Healthcare Compliance Checklist for Small Practices

Running a small healthcare practice in Australia means operating under an unusually dense web of regulatory requirements. Privacy law, AHPRA registration, Medicare, WHS, employment law, tax, and sometimes state-specific health legislation — the obligations come from multiple directions and change regularly. For broader privacy reform context, see our dedicated guide.

This checklist consolidates the key compliance requirements for small healthcare practices in one place. Use it to assess your current compliance status and identify gaps.

---

Part 1: Privacy Compliance (Privacy Act / APPs)

• [ ] Privacy Policy is current, accessible on website, and available at reception
• [ ] Patient consent forms capture required privacy notifications (purpose, use, disclosure)
• [ ] Patient information is collected only for legitimate healthcare purposes
• [ ] Electronic patient management systems are password protected and access controlled
• [ ] Paper records are stored securely
• [ ] Patient data is not disclosed to third parties without consent except as permitted by law
• [ ] Staff are trained on privacy obligations and the practice's Privacy Policy
• [ ] A data breach response plan exists and has been reviewed by staff
• [ ] Patient record retention periods are observed (generally 7 years for adults, until age 25 for minors)
• [ ] Patient access requests are responded to within a reasonable time and without excessive charge
• [ ] Telehealth platforms used are assessed for privacy and data security adequacy

---

Part 2: AHPRA and Professional Registration

• [ ] AHPRA registration is current for all registered practitioners in the practice
• [ ] Registration renewal dates are tracked with 60-day advance reminders
• [ ] CPD requirements for each profession are known and practitioners are supported to meet them
• [ ] Mandatory notification procedure is documented and staff who need to know understand it
• [ ] Advertising and marketing materials comply with National Law advertising requirements (no testimonials, no misleading claims)
• [ ] Supervision arrangements are in place for practitioners who require supervision
• [ ] Employment contracts reference ongoing AHPRA registration as a condition of employment

---

Part 3: Medicare Compliance

• [ ] Medicare provider numbers are correct for each practitioner and location
• [ ] Claims are made only for services that were actually provided, by an eligible provider, to an eligible patient
• [ ] Bulk billing records are maintained (assignment of benefit forms)
• [ ] Medicare compliance review processes are in place (internal review of billing patterns)
• [ ] Any Medicare benefit incorrectly received has been reported and repaid

---

Part 4: Work Health and Safety

• [ ] WHS management system covers healthcare-specific hazards (sharps, biohazards, manual handling, violence/aggression)
• [ ] Sharps injury procedures documented and waste disposal compliant
• [ ] Biohazard management procedures in place (handling blood and body fluids)
• [ ] Staff vaccination requirements assessed (influenza, hepatitis B, etc.) per state health department requirements
• [ ] Manual handling hazards assessed and controls implemented
• [ ] Infection control procedures current and documented
• [ ] Staff trained in emergency procedures (medical emergency, evacuation)
• [ ] Workers compensation insurance current for all employees
• [ ] Psychosocial hazards assessed (patient aggression, high workload, fatigue)

---

Part 5: Employment Law

• [ ] All staff have written employment contracts
• [ ] Applicable award confirmed (Health Professionals and Support Services Award 2020 covers many allied health workers)
• [ ] Classification levels correctly assigned and pay rates at or above award minimums
• [ ] Casual Employment Information Statement provided to casual employees
• [ ] Fair Work Information Statement provided to all new employees
• [ ] Super paid at 12% on ordinary time earnings and on time
• [ ] Pay slips issued within one working day of each pay period
• [ ] Records maintained for 7 years

---

Part 6: Tax and Payroll

• [ ] ABN and GST registration current
• [ ] BAS lodged on time
• [ ] STP Phase 2 configured and active
• [ ] Medical practices that bulk bill may have specific GST treatment issues — confirm with your accountant
• [ ] Payroll Tax registration and compliance (if applicable — threshold varies by state)

---

How Often to Review

Daily: Patient record security, staff compliance with privacy procedures

Monthly: BAS, STP reporting

Quarterly: WHS hazard review, super payments (until June 2026)

Annually: AHPRA registration renewals (per practitioner renewal dates), Privacy Policy review, Medicare billing pattern review, employment award rate update (1 July), workers comp renewal

---

How Reguladar Helps

Reguladar gives healthcare practice owners a single compliance dashboard tracking all their obligations — privacy, AHPRA, employment, tax, and WHS — in one place. See also our small business compliance checklist for universal obligations.

Get your personalised healthcare compliance dashboard at Reguladar →

This checklist is general information only. Requirements vary by profession and state. Seek professional advice.