Client incident management system (CIMS) frequently …providers.dhhs.vic.gov.au/.../2018-07/...service-provider… · Web viewWhen a service provider is using their own IT system

Frequently asked questionsClient incident management system (CIMS)(July 2018)

ContentsSection 1 – Introduction........................................................................................................................................... 5Section 2 – New questions....................................................................................................................................... 6CIMS policy................................................................................................................................................................. 6

2.1 What is ‘during service delivery’?.................................................................................................................62.2 Additional guidance regarding ‘during service delivery’ in community mental health services......................72.3 Additional guidance regarding ‘during service delivery’ in specialist family violence service providers................................................................................................................................................................ 72.4 Additional guidance regarding ‘during service delivery’ in alcohol and drug service providers.....................72.5 Additional guidance regarding ‘during service delivery’ in lead tenant..........................................................82.6 Additional guidance regarding ‘during service delivery’ in transitional housing management.......................82.7 How is the impact on clients assessed?.......................................................................................................82.8 How do we determine impact for absent clients?.........................................................................................92.9 How do we determine impact for dangerous actions taken by the client?....................................................92.10 How do we determine impact for medication errors?..............................................................................102.11 If a client is absent (as defined under CIMS) and as a result of their absence has missed prescribed medication that the service provider is responsible for administering, does this need to be reported?............................................................................................................................................................. 102.12 If an incident has two incident types, which one should be reported as the primary incident type vs the secondary incident type?........................................................................................................................... 112.13 When do service providers consult with child protection regarding a client incident in out-of-home care?.......................................................................................................................................................... 112.14 Who is responsible for reporting an incident when the client is both the client of funded organisation/NDIS provider and a department-delivered service?.......................................................................112.15 Do we need to conduct a case review if the screening for investigation results in ‘no further action’ or ‘monitoring and support required’?.......................................................................................................122.16 What outcomes get substantiated as a result of a CIMS investigation?..................................................132.17 Does the department receive the case review outcome report?.............................................................142.18 Can my organisation use its own investigation/review template?............................................................152.19 Can the authority of the service provider’s chief executive officer be delegated?...................................152.20 Does the Responding to allegations of physical and sexual abuse policy still apply under CIMS?.........152.21 Do the Guidelines for responding to quality of care concerns in out-of-home care still apply under CIMS?........................................................................................................................................................ 15

CIMS monitoring and oversight................................................................................................................................. 162.22 Why is my incident/follow-up/outcome being ‘withdrawn’ by the department?........................................162.23 How quickly should I resubmit an incident after it has been withdrawn by the department?...................16

Parallel processes..................................................................................................................................................... 172.24 What information is provided to oversight bodies?..................................................................................172.25 What access do oversight bodies have to investigation outcome reports?.............................................182.26 Are section 81 and section 82 processes still in place?..........................................................................192.27 Are incident reports used to notify the Commission for Children and Young People about the death of a current or former child protection client?.............................................................................................19

Support for service providers for implementation of CIMS........................................................................................19

2.28 Can the CIMS helpline provide practice advice?.....................................................................................192.29 Can the CIMS helpline provide assistance for organisations using their own IT system / CIMS Application Program Interface (API)?................................................................................................................... 192.30 Can the CIMS helpline assist with eBusiness issues?............................................................................192.31 What happens if the CIMS helpline can’t resolve my query?..................................................................202.32 Can the CIMS helpline see what I see in my organisation’s CIMS IT?....................................................20

CIMS IT..................................................................................................................................................................... 202.33 Why does the system time out when I am working on it?........................................................................202.34 Are there mandatory fields for organisations using their own IT system / CIMS Application Program Interface (API)?..................................................................................................................................... 202.35 What status descriptions does the CIMS IT use?....................................................................................202.36 Should a manager identify a client, staff member or other person in the ‘brief summary of the incident’ field?...................................................................................................................................................... 212.37 Is it possible to initiate an incident follow-up action prior to approval of the incident report?...................212.38 How do I request an extension of due date for a CIMS investigation or review?.....................................212.39 What happens if I select ‘restricted access’ on an incident report?.........................................................212.40 What is the difference between the address details that I need to provide in the incident report?..........222.41 When can I resubmit non-major impact incidents if they have been withdrawn by the department?......................................................................................................................................................... 222.42 Do I need to save the incident report (department-built client incident register)?....................................222.43 Can an organisation submit more documents for an outcome that has already been submitted?..........222.44 How can I tell if my organisation is onboarded to CIMS IT?....................................................................232.45 Can an already approved incident report, follow-up recommendation or outcome be withdrawn?..........232.46 My organisation is not onboarded/registered yet to the CIMS application. How can we report an incident?.............................................................................................................................................................. 232.47 An organisation is having trouble accessing its client incident register. Can they report outside of the system via the one-off direct submission link?...............................................................................................232.48 Who is responsible for updating service providers’ user details in the CIMS client incident register?............................................................................................................................................................... 232.49 What is the CIMS Application Program Interface (API)?.........................................................................23

Section 3 – What is the new CIMS?....................................................................................................................... 253.1 What is the new CIMS?.................................................................................................................................. 253.2 Scope.............................................................................................................................................................. 26

3.2.1 How can I tell if my organisation is in scope for CIMS?...........................................................................263.2.2 CIMS in-scope services.......................................................................................................................... 263.2.3 Community health services – not in scope for CIMS...............................................................................283.2.4 Consortia................................................................................................................................................. 28

Section 4 – Phased implementation...................................................................................................................... 294.1 Implementation of CIMS for in-scope funded organisations or NDIS providers..............................................294.2 Implementation of CIMS in department-delivered services.............................................................................294.3 Interim monitoring and oversight teams..........................................................................................................29

Section 5 – Monitoring and oversight................................................................................................................... 305.1 What happens if a service provider submits a paper-based incident report from 15 January 2018?..............305.2 What happens if an incident report is submitted by a department-delivered service but relates to an alleged incident that occurred during service delivery at a service provider?............................................................305.3 What happens if an incident report is submitted by a funded organisation but relates to an alleged incident that occurred in a department-delivered service?........................................................................................305.4 If there are multiple organisations providing a service for a client, who is required to submit the report?...................................................................................................................................................................... 315.5 If the allegation is about a labour hire agency staff member, who is responsible for the reporting and management of the incident?.................................................................................................................................... 315.6 What is the role of Agency Performance and System Support under the interim monitoring and oversight arrangement?............................................................................................................................................ 31

5.7 What is the role of child protection during the interim monitoring and oversight arrangements?....................315.8 What is the role of Disability Client Services during the interim monitoring and oversight arrangements?.......................................................................................................................................................... 32

Section 6 – Management of events not in scope for CIMS..................................................................................336.1 What is the process to manage alleged privacy breaches for funded organisations or NDIS providers that do not have a direct impact upon a client?.........................................................................................................33

6.1.2 How will the department ensure that privacy of information is assured?.................................................336.2 What about incidents that do not have an impact upon a client but affect staff or carers?..............................33

Section 7 – Parallel processes............................................................................................................................... 357.1 How will incidents that meet the threshold for reportable conduct be notified to the Commission for Children and Young People?.................................................................................................................................... 357.2 How will an s. 81 or s. 82 referral for independent investigation and Suitability Panel be managed during the interim period?......................................................................................................................................... 35

Section 8 – The policy............................................................................................................................................ 368.1 How can I find out about the details of the policy?..........................................................................................368.2 Does the Client incident management guide supersede the Responding to allegations of physical and sexual abuse guidelines?.......................................................................................................................................... 368.3 Incident identification and response................................................................................................................36

8.3.1 What is new in relation to incident identification and response?.............................................................368.4 Incident reporting............................................................................................................................................ 36

8.4.1 What is new in relation to incident reporting?..........................................................................................368.4.2 Will the way that service providers report and submit incident reports change?.....................................368.4.3 Are there changes to the way incidents are categorised?.......................................................................378.4.4 How will CIMS ensure impact is assessed appropriately?......................................................................378.4.5 Are there changes to incident types?......................................................................................................378.4.6 Is it possible to map the new incident types to compare them against the current incident types?.........388.4.7 Will any type of incidents from the existing incident reporting system no longer be reported?................388.4.8 Are there changes to reporting timeframes?...........................................................................................388.4.9 Will client incident reports be de-identified in CIMS?..............................................................................38

8.5 Incident investigation...................................................................................................................................... 388.5.1 What is new in relation to investigations?...............................................................................................388.5.2 Are all service providers expected to conduct CIMS investigations?......................................................398.5.3 When is an external investigation required?...........................................................................................398.5.4 Are there changes to investigation timeframes?.....................................................................................39

8.6 Incident reviews.............................................................................................................................................. 398.6.1 What is new in relation to incident reviews?............................................................................................398.6.2 Are all service providers expected to lead CIMS reviews?......................................................................40

Section 9 – Role of the department....................................................................................................................... 419.1 The role of the department in monitoring and oversight..................................................................................41

9.1.1 How will the department’s divisional office respond to service providers’ new reporting timeframes?......................................................................................................................................................... 41

Section 10 – Transition to CIMS............................................................................................................................ 4210.1 What role does quality of care have in the context of CIMS?.....................................................................4210.2 What role do Quality of support review guidelines have in the context of CIMS?.......................................4210.3 National Disability Insurance Scheme........................................................................................................42

10.3.1 What does this reform work mean in the context of the National Disability Insurance Scheme?.........4210.4 Other funding sources................................................................................................................................ 42

Section 11 – Supports for service providers for implementation of CIMS.........................................................4311.1 Learning and development......................................................................................................................... 4311.2 Helpline support service............................................................................................................................. 4311.3 Toolkit......................................................................................................................................................... 43

Section 12 – CIMS IT............................................................................................................................................... 4412.1 CIMS IT overview....................................................................................................................................... 4412.2 How will I submit client incident information?..............................................................................................4412.3 What will happen to fax transmission of client incidents for Human Services programs?...........................4412.4 Are service providers going to have to modify or update their current IT systems?....................................4412.5 Where can we find out more information about CIMS API?........................................................................4512.6 What is the CIMS webform?....................................................................................................................... 4512.7 What is the CIMS CIR?............................................................................................................................... 4512.8 How will my team learn how to use the CIMS webform and CIR?..............................................................4512.9 How do we get access to the department-built CIR?..................................................................................4512.10 What do we do if we don’t have a CIR capable of transmitting incident information via the CIMS API? 4512.11 What if my organisation’s technology system is not ready in time for the CIMS implementation?..................45

Section 13 – More information............................................................................................................................... 4613.1 Where do I find more information?..............................................................................................................46

Appendix 1: CIMS monitoring and oversight checklists.....................................................................................47Appendix 2: CIMS IT status descriptions..............................................................................................................58Appendix 3: CIMS addresses................................................................................................................................. 62

Section 1 – IntroductionThe Department of Health and Human Services (the department) has developed a new client incident management system (CIMS) to manage client incidents. The purpose of these frequently asked questions (FAQs) is to help department-funded organisations, Victorian-approved National Disability Insurance Scheme (NDIS) providers (NDIS providers) and department staff to understand the work that has occurred and the requirements for implementation of, and embedding, CIMS in practice.

Please see Section 2 for the latest updates to these FAQs.

For technical questions regarding the CIMS Application Program Interface, refer to the CIMS information technology (IT) FAQs (September 2017). You can download a copy of the CIMS IT FAQs from the CIMS page on the Service Providers website <http://providers.dhhs.vic.gov.au/cims>.

These FAQs should be read in conjunction with the CIMS policy:

• Client incident management guide• Client incident management guide – out of home care addendum

You can download a copy of these documents from the CIMS webpage <http://providers.dhhs.vic.gov.au/cims>.

Where ambiguity exists between these FAQs and the CIMS policy, the CIMS policy will apply.

CIMS frequently asked questions for service providers (July 2018) Page 5

http://providers.dhhs.vic.gov.au/cims


Section 2 – New questions

CIMS policy

2.1What is ‘during service delivery’?‘During service delivery’ includes:

• when the client is receiving a service (for example, when a staff member is with a client, when the client is on an outing where a staff member is present, or when the client is engaging with a service online or via telephone)

• when the client attends a service provider’s premises, including offices, residential services, respite facilities or day services. This includes the area within the boundaries of the premises, as well as the surrounding area within sight of the premises

• for off-site/outreach services, incidents that occur at the location of service delivery and the surrounding area within sight of that location (for example, when a staff member is providing in-home support or support in the community with the client, even if that support is minimal, such as an hour a month)

• for clients under the care of 24-hour services (for example, residential care, custodial services, supported accommodation or statutory child protection), any incident that occurs.

‘During service delivery’ excludes harm that may occur to a client:

• in the general course of life (for example, when a client is receiving episodic care and an incident occurs when the client is not receiving the services). This exclusion does not apply to clients who are under the care of 24-hour services

• where a client is receiving episodic care and an incident occurs when the client is not receiving the services that is unrelated to the services provided

• following adequate and appropriate discharge or release from the department-funded service or following the completion of the service provision period.

An incident that has occurred ‘during service delivery’ is an incident that occurs in any of the following circumstances:

• during provision of an in-scope service • as a result of, or related to, a deficiency or a potential failure in service provision (for example, through hazards,

neglect or inadequacy).

The definition of an ‘incident’ will be met if the event caused harm to a client and occurred ‘during service delivery’.

If an incident occurs during service delivery, it is required to be reported.

When should I report historical disclosures?

At times, clients may disclose incidents that occurred in the past. Such incidents should generally be considered in the same way as any other client incident – noting that the appropriate response may be different for an incident that occurred sometime in the past.

For these disclosures, service providers should consider whether the incident occurred during service delivery as defined, including during service delivery by another service provider. If so, the incident should be reported in accordance with the Client incident management guide unless it has already been reported.

What if an event involving a client occurs outside of service delivery?

During the process of service delivery, different types of events will occur that affect the client. Events that do not meet the definition of a ‘client incident’ are not reported under CIMS.

CIMS does not replace good case management or the requirement to meet other legislative (such as Reportable Conduct Scheme) or policy reporting (such as Privacy policy / reporting breaches) requirements. Service providers


are still required to ensure that appropriate communication, client incident records management and other reporting still occurs, even if the event is not a ‘client incident’ under CIMS. See section 3.9 of the Client incident management guide for additional guidance about other reporting.

