from panic to a structured response.
From Aged Care Crisis to a New Benchmark
The formal SIRS framework was introduced for Australian aged care on 1 April 2021. It was a direct response to harrowing reports of abuse and neglect of vulnerable older Australians, brought to light by the Aged Care Quality and Safety Commission (ACQSC).
Before SIRS, reports revealed a crisis of harm, with some estimates as high as 44,131 alleged assaults in aged care facilities in a single year. This highlighted a desperate need for mandatory reporting and robust incident management systems. You can read more about the scheme on the official government website.
While the strict legal obligations of SIRS don’t apply to a solo private psychology practice in the same way, its underlying principles are now seen as best practice. AHPRA and the PsyBA expect all psychologists to have robust processes for identifying, managing, and learning from risk to protect clients. Thinking through a SIRS lens provides a concrete template for meeting those ethical duties.
Rather than seeing it as more compliance, view SIRS as a blueprint for ethical risk management. It forces you to ask the precise questions a regulatory body would ask: What happened? What did you do to manage it? And what have you changed to prevent it from happening again?
This isn't about creating more administrative work. It’s about being prepared. When you understand the core steps of identifying, responding to, and learning from serious incidents, you’re not just ticking a box. You’re building genuine resilience into your practice, protecting your clients, and safeguarding your professional standing.
It’s how you turn that "what if?" anxiety into a clear, actionable plan. That is the foundation of a defensible practice.
How to Identify a Reportable Incident in Your Practice
When a difficult client event happens, the first question is always a heavy one: ‘Was that serious enough to report?’ The line between a clinical issue that belongs in supervision and a genuine incident needing a formal response can feel incredibly blurry, especially when you're in the thick of it.
This is exactly the kind of ambiguity the Serious Incident Response Scheme (SIRS) framework is designed to clear up. Its core purpose is to move us beyond subjective gut-calls and give us a clearer, more objective definition of what constitutes significant harm. For psychologists, this isn't about memorising a new rulebook. It's about connecting the SIRS criteria back to the professional and ethical duties you already uphold under the PsyBA's Code of Conduct. The goal is to build your confidence in making that critical distinction.
This decision tree is a great way to visualise the first question you should always ask: was there potential or actual harm to a client?
As the chart shows, if the answer points towards client harm, your next steps need to align with a structured incident management framework. If not, it’s most likely a clinical matter that’s best unpacked and addressed through professional supervision.
The Eight Categories of Reportable Incidents
The SIRS organises harm into eight specific categories. While they came from the aged care sector, they provide a powerful lens for any psychology practice. Getting your head around them helps you categorise and assess events with much greater clarity.
To make these categories less abstract, let's look at what each one could mean in the context of a psychology practice.
SIRS Reportable Incidents Translated for Psychology Practice
| SIRS Incident Category | What It Means in Practice | Hypothetical Psychology Scenario |
|---|---|---|
| Unreasonable use of force | Using physical force beyond what's necessary and proportionate. | Unnecessarily using forceful physical restraint on an agitated client instead of de-escalation techniques. |
| Unlawful sexual contact or inappropriate sexual conduct | Any non-consensual sexual act or behaviour of a sexual nature towards a client, including verbal and non-verbal actions. | A therapist making sexually suggestive comments or initiating unwanted physical contact with a client. |
| Psychological or emotional abuse | Behaviour that causes mental anguish or distress, like humiliation, harassment, or intimidation. | A psychologist repeatedly belittling a client's experiences, using shaming language, or threatening to terminate therapy punitively. |
| Unexpected death | The death of a client where the circumstances are unexplained or unexpected. | A client dies by suicide shortly after a session where acute risk was identified but not adequately managed or followed up on. |
| Stealing or financial coercion by a staff member | Staff misappropriating a client's funds or pressuring them for financial gain. | An admin staff member overcharging a client's credit card for personal use or a psychologist pressuring a client for a "loan." |
| Neglect | A breach of duty of care, like failing to provide necessary clinical services, resulting in harm or a significant risk of harm. | Consistently failing to schedule urgent follow-up appointments for a high-risk client, leading to a severe decline in their mental state. |
| Inappropriate use of restrictive practices | Using a practice to restrict a client's rights or freedom without proper authorisation. | In an inpatient setting, locking a client in their room without a proper behavioural support plan or legal authority. |
| Missing persons | A client is unexpectedly absent, their whereabouts are unknown, and this poses a risk to their safety. | A high-risk client with known suicidal ideation leaves the clinic mid-session and cannot be contacted or located. |
As you can see, the thread connecting all these is the concept of harm and a breach of our fundamental duty of care.
