Policy Directive

PRINT
Legislative Compliance
Organisational, Management and Staff Obligations
Document No:

SSW_PD2007_ 005

Functional Sub-Group:

Corporate Governance
Clinical Governance

Summary:

The legislative compliance program should aim to

prevent, and where necessary, identify and respond to,
non-compliance with laws, regulations and relevant
professional codes and Australian Standards.
This policy provides guidance for staff about their
legislative obligations and how compliance can be
assessed.

Approved by:

Director of Corporate Services

Publication (Issue) Date:

July 2007

Next Review Date:

July 2010

Replaces Existing Policy:

Yes (GB&M: 2.7.1, dated April 2007)

Previous Review Dates:

April 2007

Note:

Sydney South West Area Health Service (SSWAHS) was established on 1 January 2005 with
the amalgamation of the former Central Sydney Area Health Service (CSAHS) and the former
South Western Sydney Area Health Service (SWSAHS).
In the interim period between 1 January 2005 and the release of single Area-wide SSWAHS
policies (dated after 1 January 2005), the former CSAHS and SWSAHS policies were
applicable as follows:

SSWAHS Eastern Zone : CSAHS

SSWAHS Western Zone: SWSAHS

Compliance with this policy directive is mandatory

Page 1 of 12

Sydney South West Area Health Service

Policy No: SSW_PD2007_005

Date Issued: July 2007

LEGISLATIVE COMPLIANCE ORGANISATIONAL, MANAGEMENT AND STAFF

OBLIGATIONS
Contents
1.

Introduction

2.

Identification of Compliance Obligations, Promoting Awareness and Facilitating

Compliance
2.1
2.2
2.3
2.4
2.5
2.6

3.

Statutory Obligations and Regulatory Requirements

Common Law Obligations
Relevant Professional Codes and Standards of Practice
SSWAHS Policies and Procedures
Facilitating Compliance
Centralised Systems to Facilitate Compliance

Identification and Allocation of Responsibilities

3.1
3.2
3.3

Key Responsibilities for Staff

Key Responsibilities for Managers
Senior Managers and Executive Staff

4.

Assessing Compliance

5.

Monitoring Compliance

6.

Recording Outcomes / Results at Monitoring Compliance

7.

Legislation Register

8.

Potential Non-compliance / Breach

9.

Reference

10.

Definitions

Compliance with this policy directive is mandatory

Page 2 of 12

Sydney South West Area Health Service

Policy No: SSW_PD2007_005

Date Issued: July 2007

LEGISLATIVE COMPLIANCE ORGANISATIONAL, MANAGEMENT AND STAFF

OBLIGATIONS
1.

Introduction
Sydney South West Area Health Service (SSWAHS) is committed to complying with
relevant legislation and obligations and to facilitate this, all facilities / services are
required to establish a compliance program, which is consistent with Area Health
Service policy and which addresses key risks and meets organisational needs.
An effective compliance program is considered an important element in fulfilling the
corporate governance responsibilities of the organisation, whether in relation to clinical
or non-clinical obligations. The compliance program should aim to prevent, and where
necessary, identify and respond to, non-compliance with laws, regulations and
relevant professional codes, Australian standards, NSW Health policies and SSWAHS
policies / procedures. This is best done by promoting a culture at all levels within the
organisation of valuing compliance with both statutory and common law obligations.
Compliance is to be achieved through the joint actions of staff and management.
The general aim of the compliance program is to prevent non-compliance through a
structured and planned program. Such a program includes:

identifying compliance obligations and promoting awareness;

allocating responsibility to the relevant officers to facilitate staff and organisational
compliance with obligations;
undertaking a risk assessment of obligations to identify actions / strategies to
prevent / minimise risks of non-compliance;
assessing how well each facility / service meets its obligations and identifying
where and how it could improve;
establishing monitoring mechanisms to provide an information base for
management, including identifying any non-compliance and remedial action taken;
establishing reporting mechanisms, including an annual report, to relevant
management and quality committees;
promoting to staff and management awareness of the importance of compliance
with specific obligations, as well as commitment to compliance, as an
organisational value;
fostering continuous improvement in compliance processes across the service to
ensure obligations are met.

The risks addressed by this policy:

Corporate and clinical risks

The aims / expected outcomes of this policy

To facilitate staff awareness of their legislative obligations and to provide guidance

to facilities / services to establish compliance programs.

Compliance with this policy directive is mandatory

Page 3 of 12

Sydney South West Area Health Service

2.

