DIY NDIS provider registration: the allied health (verification) path

Becoming a Registered NDIS Allied Health Provider - a step-by-step guide

For allied health practitioners - OTs, physiotherapists, speech pathologists, psychologists, counsellors, dietitians, exercise physiologists, social workers, podiatrists, music therapists and more.

Version: 15 June 2026, updated after a review by a practising NDIS auditor. Checked against the NDIS Commission website and the NDIS Pricing Arrangements and Price Limits (PAPL) - rules change, so re-verify before you rely on it.

This guide covers therapeutic supports (registration group 0128), audited on the lighter verification pathway - a desktop review of your documents, with no on-site visit.

Also verification: therapy isn't the only thing on this pathway. Many lower-risk groups (assistive products, home and vehicle modifications, plan management, community nursing, interpreting) are verification too. See the full list of registration groups and confirm your own.

Not for: anything on the certification pathway - support work (personal care, daily-living skills, community participation), early childhood early-intervention (0118), specialist behaviour support (0110), SDA, or SIL.

Also deliver support work? Use the certification guide for those groups.

You register under one registration group:

Code	Support	Audit pathway
0128	Therapeutic supports	Verification

Two facts that make your life much easier than other providers: 1. One group covers many therapies. 0128 Therapeutic Supports covers a wide range of professions under the same registration group - you don't register a separate code per profession. But the support you advertise and bill must match the actual registration group, line item and qualification. Some therapy-adjacent supports sit in other groups: e.g. early childhood early-intervention / key-worker supports (group 0118) and specialist behaviour support (group 0110) are separate certification pathways, outside this guide. Add any certification group to the same application and your whole audit becomes certification. 2. You're on the lighter audit. If 0128 is the only thing you register for, you get a Verification audit: a desktop review of your documentary evidence by an Approved Quality Auditor (AQA) - no on-site visit, and no 18-month mid-term audit. It's typically ~$900-$1,800 and much simpler than certification. (The AQA can still ask for more evidence, and the Commission can attach conditions.) One thing stays true the whole way through: documents do not register you. They're the scaffolding. You become registered by holding the right qualifications, tailoring your documents to how you actually practise, using them, keeping the records that prove it, and passing the audit.

What the NDIS Commission says about consultants and purchased policies. You are responsible for the content of your registration application. If you use a consultant, advice service, or purchased policies to help you apply, the Commission expects that:

• you were substantially involved in preparing the application and associated documents
• you understand what you have submitted and can explain the content if required
• your application is an accurate representation of your organisation and key personnel
• you can demonstrate the suitability of your organisation to deliver disability supports, and not rely on the expertise of the consultancy or advice service
• your responses are specific to your organisation and are not a direct copy of purchased documents
• your documents accurately set out how your organisation complies with NDIS provider responsibilities
• the policies you provide accurately reflect how your organisation will deliver NDIS supports

That is exactly why this guide keeps saying: tailor every document to how you actually work, and make sure you understand what you submit. (Giving false or misleading information in an application is a civil penalty and a criminal offence.) Source: NDIS Commission - using consultants, advice services or purchased policies.

---

The tools you'll use

• A secure record system - for practitioner files, participant files, clinical notes and registers. Clinical notes are sensitive health information, so access control and security matter. Bluetail CRM (in development) is one option; any secure system that does this works.
• Documents - your registration document pack (Bluetail, or equivalent). Every name in bold below is a document from the pack. A generated document still needs your review and tailoring before you submit it.

---

STEP 0 - Are you ready and suitable to register?

Do this before anything else - and before you spend money on audit work, because suitability/non-disclosure risk is expensive.

0a. Suitability (you + your "key personnel")

Key personnel are the people who control or significantly influence the provider (a sole practitioner = you; a company = its directors). Separately, any worker in a risk-assessed role needs an NDIS worker screening clearance - the two overlap but aren't the same concept. Check honestly for your key personnel: no undisclosed bankruptcy/insolvency, relevant criminal history, banning orders, prior refusals or adverse compliance history; conflicts manageable. A past issue doesn't automatically mean refusal - but non-disclosure is itself a ground for refusal. Get advice first if you have history. At audit, be ready to provide for each key person (and any board member with decision-making authority): qualifications and certificates, a Working With Children Check where relevant, an NDIS worker screening clearance, and 100 points of ID.