2.2Additional guidance regarding ‘during service delivery’ in community mental health services

The Mental Health branch has provided the following additional guidance (in addition to CIMS policy requirements). For in-scope community mental health services, ‘during service delivery’ includes:

• telephone calls with clients; for example, when the client is on the phone to a worker and informs the worker they are self-harming as the worker speaks or calls the worker just after an incident of self-harm. The incident would still be happening when the client calls, and the service provider may have to respond by calling an ambulance or suggesting the client goes to hospital for treatment

• face-to-face service delivery and delivering a service in a client's home• text messages sent by clients to a service; for example, young people texting intermittently to a service reporting

what is happening to them at that moment• an appointment or a conversation with the service• when clients are on the service premises; for example, if an incident occurs in the waiting room.

For more information about ‘during service delivery’ in community mental health service setting, service providers should speak to their Agency Performance and System Support service plan lead or the Mental Health branch.

2.3Additional guidance regarding ‘during service delivery’ in specialist family violence service providers

Family Safety Victoria has provided the following additional guidance (in addition to CIMS policy requirements). In specialist family violence services, ‘during service delivery’ means when a client is receiving a service, such as when:

• staff are working directly with clients either in person or on the telephone• clients are within the boundaries of the premises or within sight of the premises.

When should I report historical disclosures?

Specialist family violence providers should report historical disclosures only when the actual incident occurred during service delivery. For example, historical disclosures relating to past incidents of family violence should not be reported as a client incident. Referrals to child protection or police should still occur in line with the relevant reporting requirements and the Child Safe Standards.

For more information about ‘during service delivery’ in family violence service settings, service providers should also speak to Family Safety Victoria or their Agency Performance and System Support service plan lead.

2.4Additional guidance regarding ‘during service delivery’ in alcohol and drug service providers

The Drug Policy and Reform branch has provided the following guidance (in addition to CIMS policy requirements). In community drug and alcohol services, ‘during service delivery’ means when a client is receiving a service, such as when:

• staff are working directly with clients either in person or on the telephone• clients are within the boundaries of the premises or within sight of the premises.

For more information about ‘during service delivery’ in alcohol and drug service settings, service providers should also speak to the Drug Policy and Reform branch or their Agency Performance and System Support service plan lead.


2.5Additional guidance regarding ‘during service delivery’ in lead tenantLead tenant is a type of out-of-home care placement and is therefore in scope for CIMS. Like other 24-hour care services (residential care, custodial services and child protection), a client incident report is required for all incidents involving clients of this service, regardless of the location of the incident.

For more information about ‘during service delivery’ in out-of-home service delivery settings, service providers should also speak to the Children and Families Policy branch or their Agency Performance and System Support service plan lead.

2.6Additional guidance regarding ‘during service delivery’ in transitional housing management

Transitional housing management is in scope for CIMS, under the banner of the service type ‘homelessness assistance’. The CIMS policy definitions of ‘during service delivery’ applies to transitional housing management services, including consideration of when the client is receiving the service (for example, when a staff member is with a client or when the client is engaging with a service online or via telephone).

Community-managed housing services are out-of-scope for CIMS, meaning that to the extent that the client is a ‘tenant’ of the funded organisation, events occurring within the tenancy are not in-scope for CIMS. Where the service provider is also funded to deliver CIMS in-scope services, such as homelessness assistance services, an incident report for an event occurring during service delivery should be considered.

For more information about ‘during service delivery’ in homelessness assistance services, service providers should speak to the Homelessness and Accommodation Support branch or their Agency Performance and Systems Support service plan lead.

2.7How is the impact on clients assessed?When assessing the effect of an incident on a client, the service provider should use their professional judgement and assessment to consider specific client characteristics that might influence the client’s experience of an incident (for example, the client’s age, development or personal history).

The staff member must exercise their professional judgement to determine what type of incident has occurred.

Factors to consider include:

Client experience

• Was the client physically, emotionally or psychologically harmed in the incident? If so, to what extent?• What level of treatment or care did the client require as a result of the incident?• Is the client still at risk of further harm?

Severity of outcome

• What was the nature and extent of the harm suffered?• What was the level of distress or suffering caused to the client?

Vulnerability of client

• Does the client’s age, stage of development, culture or gender increase the severity of suffering and trauma experienced?

• Does the balance of power or relationship between any alleged perpetrator and victim affect the impact of the incident on the client?

• Does the client’s mental or physical capacity, understanding of potential risks or communication skills affect how the incident impacts them?

• Does the client have a history of trauma or other factors that increase the impact of the incident? For example, abuse, homelessness, social isolation, health status (particularly poor health or other incapacity), poverty and discrimination.


Pattern and history of behaviour

• Some clients may have a history of engaging in dangerous activities that are known to the service provider and are being actively case-managed. In cases like this, the service provider may classify an incident as a non-major impact incident, because it is not unusual for that particular client – even though it might be considered otherwise with another client or in another circumstance.

• However, if the event is linked to either of the following, it should be reported as a major impact incident:

– an escalation in the severity or frequency of dangerous actions (for example, a client who has been known to get into physical altercations from time to time has recently been doing so on a daily basis)

– abnormal actions outside the known behavioural patterns of that client.

2.8How do we determine impact for absent clients?The CIMS incident type ‘absent client’ requires the service provider to exercise their professional judgement to assess the concerns for the safety of the absent client.

• For children and young people in particular, factors for service providers to consider in their assessment impact include:– if there is an escalation in the frequency of the young person’s behaviour, or the behaviours are inconsistent

with the young person’s usual behaviour, the event should be assessed as a major impact incident– if the young person is absent for short periods of time, is actively engaged with the service provider

throughout the absence and the care team is monitoring the absence, the event could be assessed as a non-major impact incident

– has a warrant been issued?– have police been notified?– is there a history of sexual exploitation?– is this client missing a curfew significant? That is, is the curfew court ordered?– is the client a known, high-risk client?

• For all clients– what is the vulnerability of the client?– what is the client’s age?– does the client have a history of high risk behaviours?– do the client’s actions require a change of intervention/support for the client?– have the actions taken by the client placed them in imminent risk of harm?– does the incident categorisation reflect cumulative harm, or patterns of concern?

Does the incident report submitted

• explain the safety concerns for the client?• describe the severity of concerns and how that relates to the assessment of risk/impact?• describe the actions that have been taken to locate the client?• describe the actions that have been taken to modify the case management, care arrangements or other support

supports of the client as a result of the incident?

2.9How do we determine impact for dangerous actions taken by the client?The CIMS incident type ‘dangerous actions - client’ requires the service provider to exercise their professional judgement to assess client actions that cause the client harm or place the client at risk of harm.

This includes:

• dangerous actions as a result of the misuse of drugs, alcohol or other substances• high-risk activities such as arson or train surfing


• sexually-orientated actions by a client in circumstances that place their safety at risk.

For children and young people in particular, factors for service providers to consider in their assessment of incident impact include:

• if there is an escalation in the frequency of the young person’s behaviour or the behaviours are inconsistent with the young person’s usual behaviour, the event should be assessed as a major impact incident

• have police been notified?• is the client a known, high-risk client?

For all clients

• what is the vulnerability of the client?• what is the client’s age?• does the client have a history of high risk behaviours?• do the client’s actions require a change of intervention/support for the client?• have the actions taken by the client placed them in imminent risk of harm?• does the incident categorisation reflect cumulative harm, or patterns of concern?

Does the incident report

• explain the safety concerns for the client?• describe the severity of concerns and how that relates to the assessment of risk/impact?• describe the actions that have been taken to modify the case management, care arrangements or supports for

the client as a result of the incident?

2.10 How do we determine impact for medication errors?The CIMS incident type ‘medication error’ requires the service provider to exercise their professional judgement to assess the impact of any error in the administration of a client’s prescribed medication, where the service provider is responsible for such administration. Including:

• the administration of incorrect medication

• missed medication

• the incorrect or unauthorised administration of PRN restraint medication

• psychotropic medicines misuse

• client refusal of prescribed or authorised medication pharmacy error (an error in the dispensing of medication).This requires the service provide to understand the nature and purpose of medication that they are responsible for administering to clients and the risk of harm to clients as a consequence of any medication error, including missed medication.Misuse of psychotropic medicines administered by a staff member must be reported as major impact. This includes where administration of this medication is ‘missed’.

2.11 If a client is absent (as defined under CIMS) and as a result of their absence has missed prescribed medication that the service provider is responsible for administering, does this need to be reported?

Yes, the service provider is required to assess the impact of the missed medication in this situation. Subject to the service provider’s assessment, the primary incident type in this case is likely to be assessed as ‘absent client’. In addition, the service provider could consider reporting the missed medication as a secondary incident type of ‘medication error’ because the client’s absence has prevented the required administration of a prescribed medication.


2.12 If an incident has two incident types, which one should be reported as the primary incident type vs the secondary incident type?

The most serious of the reported incident types, with the greatest impact on the client, should be reported as the primary incident type, and will drive the response to, and management of, the incident by the service provider.

2.13 When do service providers consult with child protection regarding a client incident in out-of-home care?

Service providers must consult with child protection during the incident management process as detailed within the Client incident management guide addendum: Out-of-home care if the client is a child involved with child protection.

The service provider must inform the child protection area manager:

• when a client incident is identified• when the incident is assessed as having a major impact incident and the report alleges abuse, poor quality of

care or unexplained injury, as part of the process to determine the way forward• of the progress of any investigation involving a child in the care of the department• of the intention to interview a child or young person as part of an incident review (case review or root cause

analysis).

The child protection area manager will consider the impact on the client and the immediate safety of the child, including any decisions regarding the appropriateness of the placement.

In addition, the service provider and child protection would be expected to discuss any client incident as a standard part of good case management practice, including case planning and care team discussions.

2.14 Who is responsible for reporting an incident when the client is both the client of funded organisation/NDIS provider and a department-delivered service?

The service provider that witnesses or first becomes aware of the incident must submit an incident report, whether the service is delivered by a department-delivered service (for example, child protection or disability accommodation service) or a funded organisation/National Disability Insurance Scheme (NDIS) provider.

If a client discloses details about an incident that occurred in a funded organisation/NDIS provider to a department-delivered service, the department-delivered service must complete the report form and submit to the relevant department’s divisional office. This ensures that the department service has met its reporting requirements.

Once the incident report is received by the divisional office, the department will determine whether the incident is alleged to have occurred in a funded organisation/NDIS provider or department-delivered service.

If the incident is assessed to have occurred in a department-delivered service, it will be recorded in TRIM and progress through existing investigation or review processes such as quality-of-support reviews or quality-of-care processes. This process will change when CIMS is implemented in department-delivered services.

If the divisional office determines that the incident allegedly occurred in a funded organisation/NDIS provider, the divisional monitoring and oversight team will advise the relevant Agency Performance and System Support service plan lead of the requirement to contact the relevant chief executive officer of the funded organisation/NDIS provider and delegate management of the incident to this organisation.

A copy of the paper-based incident report will be emailed to the service plan lead to ensure they have the appropriate information to inform discussions with the funded organisation/NDIS provider.

The funded organisation/NDIS provider must adhere to the requirements of the Client incident management guide to submit a CIMS incident report based upon the information provided by the service plan lead and manage that CIMS incident accordingly.

Once the funded organisation/NDIS provider submits a CIMS incident report via the CIMS IT solution, the original incident report submitted by the department-delivered service should be ‘hidden’ in TRIM. The record will still be


available (a special report can be run by Records Management) but will not appear in future standard incident reporting.

Should the funded organisation/NDIS provider fail to complete an incident report based upon the information provided to the service plan lead, the matter will be escalated to the Agency Performance and System Support manager or Area Director (where required).

2.10.1 What happens if an incident report is submitted by a funded organisation/NDIS provider but relates to an alleged incident that occurred in a department-delivered service?

If a client discloses an incident that occurred in a department-delivered service (for example, disability accommodation services) to a funded organisation/NDIS provider, the funded organisation must complete a CIMS incident report. This ensures that the funded organisation/NDIS provider has met the CIMS reporting requirements.

Once the incident information is received by the divisional monitoring and oversight team and the manager assesses that the incident occurred in a department-delivered service, they will advise the relevant area director , child protection director or disability director of the requirement to complete and submit a paper-based incident report based upon the information provided by the funded organisation/NDIS provider. The incident then must be managed by the department-delivered service.

The CIMS incident report submitted by the funded organisation/NDIS provider will be ‘withdrawn’ by the divisional office and returned to funded organisation with the rationale: ‘Incident referred to department-delivered service for appropriate reporting and management’.

2.10.2 If there are multiple organisations providing a service for a client, who is required to submit the report?

The service provider that witnesses, or first becomes aware of the incident, must submit an incident report, whether the service is department-delivered, or from a funded organisation or an NDIS provider. This may result in multiple reports being received about the one incident.

If this occurs, a lead organisation will be identified by the service providers involved. The decision to allocate a lead will be dependent upon the details of the incident. For example, if the alleged incident occurred in one service but was disclosed by the client to another service, it would be expected that the lead provider would be the one in which the alleged incident occurred. The divisional office manager is responsible for approving this decision based upon the information contained in the incident report.

2.15 Do we need to conduct a case review if the screening for investigation results in ‘no further action’ or ‘monitoring and support required’?

Yes, every major impact incident must be subject to either an investigation or review.

The purpose of an incident investigation by a service provider under CIMS is to determine whether there has been abuse or neglect of a client by a staff member (including a volunteer) or another client, as a result of an allegation in a client incident report.

The service provider must screen an incident for investigation if it is a major impact incident within the following categories:

• physical abuse• sexual abuse• financial abuse• emotional/psychological abuse• poor quality of care• injury – unexplained (in order to determine whether there has been any abuse or neglect that caused the injury).

As a result of the screening process, the service provider must determine which one of the following options is appropriate:


• Internal investigation• External investigation• No further investigative action – in a small number of cases, the service provider may make the decision to take

no further investigative action. This may be appropriate where it can be clearly established that the report of the incident is inaccurate or there is no basis for concerns about the safety of the client or the quality of care the client is receiving. If the decision is not to undertake an investigation, the grounds for this decision must be supported and recorded with a persuasive rationale backed up by evidence. The major impact incident must then be the subject of a review (case review or root cause analysis review).