Policy No: SSW_PD2007_005

Date Issued: July 2007

Identification of Compliance Obligations, Promoting Awareness and Facilitating

Compliance
Compliance obligations may be categorised as follows:

Statutory obligations and regulatory requirements

Common law obligations
Relevant professional codes and standards of practice
SSWAHS policies and procedures

Primary / useful sources of information in relation to these obligations are outlined

below (sections 2.1-2.4).
2.1

Statutory Obligations and Regulatory Requirements

Legislation applicable to the NSW Health system, including SSWAHS, is listed
on the NSW Health Intranet site at NSW Health Legal Branch Acts &
Regulations.
This site lists key legislation, along with information about:
- existing legislation under review
- new legislation being drafted

2.2

Common Law Obligations

Useful sources of information about common law obligations may be found at:
http://www.austlii.edu.au and http://www.agis.nsw.gov.au
Key word searches are required to identify and retrieve information.
Where deemed necessary, professional legal advice may be obtained in
accordance with the provisions of the SSWAHS Delegations Manual.

2.3

Relevant Professional Codes and Standards of Practice

Sources of information about professional standards of practice include
Professional Associations, such as the Colleges, Guilds and other
Associations.
Professional staff are encouraged to join their relevant professional
associations to obtain up-to-date information about professional development
and advances in their field of practice.
Other Bodies and Agencies with recognised expertise include, for example:
-

Professional Registration Boards

Universities and other teaching facilities
Australian Council Healthcare Standards (ACHS)
NSW Ombudsman
Independent Commission Against Corruption (ICAC)
NSW Privacy

Compliance with this policy directive is mandatory

Page 4 of 12

Sydney South West Area Health Service

Policy No: SSW_PD2007_005

Date Issued: July 2007

Anti-Discrimination Board
Professional consultants engaged to lead key projects eg project
managers engaged to undertake major capital works
SSWAHS staff with recognised expertise

Australian Standards can be accessed at:

http://www.standards.com.au
Key word searches are required to identify and retrieve information.
2.4

SSWAHS Policies and Procedures

SSWAHS policies are located on the SSWAHS intranet site at:
http://intranet.cs.nsw.gov.au/SSWPolicies/default.htm
SSWAHS ensures that policies and procedures are available to govern the
operations of facilities / services. These policies and procedures are in
accordance with NSW Health Department and Statutory requirements.
The general manager / service director of each facility / service within
SSWAHS is responsible for developing procedures consistent with legislation
and with the policies of the NSW Health Department and SSWAHS, where
specific procedures are deemed necessary.
Policies / Procedures must be reviewed at least every 3 years.

2.5

Facilitating Compliance
SSWAHS facilitates compliance with its policies, by-laws and regulations and
any applicable statutes and regulations through its management structure. To
facilitate compliance it is necessary to:

document policies and procedures

conduct audits
undertake risk assessments
provide training sessions
develop health and safety plans

Each facility / service shall be able to provide evidence that it has undertaken
such activities, based on their particular organisational needs.
The general manager / service director of each facility / service is responsible
for implementing a system to promote the understanding and awareness of
compliance obligations to all staff. Systems / mechanisms that are deemed to
be suitable, for example, include:

Stating key compliance obligations in policy documents and position

descriptions
Incorporating compliance as a component of the Induction / Orientation
program

Compliance with this policy directive is mandatory

Page 5 of 12

Sydney South West Area Health Service

2.6

Policy No: SSW_PD2007_005

Date Issued: July 2007

Incorporating compliance training in appropriate staff development

activities
Providing specific training to staff with specific responsibilities, prior to or
when there are legislative changes
Incorporating compliance certification into the performance planning and
review processes
Conducting annual checks of professional registrations
Conducting pre-employment risk assessments

Centralised systems to facilitate compliance

The following centralised monitoring systems have been established and
general managers / service directors are to submit information to the
nominated officers to facilitate maintenance of the systems and monitoring of
non-compliance and potential non-compliance:
Environment Protection Authority (EPA) licences Director Corporate
Services
Annual Fire Statement (due date) Director Corporate Services
WorkCover Prohibition Improvement Notice (PINs) (copy of notice and key
facility contact officer) Director Corporate Services
Public Health Director Public Health
Proof of Professional staff registration facility general managers (and HR
departments) data is to entered into Workforce
Potential non-compliance which poses a significant risk to the organisation
Director Corporate Services

3.