It helps shift the focus from a place of self-blame, "Did I make a mistake?" to a more objective assessment: "Did my action, or my inaction, expose a client to a significant risk of harm?"
From Abstract to Applied Scenarios
Let’s translate this into the real world of your practice. A client expressing frustration with your therapeutic approach is almost certainly a clinical issue for supervision. However, if a psychologist responds with belittling or demeaning language that causes the client significant emotional distress, it crosses the line into potential psychological abuse.
Similarly, forgetting to book a single follow-up session is an administrative error. But consistently failing to arrange critical follow-up appointments for a high-risk client, leading to a deterioration in their mental state, could absolutely be considered neglect. This overlaps quite a bit with our mandatory reporting obligations, which every psychologist must understand inside and out. If you need a refresher, it’s worth reviewing our guide on mandatory reporting training requirements for Australian psychologists.
Thinking through these "what if" scenarios before an incident ever happens is the most effective form of risk management you can do. It prepares you to spot a reportable incident with confidence, ensuring you can act decisively and ethically when it really counts.
Ultimately, this process moves you from a place of uncertainty to one of structured, professional clarity. It allows you to uphold your primary duty: ensuring the safety and wellbeing of your clients.
Mastering SIRS Reporting Timelines and Procedures
Once you’ve identified a potential reportable incident, the situation immediately becomes time-sensitive. That feeling of pressure is real because the Serious Incident Response Scheme (SIRS) framework operates on strict deadlines. But these timelines aren't arbitrary; they’re designed to ensure immediate action is taken to protect vulnerable people and that a thorough, considered response follows.
The key is to understand that there are two distinct types of incidents, and each one starts its own reporting clock.
Priority 1 Incidents: The 24-Hour Rule
A Priority 1 incident is the most serious category. It involves an event that caused—or could reasonably have been expected to cause—a client physical or psychological harm or discomfort that requires medical or psychological treatment to resolve.
This category also includes any unexpected death, or any instance of unlawful sexual contact or inappropriate sexual conduct.
For these incidents, you have a non-negotiable 24-hour window to make an initial report. That clock starts the moment you become aware of the event.
The report needs to go to the relevant commission (like the Aged Care Quality and Safety Commission or the NDIS Commission). This initial report isn't expected to be a full-blown investigation. Think of it as a crucial first alert designed to trigger an immediate response and ensure the safety of everyone involved. You’ll just need to provide the basics: who was involved, what happened, and what immediate actions you took to keep people safe.
Priority 2 Incidents: The 5-Day Window
A Priority 2 incident is any other reportable incident that doesn't meet the high-stakes criteria for Priority 1. This still covers very serious events like psychological abuse, neglect, or stealing, but where the immediate need for medical intervention isn't present. A significant breach of care has still occurred.
For these incidents, the reporting timeline is a bit more forgiving. You have five business days to report the incident. This extended timeframe allows for a more detailed initial assessment before you lodge the formal report.
The distinction between these priorities has been a point of ongoing refinement. Early on, for instance, advocates pushed for clearer definitions of neglect to avoid situations where staff feared reporting unexpected deaths that weren't the result of malpractice. This has led to a focus on systemic reviews rather than just individual blame. You can learn more about these developments from the SIRS insights reports.
Internal vs. External Reporting
It's absolutely crucial to understand that reporting to an external body is only one part of the equation. An equally important obligation, under both SIRS and AHPRA's professional standards, is having a robust internal incident management system.
This means that as soon as you identify an incident, your first actions are always internal:
- Ensure Safety: Take immediate steps to protect the client and anyone else affected.
- Provide Support: Offer immediate support to the client who has experienced harm.
- Document Everything: Begin creating a detailed, contemporaneous record of the incident. This is not part of the client file; it is a separate incident report.