• Monitoring and support required – in some cases information disclosed at the incident report stage, and then assessed through the screening stage, may identify issues that do not necessarily meet the threshold for an investigation to be conducted, or where an investigation cannot be reasonably conducted, but nevertheless require changes in practices. The service provider may manage these issues by monitoring and supporting affected staff members or clients, and document this on the staff and client files. If the decision is not to undertake an investigation, the grounds for this decision must be supported and recorded with a persuasive rationale backed up by evidence. The major impact incident must then be the subject of a review (case review or root cause analysis review). The changes in practice, monitoring and support of affected staff members or clients should be included in the case / RCA review outcome report under the ‘action plan / risk reduction plan’ section of the report.

2.16 What outcomes get substantiated as a result of a CIMS investigation?The purpose of an incident investigation by a service provider under CIMS is to determine whether there has been abuse or neglect of a client by a staff member (including a volunteer) or another client, as a result of an allegation in a client incident report.

The service provider must screen an incident for investigation if it is a major impact incident within the following categories:

• physical abuse• sexual abuse• financial abuse• emotional/psychological abuse• poor quality of care• injury – unexplained (in order to determine whether there has been any abuse or neglect that caused the injury).

At the conclusion of an investigation either abuse or neglect are substantiated under the following categories:• physical abuse (as a result of an allegation of physical abuse or incident type unexplained injury)• sexual abuse• emotional/psychological abuse• neglect (as a result of an allegation of poor quality of care or incident type unexplained injury)• financial abuse

Or, if the above outcomes cannot be substantiated, the outcome of the investigation report will be either:• not substantiated – no further action – where there is no evidence that the alleged incident took place• not substantiated – further action – where there is insufficient evidence to substantiate abuse but there is a need

for further actions to be taken to address any ongoing concerns.

Some additional considerations for service providers finalising an investigation outcome report

• incident types are not ‘substantiated/not substantiated’ – abuse or neglect are ‘substantiated/not substantiated’ for example the result of an investigation into an allegation of ‘poor quality of care’ is that neglect is

substantiated/not substantiated; the result of an investigation into a major impact incident under ‘unexplained injury’ is that abuse or neglect is substantiated/not substantiated.


• if the incident report is subject to two incident types that meet the threshold for investigation, then outcomes for both allegations must be documented

for example, where there is an allegation of both physical abuse and poor quality of care

• outcomes should be reported at a client level not report level for example, where two clients are the alleged victims of the same incident, outcomes must be reported

for both clients

• for the purposes of a CIMS investigation abuse or neglect can only be substantiated where the perpetrator is a staff member or another client (abuse only)

for example, it cannot be a member of the public. In these circumstances, for major impact incidents, a case review or root cause analysis review is required, not a CIMS investigation.

• an investigation is likely to uncover issues not identified at the point of incident report (that is, within 24 hours of the service provider becoming aware of the incident) and the screening stage (that is, within 72 hours of the service provider becoming aware of the incident)

if the matters discovered are an extension of the incident reported, then they should be dealt with in the same investigation process and outcome report

if the matters discovered relate to a separate/different incident, then an additional incident report should be initiated by the service provider and managed accordingly

for example, throughout the course of an investigation into physical abuse, the service provider discovers an allegation of poor quality of care related to the same incident, this should be included in the scope of the investigation and both abuse and neglect substantiated / not substantiated. The investigation and outcome report and action plan should reflect this, and the outcome reporting via the CIMS IT should reflect this also (it is possible to report up to two outcomes in the CIMS application).

the investigation process may also deliver findings outside the scope of the CIMS investigation. These findings can be documented within the investigation outcome report, subject to appropriate consideration of privacy and due process issues.

2.17 Does the department receive the case review outcome report?No, a case review is a review led by the service provider following a client incident to identify what happened and any processes and system issues that need to be addressed to support the safety and wellbeing of clients. Service providers are not required to submit case review outcome reports to the department but these must be made available upon request.

A case review is primarily based on a desktop review of available information and may also require speaking with client(s) and relevant staff members to explore what might have caused the incident, and documenting the lessons and the actions the service provider will take to reduce the risk of the same type of incident occurring again.

Service providers are not required to submit case review outcome reports to the department’s divisional office for endorsement. However, the divisional office may request case review reports on an ad-hoc basis for quality assurance purposes or as otherwise required.

Service providers are required to complete case reviews within 21 days of endorsement of the follow-up recommendation by the divisional office.

2.13.1 Finalising a case review outcome report

When the case review is completed, the following steps are required:

• The service provider’s chief executive officer or senior delegate must carefully consider the report and determine whether it meets CIMS requirements.

• The service provider’s chief executive officer or senior delegate approves the case review, and ensures that any changes relevant to the services provided to the client are recorded in the client’s file.

• The service provider must log any planned actions against the incident in the organisation’s client incident register and when completed, record these actions in the client’s file.


• Service providers must communicate the findings of reviews to the people involved in the incident (including the client and their guardian, family member, key support person or case manager/planner).

• Once any actions required as a follow-up to the review have been implemented, the service provider can close off the client incident.

2.18 Can my organisation use its own investigation/review template?Yes, service providers are able to use their own investigation templates.

While the use of CIMS templates is not mandatory, there is a need to ensure that all information requirements as specified on the department’s template are being captured and provided.

Service providers are recommended to use the CIMS templates.

2.19 Can the authority of the service provider’s chief executive officer be delegated?The CIMS policy requires the service provider’s chief executive officer or delegated authority to approve the incident report (major or non-major impact) for submission to the department and, in the case of major impact incidents:

• incident screening (follow-up) for submission to the department• investigation outcomes and/or root cause analysis review outcomes for submission to the department• case review outcomes submitted within the service provider organisation.Ultimately, the chief executive officer is accountable for all incident submissions to the department and oversight of incident management within their organisation. However, the chief executive officer can nominate other senior delegates to act on their behalf.

Authorisation responsibility needs to be maintained at an appropriately senior level.

If the department’s divisional office returns (withdraws) an incident report for rework by the service provider, the service provider’s chief executive officer or the delegated authority who approved the incident information for submission is advised.

2.20 Does the Responding to allegations of physical and sexual abuse policy still apply under CIMS?

The following policy documents are current under CIMS

• Client incident management guide• Client incident management guide – Out-of-home care addendum• CIMS internal roles and responsibilities guide (pending release, for department staff only)

The CIMS policy supersedes the following policies

• Critical client incident management instruction• Guidelines for responding to quality of care concerns in out-of-home care• Responding to allegations of physical and sexual abuse (RAPSA)

The Client incident management guide, appendix B: Responding to allegations of abuse provides incident response and reporting guidance required for allegations of abuse, including physical and sexual abuse.

2.21 Do the Guidelines for responding to quality of care concerns in out-of-home care still apply under CIMS?

The following policy documents are current under CIMS

• Client incident management guide• Client incident management guide – Out-of-home care addendum


• CIMS internal roles and responsibilities guide (pending release, for department staff only)

The CIMS policy supersedes the following policies

• Critical client incident management instruction• Responding to allegations of physical and sexual abuse (RAPSA)• Guidelines for responding to quality of care concerns in out-of-home care

The Client incident management guide provides guidance for incident management of incidents occurring in out-of-home care services, including incident investigations. The Client incident management guide – Out-of-home care addendum provides additional guidance to out-of-home care service providers, including requirements for consulting with child protection throughout the management of a client incident, including where an incident investigation is required.

CIMS monitoring and oversight

2.22 Why is my incident/follow-up/outcome being ‘withdrawn’ by the department?The department has a role in the review, quality assurance and endorsement of incident information. This role is performed by the department’s divisional office (monitoring and oversight team).

In reviewing submitted incident information, the divisional office will assess whether the information meets CIMS policy requirements. If it is assessed that the submitted incident information does not meet the policy requirements, it will be returned to the service provider for immediate rework and resubmission.

In some instances, incident reports are withdrawn because they are out of scope for CIMS (that is, they relate to an event that does not meet the definition of a client incident). In these cases, service providers are not required to resubmit these reports. The information provided by the divisional team about the reason for withdrawal will identify such cases.

If a service provider has any questions about why an incident has been withdrawn by the divisional team, it should contact the team that reviewed that incident via email:

• East Division: [email protected] • West Division: [email protected] • North Division: [email protected] • South Division: [email protected]

For more information about what the divisional office is looking for when it conducts its quality assurance of incidents, follow-up actions and outcomes, see Appendix 1.

2.23 How quickly should I resubmit an incident after it has been withdrawn by the department?

Each stage of the CIMS incident management process has submission timelines that the service provider must comply with. If an incident is withdrawn by the divisional office because the information submitted does not meet the required standards of the CIMS policy, these timelines still apply. Therefore it is critical that the service provider assesses withdrawn incidents, makes required changes and resubmits them immediately.

In the case of withdrawn non-major impact incidents, service providers should not wait to resubmit a non-major impact incident; it should be reviewed, revised and resubmitted immediately.


Parallel processes

2.24 What information is provided to oversight bodies?

2.14.1 Authorised recipient: Commission for Children and Young People

When Rationale for distribution How will reports be provided?

All major impact incidents for an out-of-home care client.

Oversight of response to incidents affecting children and young people in out-of-home care.

The Commission will receive direct access to endorsed or reviewed client incident information via CIMS Qlikview.This will include all data submitted for relevant incident reports (including key actions taken by the service provider), follow-up recommendations (investigation, case review or RCA review) and rationale for follow-up action and all investigation and RCA outcomes (including themes and actions).

Child protection client subject to the child death inquiry process.

Promote continuous improvement and innovation in policies and practices relating to child protection and the safety and wellbeing of vulnerable children and young persons.

The Commission will receive direct access to endorsed or reviewed client incident information via CIMS Qlikview.


2.14.2 Authorised recipient: Office of the Disability Services Commissioner (DSC)

When Rationale for distribution How will reports be provided?

Incident types within disability service programs (only).Major impact and non-major impact incidents:• deathMajor impact incidents:• injury

• poor quality of care

• physical abuse

• sexual abuse

• emotional/psychological abuse

• emotional/psychological trauma

• financial abuse

• inappropriate physical treatment

• sexual exploitation – major impact

Independent review and monitoring of the quality of responses provided to clients of disability services.Monitor improvements to the department’s incident review processes.

The DSC will receive direct access to endorsed or reviewed client incident information via CIMS Qlikview.This will include all data submitted for relevant incident reports (including key actions taken by the service provider), follow-up recommendations (investigation, case review or RCA review) and rationale for follow-up action and all investigation and RCA outcomes (including themes and actions).

The Commissioners can only see an endorsed major impact incident or reviewed non-major impact incident report (as appropriate), and have the capacity to download information in PDF format. If an incident has been withdrawn, the Disability Services Commissioner and Children, Youth and Families Commissioner cannot see the incident report through the Qlikview application.

2.14.3 Commission for Children and Young People

Section 60a of the Commission for Children and Young People Act 2012 provides that 'the Secretary to the Department of Health and Human Services must disclose to the Commission any information about an adverse event relating to a child in out of home care ... if the information is relevant to the Commission's functions.'

The related Memorandum of Understanding between the Secretary and the Commission details the processes supporting this information exchange.

Consistent with the Commission's functions under the Act, the Commission may ask the department for further information, which includes reviews about an adverse event.

The Commission has no legislative basis under s. 60A to request information relating to an adverse event directly from an agency. Where further information, such as more details about actions taken or the outcome of a case review is requested, the department will be required to facilitate provision of the requested information.

2.25 What access do oversight bodies have to investigation outcome reports?Endorsed investigation and root cause analysis review outcome reports for out-of-home care client are downloaded and emailed to the Commission for Children and Young People by the department as part of the requirement to provide to provide client incident information to the Commission. The CIMS Qlikview application is unable to transmit documents.

Following the completion of the investigation, endorsement of the final report and communication of the outcome to all parties, the investigation manager should consider the most appropriate next step. This may include consideration as to whether the findings or outcome of the investigation require further reporting to an oversight


body, such as the Disability Services Commissioner, the Commissioner for Children and Young People or the Independent Investigator / Suitability Panel.

2.26 Are section 81 and section 82 processes still in place?Section 81 (s. 81) and section 82 (s. 82) refer to the sections of the Children, Youth and Families Act 2005 that apply to out-of-home care service providers. These requirements are not altered by the implementation of CIMS and service providers and the department are required to adhere to their obligations under the Children, Youth and Families Act, including s. 81 and s. 82 reports.

For information, please see the department’s provider website at <https://providers.dhhs.vic.gov.au/registration-out-home-carers>.

2.27 Are incident reports used to notify the Commission for Children and Young People about the death of a current or former child protection client?

No, incident reports are not the trigger to notify the Commission for Children and Young People about the death of a current or former child protection client. Responsibility for these notifications sits with the Office of Professional Practice (OPP). OPP are advised of the death of a current or former child protection client through a range of mechanisms including via the Coroner or operational directors (as outlined in the Child Protection Manual).

Support for service providers for implementation of CIMS

2.28 Can the CIMS helpline provide practice advice?No, the CIMS helpline cannot provide practice advice or a ‘secondary consultation’ because the helpline team is not made up of practitioner experts.

The role of the CIMS helpline is to assist service providers by providing guidance and support in relation to CIMS policy, resources and the department-built CIMS IT.

CIMS is premised on the service provider’s professional judgement and assessment in relation to the client and service delivery environment.

If service provider staff need practice advice, they should in the first instance refer to their own management, their key department contact (Agency Performance and System Support service plan lead) or the relevant department program area.

For incidents involving child protection clients, the Client incident management guide addendum: Out-of-home care identifies where it is mandatory for the service provider to inform or consult with child protection throughout the management of a client incident.

2.29 Can the CIMS helpline provide assistance for organisations using their own IT system / CIMS Application Program Interface (API)?

No, the CIMS helpline is unable to assist with IT problems for organisations using their own IT system / CIMS API.

This is because every one of those systems is different and may use different terminology, formats and functionality to the department-built CIMS IT. Service providers are asked to refer to their organisation’s internal IT processes for these queries.

IT vendors can report CIMS API problems to the CIMS Technical Support team for investigation via <[email protected]>. The CIMS Technical Support team will work with the IT vendor and advise them of the resolution of issues. It is the responsibility of the IT vendor to advise their service provider clients (users of their IT system) of the resolution of these issues.

The CIMS helpline can provide guidance and support in relation to CIMS policy and resources.


mailto:[email protected]

https://providers.dhhs.vic.gov.au/registration-out-home-carers

2.30 Can the CIMS helpline assist with eBusiness issues?eBusiness is a platform used by the department that enables service providers to access a range of department applications, including CIMS IT.

