The Agency Management Committee is appointed by the Ministerial Council. It ensures that AHPRA performs its functions in a proper, effective and efficient way. It is responsible for determining and agreeing AHPRA policies and setting the strategic direction for the National Scheme.
Four directorates govern AHPRA’s corporate activities with a total of 992 full-time equivalent staff: Regulatory Operations 668, Strategy and Policy 105; Business Services (including CEO office) 196; and People and Culture 23.
Regulatory Operations is responsible for the efficient and effective delivery of core regulatory functions – registration, notifications, compliance and legal services – under the National Law. It provides leadership and strategic direction in developing and providing operational policy and procedures that support decision-making across these functions. Offices in each state and territory deal directly with local stakeholders and support the decision-making of local boards and committees.
This directorate is accountable for operational performance across the regulatory functions. It is committed to continuous improvement and quality assurance of our regulatory processes, through the continued refinement of our service model.
In 2018/19 we continued moving towards a national function-based operating model to carry out all our regulatory functions. The national models for legal, registration and parts of our notification functions have been confirmed and implemented, and we finalised a national model for compliance to be implemented next year.
Arranging our regulatory teams along national reporting lines will enable national consistency in how we work, and how we make our work visible, and will allow us to mobilise the skills and expertise of all our staff. The national model includes having clear points of contact for our stakeholders at each of our state and territory offices, including the state and territory managers.
Strategy and Policy undertakes whole of National Scheme strategy, policy, engagement and regulatory governance functions that are effective and responsive. It provides high-quality services that are national and run across the professions we regulate. It works in partnership with National Boards and collaboratively with accreditation authorities and key partners.
Business Services delivers corporate support, providing effective and efficient business systems and processes to reach our strategic objectives. Its main functions include providing information technology, cyber security and architecture, facilities management, finance and procurement, scheme-wide insurance portfolio, and organisation-wide risk management to ensure that we manage risk well.
People and Culture provides services to meet the needs of our people from employee engagement through the whole of their AHPRA career. This includes services such as learning and organisational development, health and wellbeing, recruitment, payroll and remuneration, leave and benefits, staff movements, and starting with and leaving AHPRA.
The National Executive is AHPRA's national leadership group. In 2018/19 its members were:
Our state and territory managers are our senior leaders in each jurisdiction, and are based at each of our offices:
We work to ensure the long-term sustainability of the scheme. We do this through strategic financial management with a long-term view considering the strategic goals and objectives of the scheme. We plan, organise, direct and control the financial resources, ensure compliance with legislation and provide guidance to the National Boards.
The Finance, Audit and Risk Management Committee (FARMC) is the principal committee of the Agency Management Committee that oversees finance, audit and risk. This committee reviewed the annual financial reports and projections with management, focusing on the integrity and clarity of disclosure, compliance with relevant legal and financial reporting standards, and the application of accounting policies and judgements.
AHPRA’s income for the full financial year to 30 June 2019 was $203.22 million. Our income for the full year includes the components shown in Income type table.
Income type 2018/19
AHPRA and the National Boards work in partnership to ensure long-term financial sustainability. We recorded a net deficit of $6.132 million in 2018/19.
Fees set for each National Board aim to meet the full costs of regulation for each profession. The Registration fees for each profession table provides an overview of registration fees by profession since the start of the National Scheme.
Registration fees for each profession
AHPRA is subject to a wide range of Commonwealth, state and territory legislation and subordinate rules made under that legislation, such as regulations and obligations under the general law. We are committed to constantly reviewing and improving both AHPRA and National Board procedures and activities to comply with these laws and to promote a culture of compliance. We have carried out a range of activities, described below, to instil the principles set out in Australian Standard 3806–2006: Compliance programs into our everyday activities.
When compliance concerns have been identified through monitoring, or applicable legislation is amended, relevant staff have been allocated responsibility to take practical steps to ensure compliance. Responsible officers regularly report to AHPRA’s senior executives and the FARMC on the compliance steps they propose to take or have taken. This occurred in 2018 when amendments were made to the Health Practitioner Regulation National Law, which changed the way the Privacy Act 1988 (Cth) and Freedom of Information Act 1982 apply to AHPRA and the National Boards.