Only after these initial internal steps are underway do you proceed with the external reporting requirements based on the Priority 1 or Priority 2 timelines. This dual process—acting internally while reporting externally—is the foundation of a defensible, ethical response. It demonstrates to any regulatory body that your primary focus was, and always is, client safety.
After the Report: Managing the Fallout and Preventing Recurrence
Submitting a report to a commission isn’t the finish line. Under the principles of the Serious Incident Response Scheme, it’s just the starting point. The real work—and the true measure of your ethical practice—is everything that happens after you click ‘submit’. Ticking a compliance box is reactive; building a safer practice is proactive and professionally responsible.
This means shifting your mindset from simply reporting an incident to genuinely managing it. This is where your clinical skills become your greatest asset, moving you beyond mere compliance into reflection, care, and systemic improvement. Your first priority, as always, is the person who has been affected.
Supporting the Affected Individual
Once you’ve ensured a client's immediate physical safety, your focus must pivot to their psychological wellbeing. This is a delicate and critical phase that demands your full clinical attention.
Your responsibilities here are clear:
- Open and Honest Communication: Provide a clear, factual, and empathetic explanation of what happened. No jargon, no defensiveness. This is the heart of open disclosure.
- Offering Support: Don't wait to be asked. Actively offer and help them connect with support, whether that’s another practitioner, an advocacy service, or other resources that feel right for them.
- Respecting Their Wishes: Listen to what the affected person says they need and want. Your goal is to empower them in the process, not to direct it.
This isn’t about admitting liability. It's about upholding your duty of care and demonstrating professional integrity in a moment of profound vulnerability.
Conducting an Internal Review
With the client's immediate needs met and the external report filed, you must turn your focus inward. Every serious incident is a powerful, if painful, learning opportunity. A thorough internal review isn't about finding someone to blame; it’s about understanding why it happened.
The most important question to ask isn't "Who made a mistake?" It's "What were the systemic factors that allowed this to happen?" This shift from individual blame to systemic analysis is the core of a preventative culture.
Professional supervision becomes non-negotiable here. It provides a structured, confidential space to process the event, examine your own actions and emotional reactions, and reflect on the clinical judgements you made. This isn't just good self-care; it's a critical part of your professional accountability as required by AHPRA. Peer consultation can also offer an invaluable outside perspective from trusted colleagues who understand the pressures of our work.
The Practice Owner’s Role in Prevention
If you own or manage a practice, your responsibility extends to the entire system. Your job is to build an environment where incidents are less likely to occur and where your team feels psychologically safe to speak up when they do.
This involves:
- Staff Training: Ensure everyone, from practitioners to the admin team, understands what a reportable incident is, knows their role in identifying it, and is clear on your practice’s internal reporting procedure.
- Fostering Open Disclosure: Actively create a culture where raising concerns is encouraged and met with a constructive, non-punitive response. When staff fear reprisal, incidents go unreported, and client risk multiplies.
- Implementing Systemic Changes: Use what you learn from internal reviews to make concrete changes. This might mean updating a policy, rolling out new training, or redesigning a clinical workflow to add new safeguards.
Moving from reaction to prevention is a continuous cycle of action, reflection, and improvement. It transforms the Serious Incident Response Scheme from a daunting obligation into a practical framework for building a more resilient, ethical, and trustworthy practice.
Building an Audit-Proof Incident Management System
That quiet dread of a potential audit often boils down to one nagging fear: are my records good enough? For many psychologists, the anxiety isn’t about the quality of their clinical work, but the disorganised state of their documentation. When it comes to a serious incident, this anxiety can become overwhelming.
But creating a defensible, audit-ready incident management system isn't about buying fancy software. It’s about building a clear, evidence-first workflow that turns that compliance anxiety into professional confidence. A well-structured system, aligned with both AHPRA standards and the principles of the Serious Incident Response Scheme, is your single best defence.
Why Incident Reports Need Their Own Home
Here’s one of the most common—and critical—mistakes I see: documenting a serious incident inside the standard client file. This creates immediate problems with both confidentiality and clarity. An incident report is not just another clinical case note; it's a separate medico-legal document that serves a very different purpose.
Keeping incident reports separate achieves two vital goals:
- It protects client confidentiality: If an incident involves multiple parties or needs to be shared with a regulatory body, a separate report prevents unnecessary disclosure of the client’s entire clinical history.