If the service provider has been fully onboarded to CIMS IT and a staff member needs to be registered to use eBusiness, is having trouble logging into eBusiness or has a problem with their eBusiness log-in, that staff member should obtain the appropriate eBusiness help via <https://hns.dhs.vic.gov.au/dhsportal/wps/myportal>.

2.31 What happens if the CIMS helpline can’t resolve my query?CIMS IT queries that cannot be resolved by the CIMS helpline are escalated to the CIMS Application Support team. CIMS policy queries that cannot be resolved by the CIMS helpline are escalated to the CIMS Business Support team.

All phone calls and emails received by the helpline are logged until they are resolved and service levels are monitored regularly.

2.32 Can the CIMS helpline see what I see in my organisation’s CIMS IT?No, the CIMS helpline cannot see what a service provider can see in its CIMS IT, whether it’s the department-built client incident register or the service provider’s own system.

The department’s IT team cannot see what information is contained in the service provider’s CIMS IT, whether it’s the department-built client incident register or the service provider’s own system.

CIMS IT

2.33 Why does the system time out when I am working on it?There is no ‘time-out’ function built into the CIMS application. The time-out experienced by CIMS IT users is due to the eBusiness platform which has a pre-set timeout of three minutes and applies to all department applications accessed via eBusiness.

Users are advised to regularly move their computer mouse, to reduce the risk of the system timing out.

Service providers using the online incident report webform via the CIMS webpage at <https://cims.vic.gov.au/#/introduction>, will experience a time out, as it is not accessed via eBusiness.

2.34 Are there mandatory fields for organisations using their own IT system / CIMS Application Program Interface (API)?

Yes, organisations using their own IT system / CIMS API have the same mandatory field requirements as service providers using the department-built client incident register.

However, the field names used and how screens are presented and flow vary among these systems. In addition, sometimes organisations using their own IT system / CIMS API capture more than CIMS-related information only, for example, occupational health and safety and organisational risk information.

Department staff, including the CIMS helpline and CIMS Technical Support cannot see these systems or how information is presented or organised. When a service provider is using their own IT system / CIMS API and are experiencing problems in the submission of client incident information, they must consult with their manager / own organisation’s IT helpdesk to resolve issues.

2.24.1 Is ‘Date of last service provision’ a mandatory field?

No, ‘Date of last service provision’ is not a mandatory field.


https://cims.vic.gov.au/#/introduction

https://hns.dhs.vic.gov.au/dhsportal/wps/myportal

2.35 What status descriptions does the CIMS IT use?See Appendix 2 for CIMS IT status descriptions and the CIMS IT Client incident register user manual for more details.

2.36 Should a manager identify a client, staff member or other person in the ‘brief summary of the incident’ field?

No. As this field routinely gets used for reporting purposes details of clients, staff members or other persons should not be identified in the ‘brief summary of the incident’ field of the incident report form. There are other fields in the incident report form appropriate for capturing these details.

2.37 Is it possible to initiate an incident follow-up action prior to approval of the incident report?

For major impact incidents, screening for investigation and the recommended follow-up approach should be submitted to the department’s divisional office within 72 hours of the incident being witnessed or disclosed. This reflects the urgent nature of this activity following a major impact incident.

Within the CIMS application, it is possible for a service provider to create and submit the incident ‘follow-up’ prior to the incident being endorsed by the divisional office:

• If the incident report is subsequently endorsed by the divisional office, the follow-up action will automatically progress for divisional office review.

• If the incident report is ‘withdrawn’ by the divisional office, the follow-up action is therefore also automatically withdrawn and will need to be resubmitted by the service provider following resubmission of the incident report.

2.38 How do I request an extension of due date for a CIMS investigation or review?The CIMS IT functionality for requesting an extension of the due date for a CIMS investigation or review is essentially the same as when submitting an investigation or review outcome.

A request for an extension of the due date for a CIMS investigation or review is only applicable when the service provider is unable to continue an investigation or review due to circumstances outside the service provider’s control. An example of this would be if the incident involved a police investigation that cannot be conducted concurrently with a CIMS investigation.

Both users of the department-built client incident register and organisations using their own IT system / CIMS API apply for an extension of the due date electronically, via their CIMS IT.

Requesting an investigation or review extension in the department-built client incident register

To place an investigation on hold, go to the Review outcomes screen and follow these steps:

1. Click in the Outcome field to select ‘Pending’ from the dropdown list. Further information is displayed, along with a link to a template.

2. Select the Incident investigation/review on hold request template link. The template is available on the CIMS webpage at <http://providers.dhhs.vic.gov.au/cims>.

3. Complete the template and return to the Investigation outcome screen.

4. Click Update outcomes.

Investigations or reviews that are put on hold will also have a revised due date created by the department’s divisional office.

The follow-up recommendation will be at a status of ‘Pending’.

For more information, see the ‘Adding outcomes’ section of the CIMS IT Client incident register user manual.



2.39 What happens if I select ‘restricted access’ on an incident report?When a service provider staff member selects ‘restricted access’ when submitting an incident report this will automatically result in:

• the incident report only being visible to the organisation’s chief executive officer or delegated authority (the chief executive officer or delegated authority can choose to remove this restriction)

• an escalation to a senior department delegate.

For most incidents, the service provider should not select to restrict access to the incident.

Where an incident is sensitive and where only the organisation’s chief executive officer or delegated authority has access to the incident report it is appropriate to restrict access to the incident.

2.40 What is the difference between the address details that I need to provide in the incident report?

See Appendix 3 for definitions of the following incident report fields:

• Address of Service Delivery• Area• Location of Incident• Address (within client section).

2.41 When can I resubmit non-major impact incidents if they have been withdrawn by the department?

If a non-major impact incident report has been withdrawn by the department’s divisional office and needs to be resubmitted, the service provider should, review, revise and resubmit immediately (unless the incident reports is out of scope for CIMS). Do not wait until the following month.

2.42 Do I need to save the incident report (department-built client incident register)?Service providers completing an incident report in the department-built client incident register do not need to ‘save’ each incident report page. At the end of each page, the user just needs to click Next to move to the next section.

If the user needs to close the report and come back to it later to complete, the user can save it. They will be asked to provide an email address, and an email with a link and password will be sent to that address to allow the user to access the report at a later time. This function may be particularly useful if the service provider is concerned that the system will time-out while gathering information and completing the incident report.

The CIMS helpline does not have access to see any saved incident reports and cannot advise what email address or password has been provided in the ‘save’ process.

It is not possible to view a partially completed (saved) report in the client incident register.

If a partially completed (saved) incident report cannot be retrieved by the user or service provider organisation, a new incident report must be created.

2.43 Can an organisation submit more documents for an outcome that has already been submitted?

Once an outcome (excluding ‘Pending’) has been received by the department, a service provider cannot submit additional information or attachments.

To allow an organisation to submit further information, the outcome must first be withdrawn by the department’s divisional office and then the outcome (including the new information) resubmitted.

Note: Further information including attachments can be submitted by an organisation without the requirement of the department withdrawing an outcome if the most recent outcome submission was ‘Pending’.


Once an outcome is endorsed, no additional documentation can be attached to the outcome.

2.44 How can I tell if my organisation is onboarded to CIMS IT?A quick tip to check: open the CIMS incident report webform on the CIMS webpage and start typing the name of the organisation in the ‘Organisation name’ field. If the organisation does not appear, then they are not onboarded to CIMS. If in doubt, or you want to check the status of your organisation’s onboarding process, contact the CIMS helpline by calling 1300 024 863 or email <[email protected]>.

2.45 Can an already approved incident report, follow-up recommendation or outcome be withdrawn?

Currently CIMS IT does not have the capacity to withdraw an incident, follow-up recommendation or outcome that has already been endorsed.

Note: The department is currently working on a system enhancement that would enable a designated system administrator to withdraw endorsed items. Service providers and department staff will receive further advice about this shortly.

2.46 My organisation is not onboarded/registered yet to the CIMS application. How can we report an incident?

Service providers are required to ensure that they are registered to use CIMS it to submit and manage incident information.

If a service provider is not fully registered to use the CIMS application and need to report a major impact incident as required under the CIMS policy, the service provider’s chief executive officer or senior delegate should contact the CIMS helpline by calling 1300 024 863 or email <[email protected]>. The CIMS helpline will arrange a one-off link that will enable the service provider to submit one major impact incident. After that, the service provider is required to complete the CIMS IT registration and onboarding process immediately.

2.47 An organisation is having trouble accessing its client incident register. Can they report outside of the system via the one-off direct submission link?

No. With the implementation of CIMS, only electronic submissions for incident reports are accepted. The one-off link can only be provided to an organisation that is not onboarded to CIMS. Once the organisation has completed the process, the direct submission link is void. This includes organisations using either the department-built client incident register or their own system / vendor system.

2.48 Who is responsible for updating service providers’ user details in the CIMS client incident register?

Service providers have the ability to maintain user details within the CIMS client incident register. A senior delegate user can click on the ‘Users’ tab and update details of all users within their team(s).

2.49 What is the CIMS Application Program Interface (API)?An API is essentially an electronic doorway that allows information to pass through as long as it meets the following criteria:

• It is coming from an authorised source (a registered organisation).• The information being passed through meets a set criterion.

– For example, ‘DHHS Area’ has 21 set value options that are allowed to pass through the CIMS API doorway. If the value provided by the service provider does not equal one of these 21 values, then it will not be allowed to pass through.




For every field within CIMS IT that has a predetermined value and format, these values and formats are found within the CIMS API reference data that can be accessed by IT vendors to check to make sure that they are using the correct information.

When an attempt to submit an incident/follow-up recommendation/outcome fails, the CIMS API provides a validation failure message to advise the user. These error messages will also provide a reason why the submission was not accepted.

Since the implementation of CIMS, there have been no changes to the CIMS API or associated reference data provided to service providers or IT vendors.

Steps for service providers experiencing issues:

1. Contact your IT vendor to assess the problem.

2. If required, email the CIMS Technical Support team <[email protected]>, who will assess and respond.

It is important to note that the CIMS Technical Support team can only see what has been submitted successfully through the CIMS API. The CIMS Technical Support team will be unable to assist with CIMS API issues where the issue lies in the service provider / IT vendor system.



Section 3 – What is the new CIMS?

3.1 What is the new CIMS?CIMS is an end-to-end system for the management of client incidents with a focus on the impact an incident has on a client.

It includes five stages:

Stage 1: Identification and response

Identification is when an incident is disclosed to, or observed by, a service provider at any service delivery setting (for example, provider premises, outreach location or a client’s home). This may include disclosure by a client, family member or other professionals, to the service provider.

Response covers the immediate activities undertaken to ensure the safety and wellbeing of clients, staff and visitors, preserve evidence and notify emergency services and family or other support people.

Stage 2: Reporting

Reporting captures specific information about the incident. As part of this stage, follow-up is undertaken to ensure the information provided in an incident notification is accurate, and service providers and the department are assured that appropriate actions are being planned and/or undertaken to manage the incident.

Stage 3: Incident investigation

An investigation is a formal process of collecting information to ascertain the facts about an incident, which may inform any subsequent criminal, civil, disciplinary or administrative sanctions.

In the context of this policy, the purpose of an incident investigation is to determine whether there has been abuse or poor quality of care of a client by a staff member, carer or another client.

Incident investigations may be carried out by service providers (including the department) or external bodies (including the department).

Stage 4: Incident review

A review is an analysis of an incident to identify what happened, determine whether an incident was managed appropriately, identify likely causes of the incident, and to apply subsequent learnings to reduce the risk of future harm.

Incident reviews may be carried out by service providers (including the department) or external bodies (including the department).

Stage 5: Analysis and learning

Analysis and learning includes monitoring and acting on trends identified through the analysis of incident information to enhance the quality of service and supports to clients.

Reporting, investigating, reviewing and analysing incidents helps service providers to review and assess the way in which an incident has been managed, to implement improvements, minimise risk and embed a continuous improvement approach. This supports better client experience and outcomes.

Figure 1: Model for the new CIMS


3.2 Scope

3.2.1 How can I tell if my organisation is in scope for CIMS?Your organisation is in scope for CIMS if it:

holds a funding and service agreement(s) with the department and is funded to deliver services to clients of the department and is listed as one of the in-scope services in Client incident management guide, Appendix C: Scope of this guide.

If you are still unsure, your organisation should check with your key department contact within Agency Performance and System Support.

Please refer to the CIMS scope summary (May 2017) for a full list of in-scope and out-of-scope services for CIMS. You can download a copy of the CIMS scope summary from the CIMS page on the Service Providers website <http://providers.dhhs.vic.gov.au/cims>.

3.2.2 CIMS in-scope services

Program: Health services

In-scope services include funded organisations that do not report through the Victorian Health Incident Management System (VHIMS), which includes organisations providing the services types listed below:

• aged care and carer’s support services• alcohol and drug treatment services• community palliative care services• home and community care (HACC) services (for people under 65 and under 50 years for Aboriginal people).

Excludes services funded through the National Disability Insurance Scheme (NDIS)• mental health community support services

– youth residential rehabilitation– adult residential rehabilitation– individualised support packages– accommodation, respite and community support

• sexual health prevention and community-based care services.

Program: Disability services

Service type:

• disability forensic assessment and treatment services• individual support including

– day services– flexible support packages– individual support packages– outreach support– respite

• information, planning and capacity-building including– case management– access

• targeted services including– behaviour intervention services– independent living training


• residential accommodation services including– residential institutions– shared supported accommodation

• NDIS– NDIS – assist-life stage, transition– NDIS – daily personal activities– NDIS – daily tasks / shared living– NDIS – development-life skills– NDIS – group and centre based activities– NDIS – high-intensity daily personal activities– NDIS – participate community– NDIS – plan management– NDIS – specialised positive behaviour support– NDIS – specialist support coordination.

Program: Children, youth and families services

Service type:

• family and community services including– Aboriginal community-controlled organisations (residential services)– early parenting services– placement prevention / Families FIRST – placement prevention and reunification / Family Coaching Victoria – Cradle to Kinder program– family intervention services– Child FIRST and family services – family violence and sexual assault services

• home-based care – foster• home-based care – kinship• home-based care – lead tenant• residential care including

– residential care – general / complex / intensive – therapeutic residential care

• secure welfare services• statutory child protection services including

– child protection services– child protection after hours

• therapeutic care.