0b. Legal entity (keep it consistent)

Decide sole trader vs company - that's the entity that gets registered. The registered legal entity must match your ABN, business name, insurances, service agreements, invoices and bank account. Note: AHPRA registration and professional-association membership usually belong to the individual practitioner, not the business entity - so keep each one in that practitioner's file, and link the practitioner to the provider through an employment, contractor or sole-practitioner arrangement.

0c. The practitioner gate (the allied-health non-negotiable)

Every therapy must be delivered by an appropriately qualified practitioner (or by a therapy assistant under documented therapist delegation and supervision, where the PAPL permits that claim - see Step 3b). Best practice: don't apply for 0128 until you can name at least one appropriately qualified practitioner and show their evidence. If you apply before engaging a practitioner, the current Qualifications guide allows the AQA to consider evidence of your capacity to engage qualified practitioners - but you must have the required qualified-practitioner evidence in place before delivering the registered support. Confirm this with your AQA before relying on it. The required registration/membership - and the level of it - varies by profession:

Profession	What the auditor checks	Confirm against
OT, physiotherapy, psychology, podiatry	Current AHPRA registration with the relevant Board	ahpra.gov.au + Commission Qualifications guide
Speech pathology	Certified Practising member (CPSP), Speech Pathology Australia	speechpathologyaustralia.org.au
Dietetics	Accredited Practising Dietitian (APD), Dietitians Australia	dietitiansaustralia.org.au
Exercise physiology	Accredited Exercise Physiologist (AEP), ESSA	essa.org.au
Social work	Membership with the Australian Association of Social Workers (AASW), or SA Social Workers Registration Board registration where relevant - plus evidence of therapeutic-support experience, clinical supervision and CPD	aasw.asn.au + Commission Qualifications guide
Counselling	Membership at the required level (e.g. ACA, PACFA accredited registrant, or CPCA full member)	the profession's body + Commission guide
Music therapy	Registered Music Therapist (RMT), AMTA	austmta.org.au
Developmental educator, art therapy, audiology, others	The exact registration/membership the Commission requires for that profession	NDIS Commission Qualifications & Professional Associations guide

⚠️ Mandatory step - don't rely on this summary table. The auditor checks the current NDIS Practice Standards Qualifications and Professional Associations Required Documentation Guide for your exact profession. Several professions require more than membership - the right membership level, plus experience, clinical supervision and CPD evidence. Download the current guide, find your profession, and save a copy of that page in your audit folder. ⚠️ "Other Professional" is not a loophole. Don't use the PAPL's "Other Professional" item just because your practitioner doesn't fit a named profession. Use it only where the current PAPL/Support Catalogue and the Qualifications guide actually support that practitioner type, scope and support. Keep written evidence of why they qualify (qualification, membership/registration, scope of practice, PI cover, supervision/CPD).

0d. Scope + children (get this right before you apply)

• Confirm the profession matches the support you'll bill (a physio bills physio items, not OT).
• Confirm you're 0128-only, not also straying into another group (0118 early childhood, 0110 behaviour support, equipment/home-mod/prosthetics groups). If you are, those bring their own group, pathway and audit - get advice first.
• Children: you can provide ordinary profession-specific therapy to a young child under 0128 if it's genuinely therapeutic support within your scope, billed under the correct therapy item. But early childhood early-intervention / key-worker supports are registration group 0118 - a separate certification pathway, outside this verification-only guide. A child receiving OT/speech/physio doesn't automatically mean 0118 - but early-childhood intervention supports do. Check the current PAPL, the participant's plan, and the Commission registration-group list before advertising or billing early-childhood supports.
• Not SIL or platform services. This guide is not for supported independent living (SIL) or NDIS digital-platform services. From 1 July 2026, those services have mandatory-registration pathways and separate registration classes/requirements - out of scope here.

---

STEP 1 - Preparation: lock your foundations

Get these in place, and save the evidence (certificate/screenshot) for each.