- It creates clarity for auditors: A dedicated incident file presents a clear, chronological account of the event and your response, completely separate from routine therapy notes. This is exactly what an auditor wants to see.
The Anatomy of a Defensible Incident Record
So, what does a complete, audit-proof incident record actually look like? It’s far more than a quick note scribbled down in a hurry. It’s a comprehensive file that tells the full story of the event, your response, and your professional reflections. Your system should ensure every single report captures these essential components.
Think of it as building a case file that proves you acted professionally, ethically, and in line with your obligations. A complete record leaves no room for doubt or misinterpretation. For a deeper dive into maintaining professional standards, our article on training and CPD requirements for Australian psychologists is a useful resource.
An audit is fundamentally a review of your written evidence. A complete incident report doesn't just describe what happened; it demonstrates your professional judgment and commitment to client safety at every single step.
To make sure your documentation is robust enough to withstand scrutiny, I've put together a checklist you can use as a guide.
Your Audit-Proof Incident Documentation Checklist
A strong incident record tells a clear story from start to finish. This table breaks down what needs to be included and, more importantly, why it matters from a compliance perspective.
| Record Component | Why It's Essential for Compliance | Example Entry |
|---|---|---|
| Incident Details | Establishes the basic facts of what occurred, when, and where. This is the foundation of the record. | "On 15 May 2024 at 2:15 PM, in the clinic waiting room, Client A became verbally aggressive towards admin staff." |
| Immediate Actions Taken | Demonstrates your first response was to ensure the safety and wellbeing of all involved. | "Admin staff member was removed from the situation. I de-escalated Client A and escorted them to a private room. Offered support to staff." |
| Notifications Made | Provides evidence that you followed internal and external reporting protocols within the required timeframes. | "Internal report filed with Practice Manager at 2:45 PM. Notified supervisor via phone at 3:00 PM. External report to commission filed at 4:30 PM." |
| Communications Log | Creates a timeline of all conversations with the affected person, family, supervisors, and other agencies. | "Spoke with Client A's partner (with consent) at 5:00 PM to discuss a safety plan. Documented discussion points." |
| Follow-Up Plan | Shows proactive management and a plan to mitigate future risk and support recovery. | "Scheduled urgent follow-up for Client A. Planned team debrief for 16 May. Review of waiting room safety protocol initiated." |
| Post-Incident Review | Documents professional reflection, supervision, and systemic changes made to prevent recurrence. | "Incident discussed in supervision on 17 May. Identified need for staff training in de-escalation. Training scheduled for June." |
Building this kind of system before you need it is absolutely key. It ensures that if an incident does occur, you can move directly into a structured, defensible response, guided by a clear process rather than panic. Ultimately, this organised approach is the cornerstone of professional practice and your best protection against compliance-related stress.
Your Five-Step Plan for SIRS Readiness
Knowing what the SIRS is and what you’re supposed to do is one thing. Actually turning that theory into concrete, practical steps in your practice is another. It can feel like just one more thing on an already overwhelming to-do list.
Let’s simplify it. This final section boils everything we’ve covered down into a tangible, five-step plan you can start putting into action this week. These aren't abstract goals; they're practical actions designed to improve client safety, reduce your professional risk, and give you a sense of control over incident management.
Step 1: Review the Eight Incident Types
First, set aside 30 minutes. Take the table of the eight reportable incident types we went through earlier. For each one, brainstorm a plausible scenario specific to your practice setting and client group.
This isn't about morbid catastrophising. It’s a cognitive rehearsal. It moves the Serious Incident Response Scheme from a vague concept into your professional reality. What would neglect actually look like for one of your clients? What might constitute psychological abuse within your therapeutic modality?
Writing it down makes it real and much easier to spot if it ever happens.
Step 2: Add Incident Management to Your Supervision Agenda
Your next supervision session is the perfect place to start. Don't wait for a crisis. Proactively bring it up with your supervisor.
You could use prompts like these to start the conversation:
- "I've been reviewing the SIRS framework and want to talk through how we would manage a potential reportable incident here."
- "Can we walk through one of the hypothetical scenarios I came up with and map out the immediate steps we would take?"
- "What is our agreed-upon internal reporting process if I identify something serious?"