Program: Housing and community building services

Service type:

• department-managed housing including– public housing (but not community-managed housing – see next section on out-of-scope services)

• homelessness assistance including– supported accommodation assistance– homelessness service support– transitional housing management


– crisis accommodation services and crisis support services• long-term housing assistance including

– long-term assistance– Public Housing Infrastructure Program.

Program: Youth services

Service type:

• refugee minor program• finding solutions• youth outreach and diversion services• adolescent support programs.

Please refer to the CIMS scope summary (May 2017) for a full list of in-scope and out-of-scope services for CIMS. You can download a copy of the CIMS scope summary from the CIMS page on the Service Providers website <http://providers.dhhs.vic.gov.au/cims>.

3.2.3 Community health services – not in scope for CIMS In April 2017, the Department of Health and Human Services Board agreed to defer the transition of registered and integrated community health services into CIMS for 12 months from its implementation. This was to address the potential for overlapping administrative and incident reporting requirements, and enable consideration of the most appropriate incident reporting framework for community health services in the future.

This decision applies to the whole of the organisation. It is not specific to particular funded programs. As such all health and human services programs – if delivered by a community health service – are not initially in scope for CIMS.

If you have any queries about reporting requirements for community health services, please email Primary Health Partnerships at <[email protected]>.

3.2.4 ConsortiaIn consortia arrangements, all members in the alliance/consortium are listed as parties to the service agreement. Each member organisation agrees to the terms and conditions of the service agreement and is individually bound by them. Each member organisation is responsible to the other members and to the department for the actions of the alliance/consortium and service delivery.

As a consequence, each member of the consortia is required to comply with the requirements of CIMS, including submitting incident information electronically to the department under the organisation name that is party to the service agreement for the consortia.

Consortia members can choose to use their existing IT systems or the department-built client incident register. It does not matter if other consortia members submit client incident information via a different system.

For more information, see the Service agreement information kit for funded organisations, section 2.4, Service agreements with more than one organisation, at <https://fac.dhhs.vic.gov.au/service-agreement-information-kit>.


http://www.dhs.vic.gov.au/facs/bdb/fmu/service-agreement/3.service-agreements/2.4-service-agreements-with-more-than-one-organisation




Section 4 – Phased implementation

4.1 Implementation of CIMS for in-scope funded organisations or NDIS providers

CIMS was implemented across all in-scope funded organisations and NDIS providers on 15 January 2018. The implementation of CIMS has been supported by a suite of online and classroom-based training programs to support capability-building within the sector.

4.2 Implementation of CIMS in department-delivered servicesCIMS will be implemented across department-delivered services in mid-2018 and only once a formal change consultation process has been completed. Until a formal change consultation process is complete, the current incident reporting and management processes will continue for internally delivered services.

4.3 Interim monitoring and oversight teamsTo ensure the appropriate reporting and management of client incidents by funded organisations or NDIS providers from 15 January 2018, alternative procedures for the quality assurance of client incident information have been established until the change consultation with internal staff is complete. This has included the establishment of interim CIMS monitoring and oversight teams within each department division.


Section 5 – Monitoring and oversight

5.1 What happens if a service provider submits a paper-based incident report from 15 January 2018?

All funded organisations and NDIS providers are required to electronically submit incident information via the CIMS IT solution as of 15 January 2018.

If a service provider submits a paper-based incident report form after this date, the department will contact the reporting organisation and advise of the requirement to resubmit the client incident information via the CIMS IT solution.

Funded organisations or NDIS providers that have not registered to use the CIMS IT solution and are required to report a client incident, must contact the CIMS helpline (tel: 1300 024 863). The CIMS helpline will be operational for 12 months from CIMS implementation. Operating hours include 7.00 am – 7.00 pm weekdays and 10.00 am – 3.00 pm weekends and public holidays.

5.2 What happens if an incident report is submitted by a department-delivered service but relates to an alleged incident that occurred during service delivery at a service provider?

If a client discloses details about an incident that occurred in a service provider to a department-delivered service (for example, disability accommodation services or child protection), the department-delivered service must complete the paper-based or Word macro incident report form and submit (via relay fax or uploaded to the online portal) to the relevant divisional office. This ensures that the department-delivered service has met reporting requirements.

Once the incident report is received by the incident reporting team located within divisional office, the incident report team will determine whether the incident is alleged to have occurred in a service provider.

If the alleged incident is deemed to have occurred in a service provider, the department will contact the relevant chief executive officer of the service provider and delegate management of the incident to this organisation.

The service provider must adhere to the requirements of the Client incident management guide to submit a CIMS incident report based upon the information provided by the department and manage that CIMS incident accordingly.

5.3 What happens if an incident report is submitted by a funded organisation but relates to an alleged incident that occurred in a department-delivered service?

If a client discloses an incident that occurred in a department-delivered service (for example, disability accommodation services) to a service provider, the funded organisation must complete the CIMS incident report webform in the CIMS IT solution. This ensures that the service provider has met the CIMS reporting requirements.

Once the incident information is received by the department, the department will determine whether the incident is alleged to have occurred in a department-delivered service and advise the relevant area director or child protection director (if appropriate) of the requirement to complete and submit a paper-based incident report, based upon the information provided by the funded organisations or NDIS provider. The incident then must be managed by the department-delivered service as per existing policy requirements.

The CIMS incident report webform submitted by the service provider will be ‘withdrawn’ by the divisional office and returned to the funded organisation with the rationale: ‘Incident referred to department-delivered service for appropriate reporting and management’. No further action is required of the service provider after this time.


5.4 If there are multiple organisations providing a service for a client, who is required to submit the report?

The service provider that witnesses or first becomes aware of the incident must submit an incident report, whether the service is delivered by a department-delivered services or a funded organisation / NDIS provider.

If multiple incident reports relating to the same incident are received, a lead organisation will be identified by the department. The decision to allocate a lead will be dependent upon the details of the incident. For example, if the alleged incident occurred in one service but was disclosed by the client to another service, it would be expected that the lead provider would be the one in which the alleged incident occurred.

5.5 If the allegation is about a labour hire agency staff member, who is responsible for the reporting and management of the incident?

The service provider responsible for providing the service at the time of the alleged incident is responsible for the reporting and management of the client incident irrespective of whether the allegation is about a substantive staff member or a labour hire staff member.

In these matters, the service provider is responsible for notifying the labour hire agency that an allegation has been raised about its staff member(s) and, where an investigation or review is required, the expectation for the labour hire agency to lead or participate in any interview with the staff member(s) in question.

5.6 What is the role of Agency Performance and System Support under the interim monitoring and oversight arrangement?

While the review and endorsement of incident information received from funded organisations or NDIS providers will be the responsibility of the divisional offices, Local Connections / Health Integration and Partnerships retains responsibility for broader service management and monitoring.

The divisional service plan lead will be required to record the incident information (as required) in live monitoring as outlined in the Funded Organisation Performance and Monitoring Framework (FOPMF).

The Agency Performance and System Support teams will continue to review incident reporting data analytics to identify systemic, thematic and operational management issues as part of their broader service management and monitoring oversight role. Incident reports are only one of the inputs to service agreement management and monitoring.

5.7 What is the role of child protection during the interim monitoring and oversight arrangements?

While the review and endorsement of client incident information received from service providers will be the responsibility of the divisional offices, child protection will retain all existing case planning and placement decisions for child protection clients placed within or managed by a funded organisation.

Once incident information submitted by funded organisations or NDIS providers is quality-assured and endorsed, the divisional offices will provide a copy of the report to child protection.

Additional information regarding requirements to inform or consult child protection during the incident management process involving a child or young person in out-of-home care can be found in the Client incident management guide addendum: Out-of-home care. Incident reports do not remove the requirement for appropriate case notes to be recorded.

The addendum can be found on the CIMS webpage at <http://providers.dhhs.vic.gov.au/cims>.



5.8 What is the role of Disability Client Services during the interim monitoring and oversight arrangements?

While the review and endorsement of client incident information received from service providers will be the responsibility of the divisional offices, Disability Client Services will receive copies of submitted incident reports for clients they case manage.

Once incident information submitted by funded organisations or NDIS providers is reviewed and endorsed, the divisional offices will provide a copy of the report to the relevant Disability Client Services.


Section 6 – Management of events not in scope for CIMS

6.1 What is the process to manage alleged privacy breaches for funded organisations or NDIS providers that do not have a direct impact upon a client?

Alleged privacy breaches that do not have an impact upon client will not be reported through CIMS.

With the commencement of CIMS on 15 January 2018, a new privacy incident report form is available to allow funded organisations and NDIS providers to report privacy incidents. The new privacy incident form is web-based.

The form requires the agency to enter details about the privacy incident, clients involved, immediate risks, and how the incident is being managed and contained. The new form will include fields on information security and practices.

Once the report is submitted, the nominated service provider will receive a confirmation email and a reference number. The report will be received by the department’s divisional privacy officer and directed to the funded organisation’s contract manager within the department (that is, Agency Performance and System Support service plan lead), who will work with the funded organisation on managing the incident as required.

A landing page has been created on the providers’ webpage at <http://stage.providers.dhhs.vic.gov.au/reporting-incidents>. This landing page has links to report a client incident (CIMS), a privacy breach and a reportable conduct notification.

6.1.2 How will the department ensure that privacy of information is assured?The department and funded organisations have access to personal information (which includes sensitive information) and health information about clients and staff.

It is critical that the department protects the privacy of this personal and health information.

The department is bound by privacy and other laws, including the:

Privacy and Data Protection Act 2014 Health Records Act 2001 Charter of Human Rights and Responsibilities Act 2006• Freedom of Information Act 1982.

Sharing information about clients is a legitimate part of providing services and keeping people safe. However, it is important to note that information may only be shared in accordance with the law. A Privacy Impact Assessment has been conducted on both the Client incident management guide and CIMS IT to ensure that CIMS meets all privacy requirements.

The Commissioner for Privacy and Data Protection has been consulted throughout the development of CIMS.

6.2 What about incidents that do not have an impact upon a client but affect staff or carers?

CIMS focuses on the impact of an incident on the client, rather than impacts on staff.

This change does not diminish the important and legal responsibilities that service providers and the department have in terms of providing a safe work environment for their employees and responding to workplace health and safety incidents appropriately.


http://stage.providers.dhhs.vic.gov.au/reporting-incidents

External service providers will need to:

refer to their own existing workplace health and safety systems and human resources processes to deal with reporting and responding to incidents that impact their staff

where an incident impacts both clients and staff, the service provider will need to report and manage the incident according to both systems.

In department-delivered services, the department will need to:

refer to the Disease/Injury/Near-Miss/Accident (DINMA) approach for incidents that impact department staff where an incident impacts both clients and staff, the department will need to report and manage the incident

according to both systems.


Section 7 – Parallel processes

7.1 How will incidents that meet the threshold for reportable conduct be notified to the Commission for Children and Young People?

The Victorian Government is continuing its commitment to make Victoria safer for all children by introducing a Reportable Conduct Scheme from 1 July 2017.

Under the scheme, organisations with a high level of responsibility for children are required to notify the Commission for Children and Young People of allegations that any staff member has engaged in ‘reportable conduct’ or ‘misconduct that may involve reportable conduct’.

The Department of Health and Human Services as well as certain organisations funded by the department are included in the scheme. It is the funded organisation’s or NDIS provider’s responsibility to notify the Commission of potential reportable conduct.

The Commission for Children and Young People website provides further information about reporting requirements under the Reportable Conduct Scheme at <https://ccyp.vic.gov.au/news/reportable-conduct-scheme-forms>.

A landing page has been created on the providers’ webpage at <http://stage.providers.dhhs.vic.gov.au/reporting-incidents>. This landing page has links to make a reportable conduct notification.

7.2 How will an s. 81 or s. 82 referral for independent investigation and Suitability Panel be managed during the interim period?

Allegations of physical and/or sexual abuse against a registered out-of-home carer involving a child or young person in their care may be required to be reported to the Secretary for independent investigation under s. 81 or s. 82 of the Children, Youth and Families Act 2005 (the Act). This is in addition to, and concurrent with, requirements under the Client incident management guide.

The Act provides for disqualification of an out-of-home care carer where, following an independent investigation, the Suitability Panel determines physical or sexual abuse has occurred and the carer poses an unacceptable risk of harm to children.

A s. 81 or s. 82 report must be made in addition to a client incident report. The s. 81 or s. 82 report form can be found on the department’s website at <https://providers.dhhs.vic.gov.au/>.


http://stage.providers.dhhs.vic.gov.au/reporting-incidents

https://ccyp.vic.gov.au/news/reportable-conduct-scheme-forms

Section 8 – The policy

8.1 How can I find out about the details of the policy?Two key publications are available on the CIMS webpage for you to gain a better understanding of the new policy and what is changing:

• Client incident management guide• Client incident management guide addendum: Out-of-home care.

8.2 Does the Client incident management guide supersede the Responding to allegations of physical and sexual abuse guidelines?

Yes, the Client incident management guide will replace the Responding to allegations of physical and sexual abuse guidelines (RAPSA).

The Client incident management guide provides overarching guidance on the response, reporting, investigation and review of all client incidents, and also provides additional guidance for allegations of physical or sexual assault (within the Client incident management guide, Appendix B: Responding to allegations of abuse).

8.3 Incident identification and response

8.3.1 What is new in relation to incident identification and response? Clear client-centred minimum standards are identified for responding to all client incidents. Specific requirements are identified for preservation of evidence and notification of police, as appropriate. Response guidance includes immediate response and planning for ongoing support. Specific guidance for responding to allegations of physical and sexual assault are included.

8.4 Incident reporting

8.4.1 What is new in relation to incident reporting? Revised incident categories and a list of incident types to simplify and streamline classification across services.

Service providers select a primary incident type and secondary incident type for each affected client. Two categories are used: ‘major impact’ and ‘non-major impact’. The service provider must exercise

professional judgement in identifying the level of impact on each client involved in the incident, with guidance provided by the department.

All ‘major impact’ incidents will require specific information to be reported on an individual basis to the department’s divisional office by the service provider, within 24 hours of becoming aware of the incident.

All ‘non-major impact’ incidents will require information (including identifiable details of people involved in the incident) to be reported in bulk to the divisional office on a monthly basis.

Service provider chief executive officers (or senior delegates) are required to review their monthly non-major impact reports and identify patterns of persistent non-major impact incidents for a specific client, which will trigger a major impact incident to reflect cumulative harm, or other patterns of concern.

