Privacy and Dignity: NDIS Provider Rights and Responsibilities


Published: 09 August 2021

Providers of National Disability Insurance Scheme (NDIS) services, as with all other healthcare organisations, are bound by law to keep the medical records and health information of their clients safe and private.

There is an inherent vulnerability in seeking healthcare. A visit to a clinic can involve removing clothing, being prodded, scanned and possibly photographed. When receiving personal care, it might mean having another person undress, wash and shower you.

Through all of this, the NDIS participant trusts that the workers caring for them have their privacy and dignity in mind. Any breach of this privacy will justifiably upset the participant and could result in them taking legal action against the worker/or the provider (RCNI 2016).

Privacy and Dignity in the NDIS Practice Standards

Privacy and dignity is a requirement of the NDIS Practice Standards under Core Module 1: Rights and Responsibilities.

This Practice Standard aims to ensure that NDIS participants receive supports that respect their dignity and right to privacy (NDIS 2020).

NDIS providers must meet the following quality indicators:

  • Providers implement consistent policies and procedures that respect and protect participants’ personal privacy and dignity
  • Participants are informed of confidentiality policies. This information is delivered using the language, mode of communication and terms that participants are able to understand
  • Participants understand and agree upon personal information that may be collected, and for what purposes. This might include recorded audio or visual material.

(NDIS 2020)


Participants, or a nominated individual, can make the decision to give staff access to the participant’s health records or to withhold them.

While this is optional, giving healthcare staff access to this information will help them to provide the best care possible. However, workers are required to protect participants’ privacy and confidentiality (Better Health Channel 2015).

Note: a person always maintains a right to access their own medical records.

Health and Personal Information About NDIS Participants

health information files on shelf
Any breach of privacy will justifiably upset the participant and could result in them taking legal action against the worker/or the provider.

Health information is any information regarding a person’s health or disability, and any information that relates to a health service they have received or will receive (Better Health Channel 2015).

The NDIS and NDIS providers may collect and access participants’ health information, as well as other personal information if it is ‘reasonably necessary’ for them to do so in order to perform their role. This information might include:

  • Name, contact details, date of birth and age
  • Gender
  • Health details (e.g. physical health, mental health, any disabilities)
  • Support requirements
  • Names, contact details and addresses of guardians and nominees
  • Centrelink Customer Reference Number (CRN)
  • Feedback or complaints about services
  • Bank details
  • Employee records.

(NDIA 2021)

Disclosure of Information

In some cases, the NDIS might need to disclose a participant’s personal information. Where possible, this information will be de-identified before disclosure. Examples of when disclosure may occur include:

  • The participant consenting to have their information disclosed
  • The NDIS referring a participant to an external provider
  • Disclosure being necessary in order to deliver the NDIS
  • Disclosure being required under law
  • Disclosure being necessary in order to prevent or reduce a serious and immediate threat to someone’s life
  • Disclosure being necessary in order to prevent or reduce a threat to public safety
  • Disclosure being required as part of an internal complaints investigation
  • The NDIS engaging a contractor that requires personal information in order to perform required services
  • Data sharing or data integration with Australian Government agencies.

(NDIA 2021)

Laws may differ by State and there are certain exemptions that may apply in law enforcement situations and in a court of law. Keep in mind, health information privacy laws only apply rights to people who are living (Better Health Channel 2015).

Person-Centred Care

Read: Person-Centred Supports: NDIS Rights and Responsibilities

Privacy and dignity are guiding principles of person-centred care. The provision of effective, person-centred care hinges upon the following:

  • Clear respect for participants’ values, preferences and expressed needs
  • Coordination and integration of care
  • Information, communication and education
  • Physical comfort
  • Emotional support and attempts to alleviate fear and anxiety
  • Involvement of family, friends and carers
  • Transition and continuity
  • Access to care.

(SA Health 2014)

Participant Dignity

Beyond communication, workers should be mindful of the steps they take to ensure participants’ privacy and modesty are protected, e.g. closing screens, making sure participants are covered and keeping their voice down when discussing private and personal issues (RCNI 2008).

This may also mean carrying out self-care tasks such as bathing, dressing and feeding with sensitivity.

Respect for the Values and Preferences of Participants

Ways to let participants know that their preferences matter could include:

  • Ensuring gender accommodation is available, or when not possible, providing participants with support and safety needs in a mixed-gender environment
  • Ensuring that workers introduce themselves and explain their role to participants
  • Asking participants what name they prefer to be called
  • Identifying people such as carers, family or friends, in conjunction with participants
  • Showing an awareness of different views, beliefs, cultures and languages
  • Considering participants’ preferences in all decision-making and goal setting for care and treatment
  • Providing person-centred care
  • Ensuring participants are treated with dignity and respect and showing sensitivity towards their cultural values and needs
  • Keeping participants informed and involving participants, family and/or carers in decision-making
  • Maintaining participants’ privacy
  • Being respectful of participants’ religious or faith traditions, and ensuring that interpreters and cultural, religious or faith supports are available if needed.

(SA Health 2014)

An easy way to reassure participants that their privacy and dignity are being taken into consideration is to involve them as much as possible in their care.

Participants will want to know who is looking after them, when, why and how. Maintaining ongoing discussion with participants is essential (SA Health 2014).


Test Your Knowledge

Question 1 of 3

True or false: There are situations where a provider can use or share a patient’s health information without their consent.


educator profile image
Ausmed View profile
Ausmed’s editorial team is committed to providing high-quality, well-researched and reputable education to our users, free of any commercial bias or conflict of interest. All education produced by Ausmed is developed in consultation with healthcare professionals and undergoes a rigorous review process to ensure the relevancy of all healthcare information and updates to changes in practice. If you have identified an issue with the education offered by Ausmed or wish to submit feedback to Ausmed's editorial team, please email with your concerns.