1a. Business + government foundations

• ABN + business structure registered, matching the entity from Step 0. → abr.gov.au
• Business name if you trade under one; GST if your turnover requires it (get tax advice); a business bank account in the entity's name. → asic.gov.au
• myID + RAM access set up - your secure government login to start the application. Set up myID, and if you're applying for a business or sole-trader ABN, link/authorise the entity in Relationship Authorisation Manager (RAM). You'll use myID/RAM to access the NDIS Commission Applications Portal. (The portal is moving from PRODA to myID/RAM.) → myid.gov.au · authorisationmanager.gov.au
• Insurances, with certificates of currency that name your legal entity and cover the exact discipline(s) you confirmed in Step 0c:
• Professional indemnity - essential for allied health; it must cover the discipline delivered. Held by the provider and/or each practitioner. If you use contractors, confirm whether your PI covers contractor-delivered services or whether each contractor needs their own - keep both the certificate and the scope wording.
• Ask your insurer/broker to confirm in writing that your cover extends to how you actually work - subcontractors, telehealth, home visits, paediatrics, assessments/reports and therapy assistants if relevant. A certificate that just says "allied health" may not be enough if the schedule or exclusions don't cover your model.
• Public liability - common market expectation is around $10-20m; match it to your real risks, confirm with your broker.
• Accident / personal accident insurance - as required by the current Verification Module required-documentation list and your business structure (sole practitioners often confuse this with workers comp and public liability).
• Workers compensation - required under your state/territory scheme once you employ workers (some states have a small-wages threshold); check your state regulator. If you don't yet employ anyone (or your wages are under the threshold), get a certificate of exemption / non-liability - an auditor wants to see either cover or proof you're exempt.

Need insurance? A shortcut. You can compare professional indemnity, public liability and accident cover for allied health from multiple insurers in one place through BizCover (or quote referral code Bluetail at signup). Bluetail has partnered with BizCover and may earn a small commission if you buy through this link, at no extra cost to you - it helps keep these guides free. Check the policy covers your exact discipline and how you work (telehealth, home visits, contractors).

• NDIS Worker Screening Check - cleared, for you and anyone in a risk-assessed role. A police check alone is not enough - auditors generally won't accept one in place of screening. → ndiscommission.gov.au/workers/ndis-worker-screening-check

Screening before you're registered: for a new/unregistered provider, apply for NDIS Worker Screening Database access through the Applications Portal as an "unregistered provider", then link/check your key personnel and workers (confirm status and expiry) before lodging your provider registration application.

• NDIS Worker Orientation Module ("Quality, Safety and You") done; keep the certificate. → training.ndiscommission.gov.au

1b. Tools ready

• Document pack available; record system set up and you can log in. End of Step 1: ABN, myID/RAM access, insurances (incl. professional indemnity matching your discipline), screening and orientation done, tools ready - with evidence saved.

---

STEP 2 - Build and tailor your documents

A verification auditor reviews your documents and records against the Verification Module (which centres on human resources/qualifications, incident management, complaints management and risk management). You don't need the full certification document depth - you need a focused, well-tailored set. Generate each pre-filled, then tailor it to how you actually practise.

⚠️ An untailored template is an audit failure waiting to happen. The auditor isn't checking that you have a policy - they're checking it describes how you actually work: who does what, how fast, and where you record it. Every spot you must complete is marked in red, highlighted text - replace or delete every red prompt before you submit, and wherever a document says you record something, name where ("recorded in [your CRM]"). If any red text is left, it's not finished. Policy vs procedure vs record - know the difference. A policy says what you do; a procedure says how you do it (the steps your staff follow); a form captures an event; a register tracks it; a completed record proves the system actually operates. If a document covers both the rules and the steps, title it a "policy and procedure". A policy pack alone is not an audit pack - the auditor wants to see the procedures and the records. The documents a verification (allied health) audit focuses on - from your pack:

Conduct & people

• NDIS Code of Conduct & Worker Code of Conduct
• Human Resources, Recruitment & Screening Policy (NDIS Worker Screening + qualification checks)
• Training & Development Policy (induction, the Orientation Module, CPD)
• Worker Supervision Policy (your clinical supervision structure)