8.4.2 Will the way that service providers report and submit incident reports change?Yes, the way that service providers report and submit incident reports will change under CIMS. The new system is online and replaces the former paper-based system of incident reporting.


8.4.3 Are there changes to the way incidents are categorised?Yes, there are changes to the way incidents are categorised under CIMS. Under CIMS, client incidents are based on the assessment of the impact (level of harm) to the client. The impact of an incident is assessed for each client involved in the incident.

‘Major impact’ and ‘non-major impact’ define the two incident categories.

Major impact incidents include:

severe physical, emotional or psychological injury or suffering which is likely to cause ongoing trauma a pattern of incidents related to one client that, when taken together, meet the level of harm to a client defined

above. This may be the case even if each individual incident is a non-major impact incident. This is to reflect the impact of cumulative and persistent harm that is out of the ordinary for the client. This threshold is based on professional judgement and knowledge of the particular circumstances of the client, and the context of the service being delivered

the unanticipated death of a client.

Certain incidents have a mandatory requirement to be reported as major impact incidents. For example, all deaths of clients in unexpected or unanticipated circumstances, including suicides and allegations of sexual abuse must be reported as major impact incidents.

For further details, refer to the Client incident management guide, Appendix A: Definitions of incident types.

Non-major impact incidents include:

incidents that cause physical, emotional or psychological injury or suffering, without resulting in major impact as defined above

impacts to the client that do not require significant changes to care requirements, other than short-term interventions (for example, first aid, observation, talking interventions or short-term medical treatment)

incidents that involve a client but result in minimal harm incidents that do not otherwise meet the criteria for major impact.

8.4.4 How will CIMS ensure impact is assessed appropriately?The overarching aim of CIMS is to support the safety and wellbeing of clients and is premised on service providers’ assessment and professional judgement.

Support will be provided to build the capability of service provider staff, including understanding how to appropriately categorise the impact of an incident on a client. This support will include:

learning and development modules the CIMS toolkit the CIMS helpline, which will provide guidance and information to service providers.

In addition:

Every major impact incident report will be reviewed and endorsed by the department’s divisional office. Every non-major impact incident will be quality-assured by the department’s divisional office. If issues are identified, feedback will be provided directly to the service provider and the service provider will be

asked to resubmit the incident report.

8.4.5 Are there changes to incident types?Yes, there are changes to incidents types under CIMS. For definitions of incident types, see Client incident management guide, Appendix A: Definitions of incident types.

Incident type is assessed for each client impacted by the incident. It is possible to assess both a primary and secondary incident type for each client involved in the incident.


8.4.6 Is it possible to map the new incident types to compare them against the current incident types?

No, it is not possible to directly map the new client incident types to existing client incident types. The new approach to categorising client incidents (major and non-major impact on the client) does not directly correlate with existing reporting mechanisms.

8.4.7 Will any type of incidents from the existing incident reporting system no longer be reported?

Events that impact staff or potential privacy breaches will not be reported in CIMS unless there is a client impact associated with these events.

However, it remains important to report these events and they will still be reported in workplace health and safety and privacy reporting systems, respectively.

8.4.8 Are there changes to reporting timeframes?Yes, there are changes to the timeframes that apply when client incident information is submitted to the department:

a major impact incident report must be submitted to the department’s divisional office within 24 hours of the service provider becoming aware of the incident

• non-major impact incidents must be recorded on the service provider’s client incident register (CIR) within five days of the service provider becoming aware of the incident and submitted in bulk to the department’s divisional office on a monthly basis (within five days of the end of the month).

The requirement to submit a major impact incident report to the department’s divisional office within 24 hours of the service provider becoming aware of an incident applies to all in-scope service providers.

8.4.9 Will client incident reports be de-identified in CIMS?No, CIMS will identify clients and staff involved in all incidents.

The department has conducted privacy impact assessment on the new CIMS policy and CIMS IT. The Commissioner for Privacy and Data Protection has been consulted throughout the development of CIMS.

8.5 Incident investigation

8.5.1 What is new in relation to investigations? All allegations of abuse (sexual, physical, psychological or financial abuse), poor quality of care or unexplained

injury must be screened for investigation. Investigations are the responsibility of the service provider (including the department where it is the service

provider). The Client incident management guide includes minimum standards for an investigation, clear thresholds for

when an investigation is required, and guidelines for when an external investigator should be commissioned and oversight/quality assurance. The service provider is required to have robust, documented processes for investigations and is required to submit the investigation report to the department’s divisional office for quality assurance.

In exceptional cases, including where the service provider has demonstrated a lack of capacity to conduct an investigation that meets the standards in the Client incident management guide, the department may become involved in the investigation as joint investigation manager or investigation manager.

Investigation outcomes will be electronically submitted to the divisional office for quality assurance via the service provider’s client incident register.


Employment and carer schemes and screening processes such as the Suitability Panel and Disability Worker Exclusion Scheme will continue.

• The Guidelines for responding to quality of care concerns in out-of-home care – technical update 2014 will be superseded by the new CIMS.

8.5.2 Are all service providers expected to conduct CIMS investigations?Yes, service providers are required to lead CIMS investigations. Service providers will be supported to develop capability to conduct investigations through:

the Client incident management guide, which outlines the threshold and minimum standards for investigations online modules and face-to-face training to enhance service providers’ capability to conduct investigations the CIMS toolkit, which includes resources and templates to assist service providers in conducting

investigations.

In exceptional cases, including where the service provider has demonstrated a lack of capacity to conduct an investigation that meets the standards set out, the department may become involved in the investigation as joint investigation manager or investigation manager.

8.5.3 When is an external investigation required?Service providers must consider how the independence requirements of an investigation can be met in a given case. Depending on the nature of the incident and the organisation, one of the following may be appropriate to conduct an investigation:

an area of the organisation that is sufficiently independent from staff who are the subject of any allegations, such as another division or an independent investigative function

another service provider independent from the staff who are the subject of any allegations an external investigative body.

In exceptional cases, including where the service provider has demonstrated a lack of capacity to conduct an investigation that meets the standards set out, the department may become involved in the investigation as joint investigation manager or investigation manager.

8.5.4 Are there changes to investigation timeframes?Yes, there are changes to the timeframes that apply when client incident information is submitted to the department:

the service provider must submit its recommendation to conduct an investigation or review for a major impact incident within 72 hours of becoming aware of the incident

the service provider must submit an investigation outcome report within 28 working days of the divisional office’s endorsement of the recommendation to conduct an investigation for a major impact incident.

8.6 Incident reviews

8.6.1 What is new in relation to incident reviews? Every major impact incident that does not meet the threshold for investigation must be reviewed, either via a

case review or a root cause analysis (RCA) review.– An RCA review is required where a service provider’s processes or systems (or their absence) appear to

have been a significant causal or contributing factor to the major impact incident. The purpose of a review is to determine whether the management of an incident was handled appropriately and

to identify any learnings to apply in future.


In circumstances where there is a demonstrated lack of capacity of the service provider to undertake an RCA review, the department will have an option to jointly manage the review, with the right to approve the terms of reference and select an independent reviewer.

Where there are concerns about a service provider’s performance more generally, beyond an individual incident, funded organisation performance monitoring mechanisms such as service reviews would be activated. These are to be distinguished from incident reviews.

RCA review outcomes will be electronically submitted to the divisional office for quality assurance via the service provider’s client incident register.

It is noted that external oversight bodies also conduct reviews, and that some of these reviews occur pursuant to legislative processes. These types of reviews will continue in accordance with current approaches.

The Quality of support review guidelines will be superseded by the new CIMS.

8.6.2 Are all service providers expected to lead CIMS reviews?Yes, service providers are required to conduct CIMS reviews, both case reviews and root cause analysis reviews.

In circumstances where there is a demonstrated lack of capacity of the service provider to undertake a root cause analysis review, the department will have an option to jointly manage the review, with the right to approve the terms of reference and select an independent reviewer.


Section 9 – Role of the department

9.1 The role of the department in monitoring and oversightSection 4.3 of this document provides information about the divisional offices. These teams will be responsible for the quality assurance and endorsement of client incident information submitted by funded organisations and NDIS providers.

9.1.1 How will the department’s divisional office respond to service providers’ new reporting timeframes?

Service provider responsibility Department’s divisional office response

A major impact incident report must be submitted to the department’s divisional office within 24 hours of the service provider becoming aware of the incident.

Endorse the major impact incident report within 24 hours of submission.

Non-major impact incidents must be recorded on the service provider’s client incident register (CIR) within five days of the service provider becoming aware of the incident and submitted in aggregate (batch) to the divisional office on a monthly basis (within five working days of the end of the month).

Conduct quality assurance of non-major impact incidents submitted within 14 days of receipt.

The service provider must submit its recommendation to conduct an investigation or review for a major impact incident within 72 hours of becoming aware of the incident.

Endorse the service provider’s recommendation within 48 hours of submission.

For major impact incidents, where it is assessed that an investigation is required, the service provider must submit an investigation outcome report within 28 days of the divisional office’s endorsement of the service provider’s recommendation to conduct an investigation.

Endorse the service provider’s investigation outcome report within 14 days of receipt.

For major impact incidents, where it is assessed that an a root cause analysis review is required, the service provider must submit a root cause analysis review outcome report within 60 working days of the divisional office’s endorsement of the service provider’s recommendation to conduct a root cause analysis review.

Endorse the service provider’s root cause analysis review outcome report within 14 days of receipt.

For major impact incidents, where it is assessed that an a case review is required, the service provider must complete a case review within 21 working days of the divisional office’s endorsement of the service provider’s recommendation to conduct a case review.The service provider is not required to submit a case review to the department for endorsement.

Conduct quality assurance of service provider case reviews via the CIMS performance audit.


Section 10 – Transition to CIMS

10.1 What role does quality of care have in the context of CIMS?The Client incident management guide will replace the Guidelines for responding to quality of care concerns in out-of-home care – technical update 2014.

The Client incident management guide provides guidance about the threshold, and minimum standards, for the investigation of client incidents across all in-scope services. The Client incident management guide includes an appendix to provide specific additional guidance regarding responding to and managing client incidents for children in out-of-home care.

10.2 What role do Quality of support review guidelines have in the context of CIMS?

CIMS reviews will replace Quality of support review guidelines. The Client incident management guide provides guidance about the threshold, and minimum standards, for the investigation and/or review of client incidents across all in-scope services.

10.3 National Disability Insurance Scheme

10.3.1 What does this reform work mean in the context of the National Disability Insurance Scheme?

National Disability Insurance Scheme (NDIS) service providers are in scope for CIMS.

The NDIS Bilateral Agreement between the Commonwealth and Victoria was signed on 16 September 2015. Under Schedule F of this agreement, Victoria's existing quality and safeguards arrangements (including critical incident reporting) will continue to operate during transition to the full NDIS up to the point, or until such time as, elements of a nationally consistent framework have been agreed and implemented.

Until full transition to NDIS, the Victorian client incident management arrangements will continue to apply to service providers in Victorian disability services. This means that NDIS providers are required to comply with the new CIMS.

10.4 Other funding sourcesExisting reporting requirements for each jurisdiction remain in place.


Section 11 – Supports for service providers for implementation of CIMS

11.1 Learning and developmentOnline modules will support individual staff learning to embed CIMS in practice.

Classroom-based training on investigations and reviews will also be made available.

The following online modules are available on the CIMS webpage:

• CIMS overview• CIMS incident identification and reporting• CIMS incident investigation• CIMS incident review.

The following classroom-based training programs are available:

• CIMS incident investigation• CIMS incident review.

11.2 Helpline support serviceFor the first 12 months of implementation, a CIMS helpline will be established to provide advice and support to service providers. The helpline will be available seven days a week and can be reached by phone on 1300 024 863 or by email at <[email protected]>.

11.3 ToolkitCIMS fact sheets, flipchart and templates are available to support the CIMS policy.



Section 12 – CIMS ITFor technical questions regarding the CIMS Application Program Interface (API), refer to the CIMS IT FAQs (May 2018). You can download a copy of the CIMS IT FAQs from the CIMS webpage at <http://providers.dhhs.vic.gov.au/cims>.

12.1 CIMS IT overviewTo support capacity for greater consistency and improved analytics regarding client incident management, a CIMS IT solution has been developed.

The IT solution for CIMS includes:

• Client incident register (CIR) and CIMS incident report webform– All service providers are required to have their own CIR to be able to store and transmit client incident

reports, investigations and reviews.– The department has built a CIR for department-delivered services including child protection, disability

accommodation services and secure welfare. – Funded organisations may use the department-built CIR.– For service providers that use the department-built CIR, the CIMS incident report webform allows service

provider staff to report a client incident. A CIMS incident report must be approved by the service chief executive officer or senior delegate before being submitted to the department’s divisional office for endorsement.

• Application Program Interface (API)– The CIMS API will allow external service provider systems to electronically submit client incident information

from existing IT platforms to the department.• Reporting and analytics module

– The system used by the department to monitor, report and analyse incident information submitted by service providers.

12.2 How will I submit client incident information?All client incident information will be submitted electronically from the service provider’s client incident register. There are four electronic submission points under CIMS:

• individual major impact incident report• non-major impact incident bulk submission• major impact incident follow-up and recommendation for investigation / review• incident investigation / review (root cause analysis) outcomes.

12.3 What will happen to fax transmission of client incidents for Human Services programs?

When CIMS is implemented, fax transmission of client incident reports will no longer be available.

12.4 Are service providers going to have to modify or update their current IT systems?

External service providers are going to have to modify or update their current IT systems if they choose to submit client incident information via the CIMS API.


12.5 Where can we find out more information about CIMS API?For details about the CIMS API, please refer to the CIMS API specifications at < http://www.dhs.vic.gov.au/about-the-department/plans,-programs-and-projects/projects-and-initiatives/cross-departmental-projects-and-initiatives/client-incident-management-system>

12.6 What is the CIMS webform?• The CIMS webform will be accessible to anyone who has access to the internet.

– Staff do not require access to the secure CIR to access and complete the CIMS webform.• Service provider staff will complete the CIMS webform to report a client incident and submit it within their

organisation for quality assurance and approval (which is actioned within the CIR).• The CIMS incident report must be approved by the service chief executive officer or senior delegate before

being submitted to the department’s divisional office to endorse.

