Audio Coursesby JellypodLesson 07 of 14
Overview
Will, EnableUs Community: Hey everyone, welcome back to the EnableUs Community podcast. I’m Will, and I’m here with Winter. Today we’re diving into something that, honestly, every NDIS provider needs to get right—storing records safely and legally. It’s not the flashiest topic, but it’s absolutely critical.
Winter, EnableUs Community: Yeah, and it’s one of those things where, if you get it wrong, the consequences can be huge. I mean, we’re talking about people’s most sensitive information—service agreements, assessments, incident reports, all that. The Privacy Act 1988 and the NDIS Practice Standards are really clear: you have to keep this stuff confidential and secure. No shortcuts.
Will, EnableUs Community: Exactly. And it’s not just about ticking a box for compliance, right? It’s about trust. If participants don’t feel like their info is safe, that trust is gone. And once you lose it, it’s so hard to get back.
Winter, EnableUs Community: Totally. I actually worked with a small provider last year—lovely team, but they didn’t realise how much damage a data breach could do. They had a minor incident, nothing malicious, but word got out and suddenly participants were calling, asking if their details were safe. It took months to rebuild that trust. It’s not just about the law, it’s about your reputation and your relationships.
Will, EnableUs Community: Yeah, and the types of records we’re talking about—service agreements, support plans, progress notes, incident reports—they’re all packed with personal info. If you’re not careful, it’s not just a legal issue, it’s a people issue.
Winter, EnableUs Community: And honestly, a lot of the mistakes we see are totally avoidable. Like, people still share files over email without encryption, or leave paperwork out on their desks. Or, and this one drives me a bit mad, they forget to revoke access when staff leave. It’s such an easy thing to miss, but it’s a massive risk.
Will, EnableUs Community: Yeah, or using shared logins. I remember my first audit with a provider who was still using paper files—like, actual filing cabinets. It was a nightmare. They had no idea who accessed what, and when they started moving to digital, they just gave everyone the same password. I mean, I get it, it feels easier, but it’s a recipe for disaster. If something goes wrong, you can’t trace it back to anyone.
Winter, EnableUs Community: Exactly. And there are real examples out there—NDIS providers who’ve had breaches because someone used a shared account, or because they didn’t lock up paper files. It’s not just theory, it happens. And the fallout can be pretty rough, both for the business and for the people whose info gets out.
Will, EnableUs Community: And it’s not just about digital stuff, either. Like, leaving a folder on your desk while you duck out for a coffee—if someone snaps a photo or just has a peek, that’s a breach. It sounds simple, but it’s so easy to slip up if you’re not thinking about it all the time.
Winter, EnableUs Community: Yeah, and I think sometimes people get overwhelmed and just stick with what they know, even if it’s not secure. But honestly, a few small changes can make a huge difference.
Will, EnableUs Community: So, let’s talk about what you can actually do to get this right. First step—do an audit. Just take a look at what you’re doing now. Where are the gaps? Are you still using paper? Are your digital files protected? It doesn’t have to be a massive overhaul all at once.
Winter, EnableUs Community: Yeah, and you can start small. Like, enable two-factor authentication on your accounts. It’s a pain for about five minutes, but it adds a whole extra layer of security. Or set up role-based access—so only the people who need to see certain files can actually get to them. No more “everyone has access to everything” situations.
Will, EnableUs Community: And when it comes to storage, there are some good options out there. Encrypted cloud platforms like Google Drive or OneDrive are solid, as long as you set them up right. But if you want something built for NDIS, there are CRMs like Lumary and Brevity that have secure document management baked in. I mean, I’m not saying you have to use those, but they do make compliance a bit easier.
Winter, EnableUs Community: And don’t forget about backups. I know it sounds boring, but regular backups are a lifesaver if something goes wrong—like, if your laptop dies or you get locked out. Set up automatic backups if you can. And for busy teams, a clear folder structure is honestly a game changer. Like, folders by participant, by year, by document type. It saves so much time and stops things getting lost.
Will, EnableUs Community: Yeah, and naming files properly—like, “ParticipantNameServiceAgreement2024” instead of “scan123”—makes it so much easier to find stuff later. It’s the little things that add up.
Winter, EnableUs Community: So, if you’re listening and feeling a bit overwhelmed, just remember—you don’t have to do it all at once. Start with one thing, like updating your passwords or setting up two-factor authentication, and build from there. Every step you take makes your system safer and your participants more protected.
Will, EnableUs Community: Absolutely. And if you’re not sure where to start, just do a quick audit and pick one thing to improve. It’s all about progress, not perfection. We’ll keep bringing you tips and stories from the field, so stay tuned for more episodes.
Winter, EnableUs Community: Thanks for joining us today. Will, always good to chat. And thanks to everyone listening—take care of those records, and we’ll catch you next time.
Will, EnableUs Community: Thanks Winter, and thanks everyone. See you next episode!
