Managing compliance around Conflict of Interest for Specialist Services

Many Providers who offer Specialist Services i.e. Support Coordination and/or NDIS Financial Plan Management (FPM), along with other Services e.g. Direct, need to pay particular attention to not only the way that the privileges required to manage Activities are set up and also the way in which Staff Account access is granted. 

Prerequisites

An understanding of the following important functions and features relating to maintaining privacy is recommended:

• Managing Privacy article
• Journal Permissions article
• Locking Documents by Service article

Familiarity with the following, based on the Specialist Services your organisation delivers is also recommended:  

• NDIS Support Coordination article
• Steps to set up and use the NDIS Financial Plan Management (FPM) functionality article

Managing Activities for Specialist Services

Many Providers who deliver Support Coordination require the Staff delivering this Service to have a greater level of autonomy to create, edit and manage Activities. Including performing the Activity Sign Off for invoicing.  

The Team Leader privilege requirement to manage Activities can be deactivated at a Site/Service level, meaning this may be turned off for Specialist Services such as Support Coordination, whilst maintained for all other Site/Services:

Turning this off means that the Staff who work in this Service will then have the ability to create, edit and manage Activities without needing the Team Leader Privilege. Whilst Staff who work in the other Services will continue to need the Team Leader Privilege. 

Alternatively, if the 'Only Team Leaders Can Edit Activities' setting remains active, Staff who work in these Services may be granted the Team Leader privilege, for this Site/Service  only in the 'Sites and services where this staff member works' section of their Staff Account

Staff Account access

When Providers deliver specialist Services, it is important to ensure that Staff only have access to the areas of the organisation that they specifically require. For example: 

This is of particular importance to ensure that the inbuilt privacy barriers in SupportAbility are applied correctly. These Services must be managed separately to meet compliance obligations under the NDIS and demonstrate that there is no conflict of interest. 

When Staff have been granted any of the following privileges they will have access to ALL Services, including any Specialist Services: 

'Team Leader for ALL Services'

'Human Resources for ALL Staff'

'Edit Client Records Across ALL Services'

OR

'Administration ALL SERVICES' for the Site that a Specialist Service such as Support Coordination or NDIS FPM is available from:

Therefore when access to these Services should solely be reserved to the Staff who work in them, existing Staff Accounts may need to be audited to identify who has been granted 'global' Security Privileges or 'Administration ALL SERVICES' and amended as required.  

The  Staff Privileges Report (article linked below) may assist in identifying who has been granted Security Privileges in your organisation.