12.7 What is the CIMS CIR?• All service providers are required to have their own client incident register (CIR) to be able to store, submit and

manage client incident reports, investigations and reviews.• The department has built a CIR for department-delivered services, including child protection, disability

accommodation services and secure welfare.– The department-built CIR is a secure system that allows service providers to quality assure and approve

client incident information before submitting this information to the department’s divisional office for quality assurance and endorsement.

• Funded organisations may use the department-built CIR.

12.8 How will my team learn how to use the CIMS webform and CIR?Users will learn how to use the CIMS webform and CIR via the:

• CIMS IT online module• CIMS IT user guides• CIMS IT also includes user tool tips to assist the user while using the system.

12.9 How do we get access to the department-built CIR?Service providers are required to ensure that they are registered to use CIMS it to submit and manage incident information.

If a service provider is not fully registered to use the CIMS application and need to report a major impact incident as required under the CIMS policy, the service provider’s chief executive officer or senior delegate should contact the CIMS helpline by calling 1300 024 863 or email <[email protected]>. The CIMS helpline will arrange a one-off link that will enable the service provider to submit one major impact incident. After that, the service provider is required to complete the CIMS IT registration and onboarding process immediately.

12.10 What do we do if we don’t have a CIR capable of transmitting incident information via the CIMS API?

Service providers may use the department-built CIR if they don’t have their own CIR.

12.11 What if my organisation’s technology system is not ready in time for the CIMS implementation?

Service providers may use the department-built CIR until their own technology system is ready.


http://www.dhs.vic.gov.au/about-the-department/plans,-programs-and-projects/projects-and-initiatives/cross-departmental-projects-and-initiatives/client-incident-management-system

Section 13 – More information

13.1 Where do I find more information?• See the CIMS page on the Service Providers website <http://providers.dhhs.vic.gov.au/cims>.• Call the CIMS helpline on 1300 024 863.• Email [email protected].• For information about CIMS IT, please refer to the CIMS IT FAQs, available to download from the CIMS page

on the Service Providers website <http://providers.dhhs.vic.gov.au/cims>.





Appendix 1: CIMS monitoring and oversight checklistsThe following pages contain the checklists that the divisional office team uses to support the quality assurance of incident information submitted by service providers throughout the lifecycle of incident management. These checklists are used as a guide only and support consistency between divisional teams.

Four checklists are used:

• Incident reporting checklist• Incident follow-up action checklist (major impact incidents only)• Investigation outcome report checklist (major impact incidents only)• Root cause analysis (RCA) review report and risk reduction action plan checklist (major impact incidents only).

Note, there is no checklist for case reviews because case reviews are not submitted to the divisional office.

If service providers have any specific questions about why an incident has been withdrawn, they should contact the relevant divisional office team.

This checklist is a guide for monitoring and oversight staff with responsibility for assessing and endorsing client incident reports as required under the CIMS.

The reviewer will need to make an assessment of the information provided in the client incident report to be satisfied the incident has been reported correctly.

It is intended as a guide and tool to aid decision-making only.

Assessing a client incident report

ChecklistHas the incident been classified correctly as a major impact/non-major impact incident?

Consider Yes No Not applicable

Is it clear from the description that there was an incident that occurred during service delivery (while the client was in the care of the service provider) and had a harmful impact on the client?(If this is not the case then the event that occurred should NOT be reported through CIMS.)

Yes No

Is it clear from the description of the incident what the impact has been on the client(s)?

Yes No

Does the description of the incident match the incident classification? Yes No


Incident reporting checklistClient incident management system (CIMS)


Does this incident come under the category of a mandatory major impact, and if so, has it been reported as this?The following incident types must always be classified as a major impact incident:• death (unexpected)

• escape from a secure facility

• physical abuse

• sexual abuse

• sexual exploitation.

Yes No N/A

If the incident has been reported as a major impact incident, does the description of the incident indicate that it meets this threshold? (The incident must be a major impact incident for at least one client, if there is more than one client involved in the incident.)The following incidents are categorised as having a major impact on a client:• all unexpected or unanticipated deaths of clients, including suicides

• severe physical, emotional or psychological injury or suffering that is likely to cause ongoing trauma

• a pattern of incidents related to one client that, when taken together, meet the level of harm to a client defined above. This may be the case even if each individual incident is a non-major impact incident.

Yes No N/A

Has the appropriate incident type (the impact on the client) been selected?


Is there a description about the impact the incident has had on each client involved in the incident?(Note that up to 10 clients can be included in an incident report.)

Yes No

Does the report contain all relevant and necessary information to be able to endorse the incident report?

Does the description clearly state:


What happened? Yes No

Where the incident happened? Yes No

Who was involved? Yes No

Does the report contain information about whether the immediate safety needs of the client were met?

Does the description articulate:



What was done to ensure the safety of the client, and by whom? Yes No

Were Victoria Police or ambulance notified (if appropriate for incident type)? Yes No N/A

Was first aid administered (if appropriate for incident type)? Yes No N/A

Was the alleged perpetrator involved in the incident removed from the scene and stood down, if appropriate?

Yes No N/A

Were clients involved in the incident removed from the scene or separated from each other, if appropriate?

Yes No N/A

Were appropriate persons notified about the incident? (guardian, case manager, advocate, family member, etc. as appropriate)

Yes No N/A

This checklist is a guide for monitoring and oversight staff with responsibility for assessing and endorsing follow-up actions after a major impact incident report has been submitted to the department.

Monitoring and oversight staff will need to make an assessment of the information provided in the follow-up submission recommending either an investigation or an incident review be conducted in response to the major impact incident that has occurred. Monitoring and oversight staff must be satisfied there is sufficient evidence supporting the recommended follow-up action as being appropriate based on CIMS policy.

It is intended as a guide and tool to aid decision-making only.

Checklist – InvestigationConsider Yes No Not

applicable

Does this incident meet the mandatory threshold to have been screened for investigation?The following types of major impact incidents must always be screened for investigation:• abuse of a client by a staff member (including volunteer/s) or another client

(financial, physical, sexual, emotional/psychological)• sexual exploitation

• poor quality of care

• injury – unexplained.

Yes No

Is the investigation manager independent from the incident itself (e.g. they were not in any way involved in or present during the incident)?

Yes No

Was the screening conducted within 72 hours of the incident having happened or from the time the service provider first became aware of the incident?

Yes No


Incident follow-up action(screening for investigation) checklistClient incident management system (CIMS)


If the screening for investigation was not conducted within 72 hours, is there a reasonable explanation for why this CIMS requirement has not been met?

Yes No N/A

Is there a clear explanation for the recommended investigative action and why that action is the appropriate decision?Upon completion of screening, one of the following investigative outcomes must be recommended:• no further investigative action – proceed to review*

• monitoring and support required – proceed to review*

• internal investigation

• external investigation.*If an investigation is not being recommended then it is mandatory that the incident be referred for an incident review instead.

Yes No

Is there reason for the department to believe that a joint investigation may be the most appropriate approach for conducting this investigation?• A joint investigation occurs when the department partners with the service

provider to carry out the investigation.• The divisional office will only become involved in carrying out a joint

investigation in exceptional circumstances, where one or more of the criteria below have been met:

The current incident is similar to a series of previous incidents for the client or alleged perpetrator.

It is not possible for the service provider to undertake an independent investigation because of the seniority of staff involved.

There has been a demonstrated lack of capability by the service provider to conduct or commission an investigation that meets the investigation standards defined by the CIMS policy.

Yes No

Checklist – Incident review Before completing this checklist, the reviewer must be satisfied that the incident does not meet the mandatory requirement to have been screened for investigation.

If the incident has been screened for investigation and the result of the screening is that an incident review is being recommended as the most appropriate follow-up action, then the reviewer should first work through the ‘Investigation’ checklist and must be satisfied that an incident review is an appropriate recommendation based on the circumstances of the incident and the information provided in the follow-up action submission.

It is intended as a guide and decision-making aid only.


If this incident has been screened for investigation and an incident review is recommended instead, is the rationale for this decision clear?

Yes No N/A


Consider

Is a case review or a root cause analysis (RCA) review being recommended?If case review – proceed to section 2 of checklist.If RCA review – proceed to section 3 of checklist.

Case review


Is the review manager independent from the incident itself (e.g. they were not in any way involved in or present during the incident)?

Yes No

Has the recommendation to conduct a case review been submitted to the department within 72 hours of the incident having happened or from the time the service provider first became aware of the incident?

Yes No

If the recommendation to conduct a case review was not submitted to the department within 72 hours, is there a reasonable explanation for why this CIMS requirement has not been met?

Yes No N/A

Is there any indication from the description that there may be major systemic or process issues, with multiple potential causes or contributing factors, underpinning this incident?(If the answer to this question is Yes, then an RCA review, rather than a case review, may be the more appropriate follow-up action for this incident, and the reviewer should discuss this with the team manager responsible for endorsement of the follow-up action.)

Yes No

Is there a clear explanation, and convincing rationale, as to why the service provider has determined that key learnings from this incident can be achieved by conducting a case review? These learnings include understanding why the incident happened and what can be changed to prevent the likelihood of similar incidents happening in future.

Yes No

Root cause analysis (RCA) review


Is the review manager independent from the incident itself (e.g. they were not in any way involved in or present during the incident)?

Yes No

Has the recommendation to conduct an RCA review been submitted to the department within 72 hours of the incident having happened or from the time the service provider first became aware of the incident?

Yes No

If the recommendation to conduct an RCA review was not submitted to the department within 72 hours, is there an explanation for why this CIMS requirement has not been met?

Yes No N/A



Is there a detailed description in the follow-up action recommendation outlining that there are major systemic or process issues, with multiple causes or potential contributing factors, suspected to be underpinning the incident?(If the answer is No, then a case review, rather than an RCA review, may be the more appropriate follow-up action for this incident, and the reviewer should discuss this with the team manager responsible for endorsement of the follow-up action.)Some questions the review manager should have considered to inform their rationale are:• Is it reasonably clear at this point how to determine what happened in the

incident?• Is it likely that this incident is a one-off?

• Is it reasonably clear at this point that the service provider will be able to determine whether the incident was managed appropriately?

• Is it reasonably clear at this point that the service provider will be able to identify the cause of the incident?

• Is it reasonably clear at this point how the service provider will determine the learnings from the incident?

• Is it reasonably clear at this point how the service provider will determine what actions should arise from the review to reduce the risk of the same type of incident occurring again, and thereby reduce the risk of future harm?

If the answer to most or all of these questions is No then it is likely an RCA review is indeed the most appropriate review type for this incident.

Yes No

Is there reason for the department to believe that a joint RCA review may be the most appropriate approach for conducting this incident review?• A joint incident review occurs when the department partners with the service

provider to carry out the investigation.• The divisional office will only become involved in carrying out a joint RCA

review in exceptional circumstances, where one or more of the criteria below have been met:

The current incident is similar to a series of previous incidents for the client or alleged perpetrator.

It is not possible for the service provider to undertake an independent investigation because of the seniority of staff involved.

There has been a demonstrated lack of capability by the service provider to conduct or commission an investigation that meets the investigation standards defined by the CIMS policy.

Yes No

This checklist is a guide for monitoring and oversight staff with responsibility for assessing and endorsing CIMS investigation outcome reports submitted to the department for major impact incidents. Information documented in investigation outcome reports must demonstrate evidence to support the findings based on the checklist criteria provided.



Investigation outcome report checklist

Client incident management system (CIMS)

Checklist – Investigation outcome report

Investigation methodology is clearly articulated


Is there any information detailed in the investigation outcome report about the experience of the person who conducted the investigation, and their level of independence from the incident itself? (This might include a brief description about the professional background and experience of the investigator, whether they have previously undertaken investigations, how they have addressed any potential perceived conflict of interest, etc.)

Yes No N/A

Is there evidence, based on the information in the report, that the plan has been contextualised to the client’s needs, and does it take into account their safety and wellbeing? (e.g. cultural considerations, interpreter service to address language barrier, advocate/support person identified to attend interview with client)

Yes No N/A

Was the investigation conducted in line with the principles of procedural fairness?


Has the client been invited to participate in the investigation process, and to obtain the support they need to do so?This specifically refers to the client(s) involved in the initial incident report.

Yes No

If the client did not participate in the investigation process, is there an adequate explanation as to why they have not, and/or detail about what attempts there were to include them?

Yes No N/A

Have all relevant staff members, carers and witnesses involved in the incident, as noted in the incident report and follow-up recommendation, been invited to participate in the investigation process, and to obtain the support they need to do so? (e.g. if there is no mention in the outcome report of a witness who was noted in the incident report then this criteria would not be met)

Yes No

If any relevant staff members, carers and witnesses did not participate in the investigation process, is there an adequate explanation as to why they did not, and/or detail about what attempts there were to include them?

Yes No N/A

Is there evidence, based on the information in the report, that the investigation adopted a person-centred and rights-based approach?

Yes No N/A

Is the language used in the report impartial and independent (without bias)? Yes No

Is there evidence that the participants interviewed had the opportunity to confirm their interview statements?

Yes No N/A

Has all relevant documentation (such as previous incident reports, complaints, prior investigations/reviews and client files) been considered? (for example, if a client sustained an injury from a fall, due to a medication error, then it would be expected that the client’s medication chart/record should have been reviewed, staff member human resource record for an abuse claim, incident reports for previous medication errors and injuries, workplace policies and procedures)

Yes No

Investigation outcome

Is there a clearly documented assessment of all evidence leading to the stated conclusions?



Are the conclusions reached in the investigation underpinned by a strong, clear and reasonable rationale, and is the relevant evidence for each allegation clearly outlined?

Yes No

Is there an evidence-based finding, with a clear and concise rationale, of one of the following possible options:• substantiated – [incident type]

• not substantiated – no further action – where there is no evidence that the incident took place or that the incident was unavoidable

• not substantiated – further action – where there is insufficient evidence to substantiate abuse/neglect but there is a need for further actions to be taken to address any ongoing concerns.

Note:• There should be an explanation as to how evidence has been weighted, that

is, corroboration, etc.• In instances of abuse or neglect, conclusions and findings should be based

on the salient evidence and an assessment as to whether or not these incidents types can be substantiated based on the civil standard of proof (the balance of probabilities).

• In instances of unexplained injury, conclusions and findings should be based on the salient evidence.

Yes No

Are the recommended service provider practice improvement actions aligned to the findings in the report, and do they adhere to the SMART formula?S = SpecificM = MeasurableA = AchievableR = RealisticT = Time measured

Yes No N/A

Was the investigation completed and the outcome report submitted to the department within 28 working days of the investigation having been endorsed, as per CIMS requirements?If not, is there an adequate explanation for any delay?