AHPRA engages third party providers such as contractors and consultants to help administer the National Law. To ensure compliance with the National Law and the wider regulatory framework, AHPRA’s standard contract terms require contractors to comply with applicable legislation and policies, including confidentiality, privacy, freedom of information (FOI), information security, record management, employment, and workplace health and safety. Where appropriate, AHPRA requires contractors to permit audits to demonstrate compliance.
Within the past 12 months, AHPRA introduced a new procurement policy and intranet site to enhance organisational compliance with financial management duties under Part 9 of the National Law. AHPRA also maintains a central repository for contracts and tenders, designed to monitor contractor performance and achieve expense resource planning.
Practitioner Information Exchange (PIE) is a secure web-based system providing information to employers about the registration of the health practitioners they employ, including any restrictions that a Board might have placed on their registration. It helps employers connect human resources, clinical management, risk management, IT security and customer management systems into an effective health practitioner registration data source.
This year, there were 94 subscribers to the PIE service from government departments, public and private hospitals, and the educational and research sectors.
This year has seen a significant change in the way that AHPRA manages and responds to administrative complaints. AHPRA has revised its administrative complaints handling policy and procedure and created a new National Administrative Complaints team led by a National Complaints Manager, to ensure national consistency and oversight of our complaints management framework.
The purpose of the new policy is to listen to the concerns that people have raised, and respond to complaints promptly, empathetically and fairly. We are committed to excellent customer service and continuous improvement. Feedback is always welcome and helps us improve our services and this is why it was important to us to improve our management of administrative complaints.
The new policy makes it easier for people to make a complaint, to understand how we will manage their complaint once we receive it and what people can do if they remain concerned after they receive our response.
We have also significantly reduced the expected timeframes to respond to a complaint.
The new policy was published on our website along with revised information about how we manage complaints, on 12 April 2019.
Straightforward complaints (stage 1) are handled by the area that receives them, and complex complaints (stage 2) by the Complaints team. Stage 3 complaints are investigated or reviewed externally by the National Health Practitioner Ombudsman and Privacy Commissioner (NHPOPC). We report annually on all stage 2 and 3 complaints.
This year there was an increase in the number of complaint matters dealt with directly. We received 297 stage 2 complaints directly, up from 234 last year. A total of 214 complaints were transferred to us from NHPOPC. We also assisted the NHPOPC with 128 investigations which were initiated during the reporting period. The Stage 2 complaints by profession table outlines the number of complaints we received directly by profession. We are continuing to refine our data to ensure complete reporting on administrative complaints.
Stage 2 complaints by profession
This year we received 129 stage 2 complaints about notification-related matters. The majority of these complaints were about dissatisfaction with the decision made. Other categories of complaint were about communication during the management of a notification and concerns about delay. The NHPOPC referred 67 complaints to AHPRA that related to notifications. Of these complaints 57 were received from notifiers and 10 from practitioners. The Stage 2 notification complaints by issue table provides information about the number of notification-related complaints received directly.
Stage 2 notification complaints by issue
This year we received 161 stage 2 complaints about registration-related matters. Complaints about delay in registration applications accounted for 65.8% of all registration-related complaints. Other categories of complaint were concerns about registration policy and communication. The NHPOPC referred 140 registration complaints to AHPRA for direct management. Of these complaints 110 related to delay, 26 to process and/or policy and four to fees. The Stage 2 registration complaints by issue table provides information about the number of registration-related complaints received directly.
Stage 2 registration complaints by issue
Of the remaining seven complaints received directly, three were about Boards, three about campaigns, and one about privacy. Of the seven remaining complaints that were forwarded to us from the NHPOPC two were complaints relating to Freedom of Information and five related to privacy.
Section 215 of the National Law provides that the Commonwealth’s Freedom of Information Act 1982 (FOI Act) applies to the National Law, as modified by regulations made under that law.
AHPRA received 273 Freedom of Information (FOI) applications, including 29 applications for internal review and one tribunal/court-related matter.
During the year, 265 applications were finalised including 28 internal reviews and one tribunal/court-related matter.
As at 30 June 2019, 24 matters remain on hand.