Safety & rights

• Incident Management Policy & Procedure - ⚠️ must reference the NDIS reportable incident categories and timeframes (see Step 4). A generic incident policy is the classic verification fail.
• Complaints & Feedback Management Policy (+ Complaint Letter Templates)
• Risk Management Policy & Framework
• Participant Rights, Dignity & Safeguarding Policy
• Work Health & Safety (WHS) Policy + Emergency & Business Continuity Plan
• Infection Prevention & Control Policy - hand hygiene, respiratory hygiene/cough etiquette, standard precautions, PPE training/refresher requirements and PPE availability where required

Information handling

• Privacy & Confidentiality Policy + Data Breach Response Plan
• Records & Information Management Policy + Conflict of Interest Policy

Participant-facing (used per client)

• Participant Service Agreement (template) + Participant Consent Form (include consent to therapy / to share clinical information)
• Participant Intake & Assessment Form + Participant Risk Assessment (clinical)
• Participant Support Plan (template) - your therapy plan / goals, with outcome measures
• Progress Notes (template + guidance) - your clinical notes
• Participant Handbook / Welcome Pack; a referral / waitlist / discharge process
• If you don't have participants yet, prepare blank templates + clearly labelled sample/mock records only - don't invent real clients.

You can hold the rest of the pack too (it future-proofs you), but the above is what a verification auditor zeroes in on. You generally won't need the high-risk direct-care policies (medication, mealtime, restrictive practices) unless you actually deliver those.

Verification Module evidence map (what proves each area)

The application asks you to self-assess against the Verification Module. It's lighter than the Core Module and centres on your practitioners. Connect each area to the record that proves it:

Verification Module area	Where the proof lives	Example self-assessment line
Qualified practitioners	AHPRA reg / association membership (right level) matching the profession + the support billed, with expiry tracked	"[Name] is a [profession] with current [AHPRA/assoc] registration on file in [CRM]; we only deliver supports their profession covers."
Worker screening + orientation	Screening clearance + Orientation Module certificate for everyone in scope (expiries tracked)	"Everyone in a risk-assessed role holds a current clearance (tracked in [CRM]) and has done the Orientation Module."
Insurance	Current PI (covering the discipline) + public liability (+ accident)	"We hold current PI and public liability covering our clinical services; certificates are on file."
CPD + supervision	CPD logs + clinical supervision records	"Each practitioner's CPD and supervision are recorded in [CRM] and reviewed [frequency]."
Conduct, complaints & incidents	Code of Conduct sign-off; complaints + incident registers	"Complaints and incidents are logged in [CRM] and closed out; reportable incidents are notified within the required timeframes."

End of Step 2: a focused, tailored document set that describes your clinical practice, and a clear line from each Verification Module area to its evidence.

---

STEP 3 - Set up your record system: enter your data

3a. Set up access + privacy first

• Enter business details, ABN and logo; upload insurance certificates (PI + public liability).
• Set user access levels (clinical notes are health information - control who sees them), a password/MFA rule, a backup/export process and your data-breach process. Stand up your registers (3d).

3b. Practitioners - the centre of an allied-health audit

Treat your practitioner evidence as the spine of the whole audit - every other record hangs off it.

For every practitioner (including yourself if qualified):

• AHPRA registration or professional-association membership evidence (current, right level)
• Professional indemnity covering their discipline
• NDIS Worker Screening clearance + Orientation Module certificate
• Signed Code of Conduct, employment / contractor agreement + Position Description, Confidentiality Agreement
• Proof of identity / right to work; qualifications + CPD records; clinical supervision arrangement; scope of practice; discipline/specialties + availability + an expiry tracker
• Infection prevention & control refresher evidence and PPE training evidence where the practitioner or worker provides direct, hands-on supports