Yes No

This checklist is a guide for monitoring and oversight staff with responsibility for assessing and endorsing CIMS root cause analysis (RCA) review report and risk reduction action plans (RCA reports) submitted to the department for major impact incidents where major systemic or process issues are suspected to be underpinning the incident. Information documented in RCA review reports must demonstrate evidence to support the findings based on the checklist criteria provided.


Checklist – RCA review report


Root cause analysis (RCA) reviewreport and risk reduction action plan checklistClient incident management system (CIMS)


Is there any information detailed in the RCA report about the experience of the person who conducted the RCA review, and their level of independence from the incident itself? (This might include a brief description about the professional background and experience of the reviewer, whether they have previously undertaken RCA reviews, how they have addressed any potential perceived conflict of interest, etc.)

Yes No N/A

Was the RCA review conducted in line with the principles of procedural fairness?


Has the client(s) involved in the incident been invited to participate in the review process, and to obtain the support they need to do so?This specifically refers to the client(s) involved in the initial incident report.

Yes No

If the client did not participate in the review process, is there an adequate explanation as to why they have not, and detail about what attempts there were to include them?

Yes No N/A

Have all relevant staff members, carers and witnesses involved in the incident, as noted in the incident report and follow-up recommendation, been invited to participate in the review process, and to obtain the support they need to do so? (e.g. if there is no mention in the outcome report of a witness who was noted in the incident report then this criterion would not be met)

Yes No

If any relevant staff members, carers and witnesses did not participate in the review process, is there an adequate explanation as to why they did not, and/or detail about what attempts there were to include them?

Yes No N/A

Is there evidence, based on the information in the report, that the RCA review adopted a person-centred and rights-based approach?

Yes No N/A

Is the language used in the RCA report impartial and independent, with a focus on problem-solving and not on assigning blame? (without bias)

Yes No


RCA methodology is clearly articulated


Does the RCA review focus primarily on systems and processes, rather than individual performance?

Yes No

Have recognised analytical methods, such as a cause and effect (fishbone) chart and a critical event map, been used as part of the review process, and have these been attached with the report?

Yes No

Has all relevant documentation (such as previous incident reports, complaints, prior investigations/reviews, client files, policies and procedures documents, etc.) been considered?

Yes No N/A

Does the RCA report clearly identify critical events, underlying root cause(s) and contributing factors underpinning the incident?

Yes No

Are the analysis and stated conclusions supported by evidence, with a focus on policies, procedures and systems?

Yes No

Risk reduction action plan


Does the risk reduction action plan adequately align with the root causes and causal statements identified in the report, and include the information listed below?• Risk

• Who is accountable for the risk mitigation?

• What action is to be taken?

• Who is responsible for the action?

• When the action is to be completed by?

• A measurable performance target.

Yes No

Was the RCA review completed and the outcome report submitted to the department within 60 working days of it having been endorsed, as per CIMS requirements?If not, is there an adequate explanation for any delay?

Yes No


Appendix 2: CIMS IT status descriptionsTable 1: Service provider incident report status (department-built client incident register)

Status nameIncident impact Description

New Major / non-major

Incident reports have a status of ‘New’ when first submitted by a frontline staff member into the service provider’s client incident register. All incident reports at this status require quality assessment and approval by a manager prior to being escalated to the senior delegate for final endorsement and submission to the department.Note: A senior delegate user has the ability to complete the incident report.

Pending Authorisation

Major Incident reports will have a status of ‘Pending Authorisation’ when a manager has completed a quality assessment of the service provider’s response section of a major impact incident. This status indicates that the incident report requires a senior delegate to authorise and submit the major impact incident to the department (required to occur within 24 hours of the service provider becoming aware of the incident).

Approved Non-major Incident reports have a status of ‘Approved’ when a manager has completed a quality assessment and approved a non-major impact incident for submission to the department. A senior delegate is responsible for submitting all approved non-major impact incidents to the department within five days of the end of the preceding month.

Submitted Major / non-major

Incident reports have a status of ‘Submitted’ once they have been submitted to the department. A major impact incident will remain at a status of ‘Submitted’ until a senior delegate submits the service provider’s follow-up recommendation to the department (required to be submitted within 72 hours of the service provider becoming aware of the incident) when it will change to ‘Follow-up’.Non-major impact incidents remain at a status of ‘Submitted’ as no follow-up recommendation is required.

Follow-up Major Incident reports have a status of ‘Follow-up’ when they are major impact and a proposed follow-up recommendation has been submitted to the department. A major impact incident report remains at this status until all the outcomes required have been submitted and endorsed by the department; it can then be closed.Note: Follow-up recommendations, investigations, root cause analysis and case reviews each have an individual status that is detailed in the table below.

Withdrawn Major / non-major

Incident reports have a status of ‘Withdrawn’ when a received incident is removed from the client incident register by a manager or senior delegate due to it not being in scope for reporting under the CIMS policy. This status can be applied to incidents withdrawn by a service provider prior to submission to the department, or to incidents that are submitted and subsequently withdrawn by the department.

Draft Major / non-major

Incident reports have a status of ‘Draft’ when a new incident is created and saved by a manager or senior delegate prior to being completed. Incident reports with a status of ‘Draft’ will only be visible to the user who created the incident report.

Closed Major Incident reports have a status of ‘Closed’ when all follow-up actions have been completed, submitted to the department and endorsed. It applies to major impact incidents only and is the final status that indicates that there are no further actions within the client incident register relating to the incident.


Table 2: Department assessment status for incident reports


Received Major / non-major

The assessment status of an incident will be ‘Received’ once an incident report has been successfully submitted to the divisional office for endorsement by the senior delegate.

Assessment in Progress

Major The assessment status of an incident will be ‘Assessment in Progress’ when the incident has been quality-checked by the divisional office and has been escalated to a department manager for endorsement.

Escalated Major The assessment status of an incident will be ‘Escalated’ when the incident has been quality-checked by the divisional office and has been escalated to a department director for endorsement.

Assessment Complete

Major / non-major

The assessment status of an incident will be ‘Assessment Complete’ when the incident has been quality-checked and endorsed by the divisional office.

Follow-up Major The assessment status of an incident will be ‘Follow-up’ once the submitted follow-up recommendation has been endorsed by the divisional office.

Closed Major The assessment status of an incident will be ‘Closed’ when all the follow-up recommendations and outcomes for an incident have been endorsed by the divisional office.

Withdrawn Major / non-major

The assessment status of an incident will be ‘Withdrawn’ when the incident has been returned to the service provider by the divisional office due to requiring amendments (will need to be resubmitted) or if not in scope of CIMS (will not need to be resubmitted).


Table 3: Service provider follow-up recommendation and outcome status (department-built client incident register)


Draft Major A follow-up recommendation will be at a status of ‘Draft’ when a senior delegate creates a follow-up recommendation but does not submit it to the divisional office. This can apply to a follow-up recommendation of investigation, root cause analysis or case review.

Open Major A follow-up recommendation will be at a status of ‘Open’ when a senior delegate has submitted a follow-up recommendation to the divisional office.

Pending Authorisation

Major A follow-up recommendation will be at a status of ‘Pending Authorisation’ when an investigation has escalated an investigation, root cause analysis or case review to the senior delegate for endorsement prior to being submitted to the divisional office.

Completed Major A follow-up recommendation will be at a status of ‘Completed’ when the final investigation or root cause analysis has been submitted to the divisional office.Note: A case review will change to a status of ‘Completed’ once endorsed by the senior delegate as the outcome and outcome report are not submitted to the divisional office.

Pending Major A follow-up recommendation will be at a status of ‘Pending’ when the senior delegate submits an investigation or root cause analysis outcome of ‘On-hold’. This is only to be used when external factors outside the control of the service do not allow for the investigation/root cause analysis to be conducted.

Withdrawn Major A follow-up recommendation will be at a status of ‘Withdrawn’ when a follow-up recommendation has been withdrawn by the divisional office due to requiring a different form of follow-up and the service provider senior delegate has subsequently withdrawn the recommendation.

Table 4: Department assessment status for follow-up recommendation and outcomes


Rec Received Major Follow-up assessment status will be ‘Rec Received’ when a follow-up recommendation has been successfully submitted to the divisional office for review and endorsement.

Rec Escalated Major Follow-up assessment status will be ‘Rec Escalated’ when the submitted follow-up recommendation has been quality-checked and escalated to a department manager for endorsement.

Rec Pending Acceptance

Major Follow-up assessment status will be ‘Rec Pending Acceptance’ when the submitted follow-up recommendation has been quality-checked and escalated to a department director for endorsement.

Rec Approved Major Follow-up assessment status will be ‘Rec Approved’ when the submitted follow-up recommendation has been endorsed by the divisional office.

Rec Withdrawn Major Follow-up assessment status will be ‘Rec Withdrawn’ when the submitted follow-up recommendation has been returned by the divisional office as it requires amendment (will require resubmission by the senior delegate) or a different type of follow-up recommendation is proposed (a new follow-up recommendation will be required).



Outcomes Received

Major Follow-up assessment status will be ‘Outcomes Received’ when the investigation or root cause analysis outcome has been submitted to the divisional office for quality assessment and endorsement.

QA in Progress Major Follow-up assessment status will be ‘QA in Progress’ when the submitted investigation or root cause analysis outcome has been escalated to a department manager for endorsement.

QA Escalated Major Follow-up assessment status will be ‘QA Escalated’ when the submitted investigation or root cause analysis outcome has been escalated to a department director for endorsement.

Outcomes Approved

Major Follow-up assessment status will be ‘Outcomes Approved’ when the submitted investigation or root cause analysis outcome has been endorsed by the divisional office.

Outcomes Withdrawn

Major Follow-up assessment status will be ‘Outcomes Withdrawn’ when the submitted investigation or root cause analysis outcome has been withdrawn by the divisional office.Outcomes that have been withdrawn will have a reason and rationale as to why they have been withdrawn to enable the service provider to make amendments and resubmit to the divisional office when complete.

On-hold Major Follow-up assessment status will be ‘On-hold’ when the submitted investigation or root cause analysis outcome is ‘On-hold’ and is endorsed by the divisional office.Investigations or root cause analysis that are put on hold will also have a revised due date created by the divisional office to enable the service provider to submit an outcome when agreed.


Appendix 3: CIMS addresses

Department-built client Incident register (CIR) API users All

Name of CIR field Field type Tooltip text Name of API field

Description of field purpose as per API specification document Purpose of field as per policy Additional guidance

Relationship to routing rules Example

Address of Service Delivery Pre-emptive text Street address format

Enter the address where the service was being provided to the client at the time of the incident. Note: For residential services, enter the facility's full street address rather than the facility's name. For kinship or foster care, enter the full street address of the kinship or foster care placement.Addresses entered will be validated by Google. If no match exists, enter the full street address manually.

Address of service delivery3.5.5 organisationAddressStreetNumberAndName 3.5.6 organisationAddressSuburb 3.5.7 organisationAddressState3.5.8 organisationAddressPostCode

Enter the address where the service was being provided to the client at the time of the incident. Note: For residential services, enter the facility's full street address rather than the facility's name. For kinship or foster care, enter the full street address of the kinship or foster care placement.Addresses entered will be validated by Google.

This field is designed to capture the primary address where the service is being delivered to the client that is the subject of the incident in order to map where services/incidents are occurring.

• In the event that an incident occurs on an outing from Day Program, the address of the day program site (not the incident site) should be used.

• This address can be the same as the client’s address in the event that the incident occurs in a residential accommodation setting or any other in home care based service.

• Organisational head office address should only be used if there is no fixed/standard address for where the service is routinely delivered.

None 8 Tom Street, Yarrawonga VIC, Australia 3730

Area Dropdown (21 valid responses)

Enter the DHHS service area where this service is delivered. For information about DHHS service areas go to DHHS area maps.

Area3.5.9 dhhsArea

Enter the DHHS service area where this service is delivered. (The DHHS service area selected should align with the address of service delivery.)

This field is designed to capture DHHS service delivery area which the address of service delivery is located.The DHHS area selected will determine which divisional office will be assigned the incident report for quality assurance/endorsement.

• The area selected must reflect where the service is primarily delivered from and not the organisation’s head office or area of the lead local engagement officer.

• The area does not automatically select to match the 'address of service delivery' entered. The user must make this selection.

Determines routing (combined with organisation name plus program area)

Barwon

Location of Incident Free text (up to 200 characters)

Enter the place where the incident occurred.

Location of incident3.5.18 incidentLocation

Enter the place where the incident occurred.

This field is designed to capture a free text description of the exact location where the incident occurred. It should include a description of the location and a street address where possible.

Stating an address is not specific enough as it needs to include details such as ‘Male bathroom at north end of Watsonia train station – platform 1’.

None In bathroom located on platform one at the Watsonia train station

Department-built client Incident register (CIR) API users All

Name of CIR field Field type Tooltip text Name of API field

Description of field purpose as per API specification document Purpose of field as per policy Additional guidance

Relationship to routing rules Example

Address(within client section)

Pre-emptive text Street address format

Enter the client's most recent, primary place of residence. If unknown, enter your organisation's address. Addresses will be validated by Google.

Address3.5.28 Client - AddressStreetNumberAndName3.5.29 Client - AddressSuburb 3.5.30 Client - AddressState3.5.31 Client - AddressPostCode

Enter the client's most recent, primary place of residence. If unknown, enter your organisation's address. Addresses will be validated by Google.

This field is designed to capture the address of the client’s primary place of residence.

• This address can be the same as the address of service delivery if the incident occurs in a residential accommodation service.

• If the client is homeless, the address not found option should be used with each field being completed with term ‘homelessness client’.

None 8 Tom Street, Yarrawonga VIC, Australia


To receive this publication in an accessible format phone 1300 650 172, using the National Relay Service 13 36 77 if required, or email CIMS <[email protected]>

Authorised and published by the Victorian Government, 1 Treasury Place, Melbourne.

© State of Victoria, Department of Health and Human Services, July 2018.

Available at the CIMS page on the Service Providers website <http://providers.dhhs.vic.gov.au/cims>.



Client incident management system (CIMS) frequently …providers.dhhs.vic.gov.au/.../2018-07/...service-provider… · Web viewWhen a service provider is using their own IT system

Documents