Finalised FOI applications in 2018/19
Some significant changes to the law that regulates access to the information we hold occurred in 2018/19. These changes include:
The Digital House program is an initiative linked to our strategic objectives, delivering the technologies that enable us to regulate effectively and provide improved service and experience for customers and staff. Achievements of the program over the past 12 months have been:
Throughout the reporting period we focused on the implementation and enhancement of an Enterprise Resource Planning system through our Pulse program. The Pulse program saw the successful launch of a new payroll system with further enhancements proposed in 2019/20 to better support our corporate processes and integrated people and financial systems.
AHPRA maintains an active information governance program. The information governance activities include:
AHPRA has a well-established information security assurance program, including reviews of our cyber-preparedness and cyber security. These reviews have confirmed continual improvement of our information security and cyber threat programs. We recognise the continuing volatility of the digital environment and maintain a high level of vigilance on cyber threats. Informed by the outcomes of our cyber assurance program, we continue an active and responsive program of work through our annual workplan.
AHPRA has an agreed plan that assigns responsibility to each of the four Executive Directors for managing risks on a day-to-day operational level for their directorates. Each directorate has an assurance plan that records the risks relevant to that directorate.
Risks are identified, assessed, monitored and managed at a directorate level, but escalated in accordance with the requirements of the Corporate Assurance Framework and recorded in the Corporate Assurance Plan for review and monitoring by the CEO and the National Executive.
The Corporate Assurance Plan reports the escalated risks and risk ratings, along with the controls and assurances put in place to mitigate the risks. The plan is reviewed by the Finance, Audit and Risk Management Committee (FARMC) to monitor the effective management of risks reported to the Agency Management Committee and the National Boards.
FARMC assures that systems are in place so AHPRA effectively and appropriately manages risk and oversees the operation of those systems. AHPRA’s internal audit function forms part of the review process, provides assurance on the risk management process, and advises the committee accordingly. The internal audit done during the year gave an independent assessment of this to the committee.
AHPRA handles significant volumes of sensitive and personal information about registered health practitioners, students and notifiers. We recognise our obligations to protect this information and have established an ongoing program of work to strengthen our current practices in minimising the risk of data loss, to ensure data are collected, held and used in accordance with privacy law and best practice. We held an annual information awareness program that aligns with external activities such as Privacy Week and Cyber Security Awareness Week.
The CEO is responsible for reviewing the effectiveness of the system of internal control, which has been in place this year and, up to the date of approval of the annual report and accounts, in accordance with guidance from the Victorian Auditor-General’s Office (VAGO). The review is informed by the work of internal auditors and senior AHPRA managers who are responsible for developing and maintaining the internal control framework, and comments made by external auditors in their management letter and other reports. The FARMC has been advised on the outcome of the review. Plans are in place to address identified weaknesses and ensure continuous improvements.
The managers responsible for the system of internal control provided the CEO, through the Executive Director Business Services, with assurance that AHPRA’s system of internal control is subject to consistent monitoring, review and improvement, and that AHPRA’s key risks are being identified, assessed and managed appropriately to ensure the goals and objectives of the National Scheme are achieved.
The latest version of the Corporate Assurance Framework was presented to FARMC in March 2019.
AHPRA’s internal financial and risk management staff, in liaison with the internal auditors, plan and carry out a FARMC-approved work program to review the design and operation of the systems of internal control. When weaknesses have been identified, they are reported to FARMC and an action plan is agreed with management to implement the recommendations as part of this process.
Our risk mitigation strategy includes the appropriate and proportional placement of insurances. Throughout the financial year, our insurance portfolio was up to date and was reviewed and renewed for a further 12-month period on 30 June 2019. The insurance program is overseen by FARMC.
The Executive Director Business Services has the designated operational responsibility for maintaining and developing the organisation-wide system of internal control. The CEO is the designated executive with operational responsibility for the system of risk management and risk reporting.
The Agency Management Committee takes an active role in risk management, receiving periodic reports and reviewing the Corporate Assurance Framework.
FARMC oversees AHPRA’s governance processes and has reviewed the Corporate Assurance Plan at its meetings, together with movements in the risks identified through that framework and their management.
We are not aware of any significant risk management issues that would prevent AHPRA from delivering the National Scheme’s goals and objectives that have not been identified, assessed and which do not have an appropriate plan. We are satisfied that work is underway that is designed to ensure AHPRA identifies, assesses, monitors and manages risks appropriately.