Example - "Marlowe Finch, OT" file: AHPRA registration evidence · qualifications · PI certificate (or employer's PI schedule) · NDIS Worker Screening clearance · Orientation Module certificate · signed Code of Conduct · contractor/employment agreement + position description · CPD log · supervision arrangement · scope-of-practice note · expiry tracker. Contractors get their own file (agreement, ABN, PI, qualification/registration, screening, orientation, scope, supervision) - and contractor status does not remove your responsibility as the provider. Therapy assistants - what they can and can't do (check the current PAPL). A therapy assistant delivers a therapist-designed program under documented delegation and supervision. They do not assess, diagnose, set goals, change therapy plans, make independent clinical recommendations or decide what supports a participant needs. A Level 1 assistant works under the therapist's direct supervision at all times; a Level 2 may work under indirect supervision only where the supervising therapist has assessed their competence and the task/participant risk allows it. Either way they're covered by the supervising therapist's (or employer's) professional indemnity. Don't hardcode the Level 1/Level 2 item numbers or claiming rules - check the current PAPL (it's updated regularly). And if a support worker simply carries out a therapist-set program as ordinary support work, don't rebadge it as therapy-assistant billing unless the current PAPL item, delegation and supervision genuinely support that claim.

3c. Participants - for each, collect and upload

• Signed Service Agreement + Consent Form (incl. consent to therapy / to share clinical info; note any limits/expiry)
• Clinical file minimum: why the participant came to you (referral / source of request), consent, assessment findings, goals linked to their plan, therapy plan/intervention, session notes, review / outcome measures, risks (including home/site risk where you do home visits or community sessions), key communications, and a discharge / transition summary where relevant
• Decision-maker/nominee/guardian + communication/cultural needs; NDIS plan details + how it's managed (plan/self/agency)

3d. Stand up your registers

• Incident Register (+ Report Form), Complaints & Feedback Register, Risk Register, Conflict of Interest Register
• Staff Record & Compliance Checklist (each practitioner's registration, screening, orientation, PI expiry, CPD), CPD/Supervision register, Policy review register End of Step 3: your record system holds your org (with access controls), your practitioners (fully evidenced - the key part), your participants, and your live registers.

---

STEP 4 - Practise and build the evidence

A verification auditor still wants to see your systems working, not just written down.

⚠️ Do you even need to be registered? Many allied health therapists work with self-managed and plan-managed participants without being registered. Registration lets you also serve NDIA-managed participants and appear on the registered-provider list. Either way: until your certificate issues you are not an NDIS-registered provider - don't market yourself as "NDIS registered" or "NDIS approved", or as able to take NDIA-managed participants, until the certificate is issued - and keep your clinical records as if you already were.

• Clinical Progress Notes for every session - factual, goal-linked, dated and attributed to the practitioner.
• Any incident → Incident Register, with the right reportable handling if it qualifies:
• Immediate Notification Form - within 24 hours of becoming aware, for: a death; serious injury; abuse or neglect; unlawful sexual or physical contact or assault; sexual misconduct; and a restrictive practice that is unauthorised or not in a behaviour support plan where it caused harm.
• 5 Day Form - within 5 business days of becoming aware (the only form needed for an unauthorised restrictive practice that didn't cause immediate harm). Missing these timeframes can itself trigger compliance action.
• Any complaint/feedback → Complaints Register, closed out. Clinical supervision, CPD/training, continuous improvement and policy reviews → recorded as they happen.

Evidence quality rules: records are dated and identify the author; corrections never delete the original history (important for clinical notes); notes are factual and objective; incidents/complaints link to corrective actions; feedback links to improvement. Reportable-incident obligations formally apply once you're a registered provider - but build the habit now: a verification auditor samples how your incident/complaints system operates, so it needs to be real, not just written. This is only about the Commission's reportable-incident forms - it does not mean an unregistered practitioner can ignore a serious incident. You are still bound by the NDIS Code of Conduct, and anything serious or unlawful (abuse, neglect, assault, sexual misconduct, a death) must still be reported to the right authorities (police, child protection, the coroner) and to the participant or their decision-maker. ⚠️ No clients yet? Build system-readiness evidence (label it a drill/scenario, never a real client record): a mock incident + mock complaint run through your registers; an internal review against the Verification Module; a de-identified sample assessment/therapy plan; supervision + CPD records for yourself. Ask your auditor in writing whether they'll accept it - and note that system-readiness evidence isn't the same as real implementation evidence and doesn't guarantee registration.

---