Serious Incident Response Scheme: Enhanced 
protections for those who disclose reportable incidents

Rebecca Barr, Partner

Peter Myhill, Consultant

Helena Errey-White, Solicitor

In connection with the Serious Incident Response Scheme, from 1 April 2021 the Aged Care Act 1997 provides stronger protections for a person who discloses a reportable incident.


On 1 April 2021 the Serious Incident Response Scheme (Scheme or SIRS) commenced. This Scheme introduces a new, more extensive reporting scheme for residential aged care providers. To accompany that Scheme, the Aged Care Act 1997 has been amended to provide greater protection to people who make disclosures about reportable incidents. This article provides an overview of the enhanced protections for those who make a disclosure.


The enhanced protections commenced on 1 April 2021 together with the SIRS.

The enhanced protections will operate to protect a person who makes a disclosure on or after 1 April 2021 where the person has reasonable grounds to suspect that a reportable incident occurred either:

  • on or after 1 April 2021; or
  • between 1 January 2020 to 31 March 2021 (we note the new definition of 'reportable incident' will apply, rather than the previous 'reportable assault' definition, to disclosures on or from 1 April 2021 about incidents during this period).

For a person who made a disclosure before 1 April 2021 about a reportable assault, the previous protections under section 96-8 will continue to apply.

Who is protected?

The following persons are eligible for protection under the new regime:

  • a current or former approved provider or a current or former key personnel, staff member* or volunteer of the approved provider; or
  • a current or former resident or family member of the resident, a current or former carer, representative or advocate of the resident or another person who is significant to the current or former resident

(referred to as disclosers).

*staff member means an individual who is employed, hired, retained or contracted by the approved provider (whether directly or through an employment or recruiting agency) to provide care or other services.

Requirements for the disclosure to be protected

In order for the discloser to be protected, the disclosure needs to be made to one of the following:

  • the Commission;
  • the approved provider or a key personnel or staff member of the approved provider or another person authorised by the approved provider to receive reports of reportable incidents;
  • a police officer; or
  • a person prescribed by the Quality of Care Principles 2014.

There are also three other requirements that need to be met for the disclosure to qualify for protection. These additional requirements are:

  • the discloser needs to provide their name to the person they make the disclosure to, before making the disclosure;
  • the discloser needs to have reasonable grounds to suspect that the information indicates a reportable incident has occurred; and
  • the discloser needs to make the disclosure in good faith.

Reportable incident

For disclosures from 1 April 2021, the relevant term is 'reportable incident', which replaces the term 'reportable assault'. It is disclosures about reportable incidents that can qualify for protection. The term 'reportable incident' considerably broadens the range of incidents about which disclosures can qualify for protection.

Reportable incidents are the following incidents that have occurred, or are alleged or suspected to have occurred, to a resident in connection with the provision of care:

  • unreasonable use of force;
  • unlawful sexual contact or inappropriate sexual conduct;
  • psychological or emotional abuse;
  • unexpected death;
  • stealing or financial coercion (only by a staff member of the provider);
  • neglect;
  • unauthorised and unlawful use of physical or chemical restraints; and
  • unexplained absences from the facility.

Reportable incidents include incidents that have been perpetrated by a person who is not a staff member of the provider (except for stealing and financial coercion), for example, another resident, a volunteer or a visitor. Relevant to this, the scope of reportable incidents has been broadened under the SIRS to include incidents committed by a resident with a mental or cognitive impairment. Previously, such incidents were not required to be reported even if they would otherwise have constituted a reportable assault.

What protection is provided?

If the discloser satisfies the requirements for protection discussed above, there are a number of protections available to the discloser.

No civil or criminal liability

The discloser is protected from any civil or criminal liability for making the disclosure. However, the discloser may still be civilly or criminally liable for his or her conduct that may be revealed by the disclosure.

Termination of contract

No contractual or other remedy may be enforced or exercised against the person on the basis of the disclosure. For example, a contract the person is a party to cannot be terminated on the basis that the disclosure breaches the contract. In the case of an employment contract, if a provider sought to terminate a staff member on this basis, a court may order the discloser to be re‑employed or compensated.


The discloser has protections in respect of a defamation case arising from the disclosure. This includes qualified privilege, which is a defence in a defamation case, and a protection from being liable if the discloser did not act with ill will or any other improper motive.


The discloser also has protection from victimisation. Victimisation is where a person either:

  • causes the discloser detriment intentionally because of the disclosure made; or
  • threatens (expressly or implicitly, conditionally or unconditionally) to cause the discloser detriment with the intention to cause fear that the threat will be carried out (including where the person is reckless as to causing that fear) because the discloser has, or may, make a disclosure.

If a discloser is victimised they are able to claim compensation for any damage they suffered because of the victimisation.

Responsibilities of providers

Providers have the following relevant responsibilities:

  • as far as reasonably practicable, to ensure staff who make a disclosure of information that qualifies for protection:
    • do not suffer consequences under a contract on the basis of the disclosure (eg contract of employment);
    • are not victimised (including by other staff or contractors (eg agencies));
  • to take reasonable measures to protect the identity of a person who reports a reportable incident, including ensuring the person who received the disclosure on behalf of the provider does not disclose their identity (we note that identifying the person to certain bodies/persons is permitted (eg the Commission, a key personnel, a police officer or a person/authority/court to whom the provider is legally required to disclose the identity)).


This briefing provides a high level overview of the enhanced protections for people who disclose reportable incidents. If you require any legal advice in relation to the effect the legislation has upon you or your organisation we would be happy to assist you.

...With the introduction of the Serious Incident Response Scheme the protections for persons who disclose reportable incidents has been enhanced...

Download PDF

Rebecca Barr

Rebecca Barr

Peter Myhill

Peter Myhill

Helena Errey-White

Helena Errey-White