This conversation does two things. It shows your commitment to ethical practice and, more importantly, ensures you and your supervisor are on the same page before a high-stakes situation arises.
Step 3: Create a Basic Incident Report Template
This is a ten-minute job that will save you immense stress later. Open a blank document and create a simple template based on the "Audit-Proof Incident Documentation Checklist" provided earlier. Just copy the headings: Incident Details, Immediate Actions, Notifications, Communications Log, Follow-Up Plan, and Post-Incident Review.
Having a blank, ready-to-go template dramatically reduces the cognitive load in a high-stress situation. Instead of trying to remember what to include, you can simply follow the prompts and focus on accurately documenting the facts.
Save this template somewhere you can find it in a hurry. Consider it your foundational tool for a defensible response.
Step 4: Plan a Discussion on Open Disclosure
This is one of the toughest but most crucial parts of incident management: how do you communicate with a client when something has gone wrong?
Whether you're a solo practitioner reflecting on your own or a practice owner leading a team, schedule a specific time to think about open disclosure. What does it look like? When does it happen? Who is involved? Having a pre-considered approach is far better than improvising under pressure.
Step 5: Audit Your Record-Keeping
Finally, do a quick spot check. Take one of your existing client files and audit it against your new incident report template. Ask yourself: if a serious incident occurred with this client tomorrow, would I have a clear, separate, and defensible system to document it?
This quick test can instantly show you any gaps in your current workflow and where you might be vulnerable.
These five steps turn passive reading into active preparation. They help you build the muscle memory needed to respond to a serious incident with confidence and professionalism, not panic.
Common Questions About SIRS and Psychology Practice
Even with a clear framework, I know that applying principles like the Serious Incident Response Scheme to the real world of psychology throws up a lot of practical questions. It’s one thing to read the guidelines; it’s another to know what to do when a complex situation lands on your desk.
Let's walk through some of the most common points of confusion to help you feel more confident about what’s expected of you.
Does SIRS Apply Directly to Me in Private Practice?
This is a big one. While the mandatory SIRS legislation is specifically for Commonwealth-funded aged care providers, its principles have become the unofficial gold standard for managing serious incidents across the entire health sector. AHPRA and the PsyBA now expect all psychologists to have solid systems for identifying, managing, and, importantly, learning from incidents that cause harm.
Think of it this way: adopting a SIRS-aligned approach is now just good professional risk management. If your practice were ever to be reviewed, being able to show a structured process modelled on these principles is a powerful way to demonstrate your commitment to client safety.
What Is the Difference Between a Clinical Error and a Reportable Incident?
This distinction is absolutely critical. A clinical error—maybe a misjudgement in your therapeutic approach or a failure to build rapport as effectively as you'd hoped—is usually a matter for reflective practice and professional supervision. It’s a normal, if sometimes uncomfortable, part of clinical learning and growth.
A 'reportable incident' under SIRS principles, however, is on a completely different level. It meets a much higher threshold of harm.
The key difference is the nature and impact of the act or omission, especially when it involves abuse, neglect, or causes significant harm that requires further treatment or intervention.
For example, struggling with a client's resistance is a clinical issue to work through in supervision. In contrast, using demeaning language that causes a client severe psychological distress crosses a line. That’s not a clinical error; it’s emotional abuse and becomes a serious incident.
Who Is Responsible for Reporting If I Contract to Another Organisation?
If you’re a psychologist contracting your services to an NDIS or aged care provider, the short answer is that responsibility is shared, but your immediate duties are clear.
As the practitioner who witnessed or became aware of the incident, you have an immediate ethical and contractual duty to report it internally to the provider. The provider organisation then holds the legal obligation to make the formal report to the relevant commission (like the ACQSC or NDIS Commission).
However, your job doesn't end with sending that internal email. For more on how this plays out in different scenarios, have a look at our frequently asked questions section.
Your own detailed, contemporaneous documentation of the incident and the exact steps you took to report it is vital. This independent record is your evidence that you met your professional obligations. It protects you, regardless of how the provider proceeds with their own mandatory reporting duties.
PracticeReady helps you embed these processes into your workflow, ensuring your supervision, CPD, and incident documentation are always organised and audit-ready.
Drafted with Outrank app