Identification and Allocation of Responsibilities Identification and Allocation of

Responsibilities
3.1

Key Responsibilities for Staff

3.2

gaining a full understanding of their legal obligations

complying with their legal obligations, including their SSWAHS policy
obligation
undertaking relevant training
reporting incidents of non-compliance
assisting with investigations

Key Responsibilities for Managers

operating the facility under the authority of the Health Services Act 1997,
as well as other relevant legislations
implementing both NSW Health Department and Area policies and procedures
implementing effective controls to achieve compliance, for example
conducting criminal record checks on persons applying to work within
SSWAHS; ensuring OHS inspections are undertaken; providing equipment
to enable safe work practices
provide access to training for staff to raise their awareness with respect to
legislation eg privacy legislation, child protection legislation
recording and reporting non-compliances / breaches
monitoring the effectiveness of controls

Compliance with this policy directive is mandatory

Page 6 of 12

Sydney South West Area Health Service

3.3

Policy No: SSW_PD2007_005

Date Issued: July 2007

ensuring equipment that requires certification is certified

implementing health and safety plans and any other relevant plans which
facilitate compliance

Senior Managers and Executive Staff

The responsibilities for senior managers and executive staff include those
listed above for managers as well as:
undertaking risk assessments and prioritising any strategies to minimise
the risk of non-compliance
supporting staff and managers to achieve their obligations
reporting and investigating any potential breaches of compliance
implementing systems to facilitate compliance, for example:
- the establishment of a register to monitor critical licence expiry dates for
ionising equipment
- the establishment of a register to monitor key certification dates for
annual fire statements

4.

Assessing Compliance
Compliance will be assessed, primarily, by:

Conducting of audits, by the Internal Audit Unit, with the Units audit program
having been developed based on greatest risk
Conducting facility based audits both random and scheduled. These are to be
determined on a risk assessment needs basis
Assessing staff knowledge
Reviewing exceptions / incident reports to identify incidents of potential noncompliance and then initiate corrective action
Issuing of notices of breach by relevant authorities eg EPA, WorkCover, Councils,
NSW Fire, NSW Police

Compliance audits will include, but not be limited to:

Audits conducted by the Internal Audit Unit and as approved by the SSWAHS
Audit and Corporate Risk Management Committee
Medication / prescribing audits and S8 / S4D drug prescribing / administration /
storage audits
Medical Records audits
OHS workplace inspections
Issue of Annual Fire statements
Review of professional registration renewal dates

Assessing staff knowledge will include, but not be limited to, conducting targeted staff
surveys, based on organisational needs, for example:
for staff working in food services, assessing their knowledge of food safety
requirements
for staff working in medical records, seeking to confirm that they understand
privacy legislation
for staff who work at the Department of Forensic Medicine, assessing their
knowledge of the Human Tissue Act

Compliance with this policy directive is mandatory

Page 7 of 12

Sydney South West Area Health Service

Policy No: SSW_PD2007_005

Date Issued: July 2007

for staff working in HR and payroll services, assessing their knowledge of industrial
relations legislation and award interpretation
incorporating specific questions into staff performance reviews
incorporating questionnaires / surveys into staff development and training
programs, for example, as a part of the training programs for OHS, fire safety and
CPR
conducting online assessments, for example, staff knowledge of the Code of
Conduct

Incident / exception reports which might indicate a potential breach of legislative

compliance will include, but not be limited to:

IIMS incident reports

Allegations of breaches of privacy
Allegations of discriminatory behaviour
Staff complaints
Industrial disputes

Breach notices or court appearances, which might indicate a potential breach of

legislative compliance, will include, but not be limited to:

5.

Receipt of PINS from WorkCover or prosecutions by WorkCover

NSW Privacy Commission investigations
NSW Ombudsman investigations
ICAC investigations
Anti-Discrimination Board appearances
EPA notices re: breach of licensing requirements
Industrial Relations Commission appearances
Liability cases

Monitoring Compliance
Each facility / service will establish a system to monitor compliance / non-compliance.
Such will include a record of actions taken to facilitate future compliance. This system,
which should be incorporated into existing structures and systems, will provide for:

monitoring particular incidents, actions taken and outcomes

monitoring trends in compliance, over time

Undertaking trend analysis and documenting any changes made to improve / enhance
existing practices should assist with demonstrating positive outcomes from the
implementation of this policy.
All incidents of non-compliance and those with a significant potential for noncompliance are to be reported to the SSWAHS Director Corporate Services and other
relevant authorised personnel of the SSWAHS organisation such that knowledge can
be shared and risks associated with non-compliance minimised.
Each facility / service will record training aimed at facilitating compliance with
legislative obligations.

