Restrictive Practices Register: Legal Requirements for NDIS Providers

NDIS providers who implement regulated restrictive practices are required to maintain accurate records of every instance of use and report this data to the NDIS Quality and Safeguards Commission monthly. A restrictive practices register is the document that captures this information — and it is one of the first things a Commission auditor will request.

The Law: What You Must Do

Under the NDIS (Restrictive Practices and Behaviour Support) Rules 2018, providers must:

Non-compliance can result in enforcement action, fines, suspension or cancellation of registration.

What Is a Regulated Restrictive Practice?

Under the National Disability Insurance Scheme (Restrictive Practices and Behaviour Support) Rules 2018, five categories of restrictive practice are regulated:

• Seclusion
• Chemical restraint
• Mechanical restraint
• Physical restraint
• Environmental restraint

Any provider implementing one or more of these must have a register. The register covers every participant for whom a restrictive practice is used — even if it is a single participant, even if it is used infrequently.

What Must Be Recorded in the Restrictive Practices Register?

There is no single prescribed template, but the following 11 items must be captured for every instance of restrictive practice use:

IMPORTANT: Entries must be made as soon as practicable after the restrictive practice is used. Do not leave blank spaces — if an item is not applicable, enter "N/A" and explain why.

What Must the Register Include?

Per Participant

• Participant name and NDIS number
• The type(s) of restrictive practice in use
• The authorisation reference — the state/territory approval document, tribunal order, or equivalent
• The authorisation expiry date
• The name of the behaviour support practitioner and the date the current behaviour support plan was approved
• The reduction plan goals and target dates

Per Instance of Use

• Date and time of the restrictive practice
• Duration
• Type of restrictive practice used
• Reason/trigger — what behaviour of concern occurred
• Worker who implemented the practice
• Any injuries or adverse outcomes
• Whether the instance was reported as part of monthly Commission reporting
• Any post-incident follow-up or debrief conducted

Record Keeping Requirements

• Keep the register for 7 years after the last entry — longer for records relating to participants who were children at the time
• Ensure entries are legible, secure and confidential — digital registers with access controls are strongly recommended
• Keep records in a way that protects personal information — in line with privacy legislation
• Make the register available to the NDIS Commission when requested — at any time, not just during scheduled audits

Best Practice: The Restrictive Practices Process

1. 1Assess and Plan — Assess risks and develop positive behaviour support strategies in the behaviour support plan before any restrictive practice is considered
2. 2Prevent and Support — Use proactive strategies and supports to prevent behaviours of concern where possible — restrictive practices are always the last option
3. 3Last Resort — Use restrictive practice only as a last resort in line with the law and the behaviour support plan, with valid authorisation in place
4. 4Record — Record all 11 required items in the restrictive practices register as soon as practicable after each use
5. 5Review and Improve — Review incidents, outcomes and strategies regularly to reduce the need for restrictive practices and demonstrate a declining trend

Monthly Reporting to the NDIS Commission

Providers who use regulated restrictive practices must submit a monthly report to the Commission via the provider portal (myplace). This report must be submitted even if no restrictive practices were used that month — a nil report is still required. The report covers:

• Each participant for whom restrictive practices were used or are authorised
• The frequency and type of restrictive practice used
• Any incidents associated with restrictive practice use
• Progress against the reduction plan

Failure to submit monthly reports is one of the most common compliance breaches identified by the Commission. It is a civil penalty offence. Providers with multiple missed reports face escalating enforcement action.

Authorisation Requirements by State and Territory

Authorisation for regulated restrictive practices is a state and territory responsibility, not a Commonwealth one. Each jurisdiction has its own legal framework:

• NSW: Guardianship Tribunal or NSW Civil and Administrative Tribunal (NCAT)
• VIC: Victorian Civil and Administrative Tribunal (VCAT) or Senior Practitioner
• QLD: Queensland Civil and Administrative Tribunal (QCAT) or Public Guardian
• SA: South Australian Civil and Administrative Tribunal (SACAT) or Public Advocate
• WA: State Administrative Tribunal (SAT) or Public Advocate
• ACT: ACT Civil and Administrative Tribunal (ACAT)
• TAS: Guardianship and Administration Board
• NT: Northern Territory Civil and Administrative Tribunal (NTCAT)

Your register must reference the specific authorisation document from the relevant body — a general notation that the practice is 'approved' without a formal authorisation reference is not compliant.

What Auditors Look For

When a Commission auditor reviews your restrictive practices register, they check:

• Is the register current? Does it reflect all participants currently receiving supports involving restrictive practices?
• Is every authorisation on file and current — not expired?
• Are monthly Commission reports consistent with the register — same participants, same practice types?
• Are instances of use documented individually, or just as a monthly summary?
• Are incidents involving restrictive practices cross-referenced with incident reports?
• Is there a documented reduction trajectory — are restrictive practice rates declining over time?

Quick Compliance Checklist

• Register in place and maintained for each participant
• All 11 required items of information recorded for every instance
• Entries made as soon as practicable — no delayed or retrospective entries
• Authorised and trained workers only implementing restrictive practices
• Least restrictive option used and documented as such
• Register stored securely with access restricted to authorised personnel
• Records kept for 7 years (or longer for child participants)
• Register available to NDIS Commission on request at any time

Common Risks to Avoid

• Not keeping a separate register for each participant — one combined register for multiple participants is not compliant
• Missing or incomplete information — blank fields and vague entries are audit findings
• Late or missing entries — recording must happen as soon as practicable, not at the end of the week
• Using restrictive practices without authorisation or by untrained workers — both are reportable incidents
• Not reviewing behaviour support strategies — a register without a reduction trend demonstrates no improvement effort
• Not keeping records for 7 years — early destruction of records is a compliance breach even if unintentional

Emergency and Unplanned Restrictive Practice Use

Sometimes workers need to use a restrictive practice in an emergency before authorisation is obtained. This is permitted under the NDIS rules in limited circumstances, but it triggers additional obligations:

• The incident must be reported to the Commission as a reportable incident within 24 hours
• The provider must apply for authorisation immediately — emergency use cannot continue beyond the acute situation
• A behaviour support practitioner must be involved immediately to develop or update the behaviour support plan
• The use must be recorded in the register with a specific notation that it was unplanned emergency use

Record Retention

NDIS providers must retain records related to restrictive practices for a minimum of 7 years. For records relating to children, retention extends until the person turns 25. These records must be available to the Commission on request.