To take the NDIS to the next level will require cultural and operational changes that give the National Disability Insurance Agency the tools, and the mindset, to properly manage its business.
The NDIS is an outstanding Australian initiative. Based on the principle of ‘reasonable and necessary supports’, it funds services to 760,000 people with severe disability. Over the last twelve years the NDIA has moved the NDIS from a concept to a fully implemented scheme deployed Australia-wide. Annual costs now are of the order of $50 billion and growing at a rate of around 10 per cent a year.
There are approximately 320,000 NDIS service providers of whom about 20,000 are ‘registered’. The rest are not, which can mean that little is known about them. While there are a few large providers, the vast majority (300,000 or more) are small or medium-small providers with an average of two clients each. Most of these are bona fide organisations that provide quality services, although Minister Butler, and Minister Shorten before him, have expressed concern over the growing number of fraudulent providers extracting funds from the scheme without delivering service or value.
In his recent address to the National Press Club, Minister Butler outlined plans to cut the number of participants by 160,000 to reduce cost growth. I agree with him on the need to control costs but beg to differ on the approach. The NDIA is still evolving. While it has rolled out the NDIS, it is not in sufficient control of the scheme to control costs, nor to substantially reduce fraud, nor to protect participants from privacy loss or abuse. This is not a criticism of the NDIA. It is a list of challenges to be addressed in the next steps of the organisation’s development.
From my perspective as a carer for two adults with mental/cognitive disabilities, I see the NDIA’s top-level goals at this stage are to: control costs and cost growth; reduce and eventually eliminate fraud; protect participant data; protect participants from abuse. This will require cultural and operational changes to give the NDIA the tools, and the mindset, with which to properly manage its business.
The underlying issues to be addressed are:
1 The NDIA mindset needs to change from running a government entity to a corporate entity, while still maintaining a primary focus on the wellbeing of participants.
2 NDIS service agreements These are contractual arrangements between NDIS service providers and participants that address such things as what services will be provided, the price of the services, responsibilities of providers and of participants, and privacy. There are multiple issues with service agreements including non-identified providers, wording that suits providers, defaults that protect providers, and little protection of participant privacy.
To quote the NDIS website: “Making a service agreement is a negotiation between you and your provider”. That is legally correct, but in practice it is nonsense because the vast majority of participants have neither the legal knowledge nor the mental capacity to ‘negotiate’ terms with their provider. In reality, it doesn’t happen. Providers present ‘their’ service agreement and say: “Sign here”. Thus with 320,000 providers, there are approximately 320,000 different service agreements.
The solution is for the NDIA to step in with its team of lawyers and public health experts, and rationalise this down to about a dozen, standardised service agreements, built around the needs of the participants in each sector, for example: those with autism; those with psychosocial disability; those with physical disabilities etc. Each agreement should have defaults to protect participants and be able to be customised to participant needs. All should protect the privacy of participants.
3 Data management The NDIS Act and Rules are set up to maintain strict privacy and control of information held by the NDIA and the NDIS Commission. Additionally, providers are required to maintain privacy of participant data. However, many would have little knowledge of the Privacy Act or the Australian Privacy Principles. Furthermore, most would not understand, or have systems set up with, security hardening and the security protocols promulgated by the Australian Signals Directorate. Put simply, participant data is likely to be held on 20,000 or more computer systems that have no standards for privacy, and little or no resistance to hacking.
4 Systems design Set up a team to explore the scope for a total systems redesign. The current system, with participant data held on 300,000 different computer systems, most of which are insecure, is not satisfactory. Furthermore, at the moment there is not enough key data captured by the NDIA. The question to explore is the extent to which the 300,000 systems could be replaced with one centralised system to which providers and participants had selective authorised access. Such an operational system would record all transaction data relating to services delivered and allow integrated billing for those services.
This would also mean standardised data could be collected. AI could be used to review such data, calculate norms for various service types, and identify outliers for review as possible fraud. Such a system would enable (when required) closer management of service delivery. It would generate more accurate, extensive and timely reports on all aspects of service delivery and costs. In my view, it will be almost impossible to obtain effective financial control of NDIS outlays without such a system.
5 Provider data collection Extensive data collection from all providers is imperative. Fraud is not eliminated in a single step. It requires multiple actions, each of which prevents or reduces the likelihood of fraud. There is a need to collect corporate data, details of directors and key personnel, along with operational and financial data of providers on a ‘nowhere-to-hide’ basis.
6 Audits of providers must be a standardised part of the process where audits can be scheduled and unscheduled. Auditors must have right of entry, right to search and to examine records. A forensic approach is necessary if fraud is to be eliminated.
7 Whistleblower protection There are undoubtedly cases of participant neglect and abuse every day. There may also be fraud. Well-meaning staff who see this may attempt to report it, but often these reports are disregarded. The absolute first priority of the NDIS must be the safety of participants. There must be a requirement that all large providers have effective internal whistleblower policies and practices. And, that the NDIA itself (or the Commission) has a whistleblower department that takes action to protect both participants and whistleblowing staff.
Collectively, these steps are necessary to move the NDIS from a cottage industry with an ‘open trough’ business model to a well-managed, financially controlled, service delivery program.
University of Melbourne: B.Sc (hons) Chemistry, Biochemistry; PhD Chemistry.Career: Industrial chemical research – 5 years; Management consultant: 20 years, working for private sector and government clients in industries including petrochemical, health, food, manufacturing, defence, legal, professional and human services; with projects relating to manufacturing control, organisation development, systems development, marketing and strategic planning. Corporate executive: 5 years in telecommunications industry with responsibilities including product development, systems development and marketing. Community service: Lifeline counsellor and trainer – 5 years. Peter Kent is the founder of Restart Health Services: a charity for those with severe mental illness. restart.org.au