Compliance with this policy directive is mandatory

Page 8 of 12

Sydney South West Area Health Service

Policy No: SSW_PD2007_005

Date Issued: July 2007

The Audit and Corporate Risk Management Committee reviews the following data to
assess risk, including risk of non-compliance with legislative obligations:

Risk/Issue

KPI

Asset Management

Equipment failures
Fire incidents and Fire Brigade inspections
Utility supply failure
Legionella testing results
Property Claims (insurance)
Motor Vehicle Claims (insurance)

Disaster Management

Activations of disaster plans

Financial

Fraud/ corruption
Trade creditors overdue
Tendering complaints

Human Resources

Grievances
Staff misconduct (disciplinary action / terminations)
Staff terminations
Staff training

Information Management

Machine downtime clinical systems CCIS, Labs

Machine downtime non-clinical systems Workforce,
Oracle
Application outages PACS web
PABX downtime
Breach of Privacy

Legal / Legislative

Industrial Relations Commission: court actions

Administrative Decisions Tribunal: court actions
Anti-Discrimination Board: court actions
GREAT: court actions
WorkCover: prosecutions / court actions
EPA: prosecutions / court actions
FOI: tribunal appeals

Patient Safety

SAC 1 Events
Patient Incidents / Accidents
Service Access
Liability Cases
Suicides
Falls in the elderly
Patient Complaints
Specific Clinical Indicators
Breaches of NH&MRC guidelines

Compliance with this policy directive is mandatory

Page 9 of 12

Sydney South West Area Health Service

Risk/Issue

Policy No: SSW_PD2007_005

Date Issued: July 2007

KPI
Initiatives to improve safety
EQuIP Accreditation
Serious breaches of SSWAHS policy
Critical stock supply

6.

Public Health

Notifiable Diseases

Safety staff and visitors

Accidents / Incidents
Security
Workers Compensation reports
Large Workers Compensation Claims
Radiation safety exposures
WorkCover PINS

Potential Non-compliance / Breach

The general manager / service director shall either directly or through a delegated
officer:

implement a system to ensure they are notified of all non-compliances / breaches

for which they are responsible, immediately they occur
notify SSWAHS Executive of significant potential breaches of legislative
compliance in accordance with the SSWAHS incident reporting policy / procedure
initiate appropriate and reasonable action with respect to the matter, including the
immediate management of the situation, analysis of the incident, implementation
of corrective action and development of preventative strategies which are to be
monitored for effectiveness

All staff shall notify their supervisor immediately they become aware that a potential
non-compliance / breach has occurred or is likely to occur.
In cases of wilful or intentional breaches of compliance obligations, the SSWAHS
Discipline Policy and Procedure may be activated.
Examples of Potential Non-compliance / Breach
The following examples illustrate a major non-compliance / breach:
An accident on SSWAHS premises, or whilst involved in a SSWAHS activity, that
results in an injury leading to hospitalisation or death
Example: breach of the Occupational Health and Safety Act 2000; NSW, and the
incident may be investigated by WorkCover Authority
A major investigation by a regulatory or statutory body
Example: Legislative breach
A major impact on business continuity

Compliance with this policy directive is mandatory

Page 10 of 12

Sydney South West Area Health Service

Policy No: SSW_PD2007_005

Date Issued: July 2007

Example: Engineering Services fails to monitor the cooling towers. As a

consequence an outbreak of Legionella occurs, which leads to facility closures
until the source of the disease can be identified and treated.
7.

Legislation Register
Each facility should manage issues that arise through the implementation of this policy
in a legislation register.

8.

References
Staff (as appropriate) should be encouraged to regularly visit the following websites to
raise awareness of current legislation
Key NSW Legislation: http://www.health.nsw.gov.au/csd/llsb/acts/ (for current
legislation and new / amended legislation)

Key Commonwealth Legislation: http://www.com.law.gov.au/

NSW Health Policy Directives and
Guidelines: http://www.health.nsw.gov.au/policies/index.html

Relevant Australian Standards includes: http://www.standards.com.au

Australian Council for Safety and Quality in Health Care

Standards: http://www.safetyandquality.org/
9.

Definitions
All definitions identified below have been sourced from the Australian Standard
3806 - 1998 - Compliance Programs:

AS

Codes: are mandatory industry codes, and voluntary industry codes with which
SSWAHS chooses to comply.
Compliance: is meeting obligations under laws, regulations, codes or organisational
standards.
Compliance program: is the coordinated activity of documenting obligations,
ensuring responsibility for meeting obligations is clearly allocated and understood, the
monitoring and reporting mechanisms for assessing how well obligations are being
met, and the management activity for addressing non-compliance with obligations and
improving systems for meeting obligations.
Obligation: is a requirement specified by laws, regulations, codes or organisational
standards.
Organisational standards: are any codes of ethics, codes of conduct, good practices
and charters that SSWAHS deems to be appropriate standards for its day-to-day

Compliance with this policy directive is mandatory

Page 11 of 12

Sydney South West Area Health Service

Policy No: SSW_PD2007_005

Date Issued: July 2007

operations. In most cases these are detailed in the Manual of Policies and
Procedures, and include the Area Health Services Code of Conduct.
Responsible officer: is the officer allocated responsibility for facilitating compliance
with a specific obligation.
Risk assessment: in the context of SSWAHS compliance program, means assessing
the level of risk of non-compliance with legislative obligations

Compliance with this policy directive is mandatory

Page 12 of 12