The Aged Care Act 2024 (Cth) (Act) will commence on 1 July 2025, heralding a new era for aged care in Australia and adopting a rights-based focus recommended by the Royal Commission into Aged Care Quality and Safety (Royal Commission). This legislative overhaul aims to enhance transparency, accountability, and the overall quality and safety of care by empowering older people and those who advocate for them.
A key element of the new Act is strengthened whistleblower protections. These protections aim to create an environment where residents, families, staff, and others feel secure in raising concerns about potential breaches of the law. This is seen as crucial for driving accountability and improving care standards by ensuring issues are brought to light safely and addressed effectively.
This article examines the key whistleblower obligations for registered aged care providers under the Act, compares them with the existing Corporations Act 2001 (Cth) (Corporations Act) regime, and outlines essential steps for providers.
The New Whistleblower Protections
A qualifying disclosure arises when an individual (discloser) has reasonable grounds to suspect that information indicates a potential contravention of any provision of the Act by any entity. The disclosure, which can be anonymous, must be made to an eligible recipient. These include:
- the Aged Care Quality and Safety Commissioner, the Complaints Commissioner, or their staff;
- the System Governor (Secretary of the Department) or an official of the Department;
- a registered provider, one of their responsible persons, or an aged care worker;
- a police officer; or
- an independent aged care advocate.
Disclosers receive significant protections, including immunity from civil, criminal, or administrative liability for making the disclosure, as well as protection against contractual remedies (like termination) being enforced because of the disclosure. This immunity does not cover the discloser’s own misconduct.
Strict confidentiality rules apply: Recipients must take reasonable steps to preserve anonymity if requested. Revealing the discloser’s identity or information likely to lead to it is a contravention unless specifically authorised (authorised disclosure may include disclosure to regulators or legal advisors, disclosure with consent, or disclosure to prevent serious threat). Disclosure of information (other than identity) is permitted if reasonably necessary for investigating the contravention, provided steps are taken to reduce identification risk.
Victimisation is prohibited: Causing detriment (e.g., dismissal, discrimination, harassment) or threatening detriment due to a disclosure attracts a significant civil penalty (500 penalty units or $165,000). Courts can issue remedies including injunctions, compensation, reinstatement and exemplary damages.
Registered provider obligations: Providers must ensure (as far as reasonably practicable) compliance with confidentiality and anti-victimisation rules for staff making disclosures. They must also take reasonable steps regarding staff who receive disclosures. Critically, providers must implement and maintain a compliant whistleblower system and policy as a condition of registration.
How do these protections compare to the Corporations Act?
The Act creates a sector-specific regime. While sharing the fundamental aims of the Corporations Act’s whistleblower protections, there are key differences relevant to aged care providers:
| Element | Aged Care Act | Corporations Act |
| Scope | Applies to aged care providers | Applies to companies, some incorporated associations, banks, insurers and superannuation entities (some obligations apply only to public companies, large proprietary companies and corporate trustees of APRA regulated superannuation entities). |
| Eligible Whistleblowers | Broadly defined as “an individual,” suggesting anyone with relevant information. Importantly, this includes the carers of residents. | Includes current/former employees, officers, contractors, suppliers (paid/unpaid), associates, and their relatives/dependents. |
| Disclosable Matters | Information indicating a potential contravention of any provision of the Act. Focuses specifically on breaches within the aged care regulatory framework. | Broader scope including misconduct, improper state of affairs, breaches of Corporations Act or other financial sector laws, Commonwealth offences punishable by 12+ months imprisonment, or conduct dangerous to the public/financial system. |
| Eligible Recipients | Responsible persons, including board members and executive of the registered provider. Registered providers and aged care workers.
Aged Care Quality and Safety Commission’s Commissioner/staff, System Governor/Dept officials, police officers and independent aged care advocates | Company officers/senior managers, auditors, actuaries, legal practitioners (for advice), ASIC, APRA. Limited protection for disclosures to journalists/parliamentarians under specific conditions. |
| Requirement for Policy | Providers must implement and maintain a whistleblower system and policy as a condition of registration. Mandatory for all registered providers. | Mandatory for public companies, large proprietary companies, and certain superannuation trustees. Must outline protections, procedures, support, investigations. Exemption for some smaller NFPs. |
| Protections | Strong protections against detriment (including threats) and confidentiality provisions, similar in nature to the Corporations Act. | Strong protections against detrimental conduct and strict confidentiality requirements. |
| Remedies | Court orders available for victimisation include injunctions, compensation (including exemplary damages), and reinstatement. | Similar court remedies available including compensation, injunctions, apologies, reinstatement, and potentially exemplary damages. |
The focus on contraventions of the Act, the tailored list of eligible recipients within the aged care ecosystem, and the explicit linking of a whistleblower policy to the conditions of registration for aged care providers are significant points of difference.
Practical Steps for Providers
Given the mandatory nature of these requirements, providers should act now to prepare for the 1 July 2025 commencement:
- Develop or thoroughly revise your whistleblower policy and associated systems to ensure full compliance with the Act. Ensure the whistleblower framework aligns with incident management and complaints/feedback systems. See below for organisations who are also covered by the Corporations Act whistleblowing regime.
- Train responsible persons and employees:
- For responsible persons (including board members and executive team): Covering their role as eligible recipients, ensuring they understand confidentiality requirements and proper handling procedures.
- For all aged care workers: Covering their rights to disclose, the protections offered and how to make a disclosure.
- Actively promote a ‘speak up’ culture, emphasizing the protections available and the organisation’s commitment to addressing concerns without reprisal.
Providers covered by both the Aged Care Act and Corporations Act whistleblowing provisions
Given the overlapping concepts between the Aged Care Act and Corporations Act regimes and the likelihood that many organisations will be covered by both, there is a real risk that confusion between the two regimes could result in a loss of protection for a whistleblower or cause organisations to inadvertently fail to comply with their obligations.
Accordingly, it is essential to ensure that:
- if separate whistleblower policies and processes are adopted for each regime, both policies and processes are clearly labelled, set out the disclosable matters that they cover, and clearly note the existence of the other whistleblowing regime and related policy and process.
- Note: As maintaining a whistleblower policy is a condition of provider registration, providers may be required to submit a policy to the Aged Care Quality and Safety Commission on registration or renewal of registration. It may be preferable to maintain a separate whistleblower policy dealing only with the Aged Care Act obligations for this purpose.
- if a single whistleblower policy and process is adopted to cover both regimes, the differences between the regimes are clearly noted throughout the policy and process. Importantly, eligible whistleblowers should clearly understand the protections available to them, the disclosable matters under each regime and the eligible recipients to whom disclosures may be made under each regime.
- eligible recipients within the organisation (including board members and the executive team) are trained with explicit reference to their separate obligations under each regime.
- all internal and external documentation referred to whistleblowing is updated to clearly note the existence of both regimes (and associated policies and processes).
Looking Ahead
The whistleblower protections under the Act are more than just a compliance exercise; they are fundamental to the legislative and Royal Commission’s intent of creating a safer, more transparent, and rights-focused aged care sector. By embedding these requirements into organisational culture and practice, providers can not only meet their regulatory obligations but can ensure that issues are brought to light and addressed safely, effectively and promptly.
How we can help
Moores Aged Care and Retirement Living team can assist with a review of your whistleblower policies and processes, as well as internal training to ensure stakeholders understand their obligations.
Contact us
Please contact us for more detailed and tailored help.
Subscribe to our email updates and receive our articles directly in your inbox.
Disclaimer: This article provides general information only and is not intended to constitute legal advice. You should seek legal advice regarding the application of the law to you or your organisation.