Australian Psychologist’s Legal Compliance Guide: Requirements, Documents & Templates

Last updated: 17 January 2026

Click on any of the questions below to jump to that section of this ‘Australian Psychologist’s Legal Compliance Guide’. Click here to go to our Legal Guide for Psychiatrists or this link for our Legal Guide for Counsellors.

If, after reading this guide, you still have a question, get in touch, as we’d love to keep adding your questions to this comprehensive guide.

Legal Documents Every Australian Psychologist Needs

Beyond understanding compliance requirements, you need the right legal documents in place before seeing clients. Government guidelines tell you what to do — but they don’t give you the actual agreements, policies, and forms. Here’s exactly what you need.

What legal documents do I need for a psychology private practice?

Every psychology practice needs these core documents in place before seeing clients.

Client-Facing Documents:

• Service Agreement / Terms of Engagement – Covers fees, payment terms, cancellation policy (e.g., 24-48 hours notice), session duration, and how services can be terminated. Clients should sign this before the first session.
• Privacy Policy – Must comply with the Australian Privacy Principles (APPs) and include specific statements required for collecting health and sensitive information.
• Client Intake Form – Collects contact details, emergency contacts, GP information, and relevant history. Should include the required privacy collection statement.
• Informed Consent Form – Documents that the client understands the nature of psychological services, confidentiality limits, and their rights.

Session-Specific Documents:

• Recording Consent Form – Required if you record any sessions (audio or video). Must specify purpose, storage, access, and retention period.
• Psychological Testing Consent – Written consent is required before administering any assessments. Must explain purpose, methods, how results will be used, and the client’s right to refuse.
• Third-Party Information Release – For sharing detailed reports with GPs, psychiatrists, or other providers beyond minimal clinical information.

Practice Policies:

• After-Hours and Crisis Policy – Not legally mandated but strongly recommended. Documents what clients should do outside session hours and in emergencies.
• Cancellation and No-Show Policy – Can be part of the Service Agreement or a standalone. Protects against revenue loss and sets clear expectations.
• Record Retention and Destruction Policy – Internal document specifying how long you keep records and secure destruction procedures.

Display Requirements:

• Your AHPRA registration number must be visible to clients
• Information about how to lodge complaints must be accessible

Do I need special consent for tests?

Yes, written consent is required for testing. Your agreement regarding consent must include:

• Purpose, methods, limits and uses.
• Scope of confidentiality.
• Storage, Access, and Retention Terms.
• Right to refuse.

Which privacy notices are required?

You must have a full Privacy Policy that outlines how you collect, use, and store personal data. Each time you collect health, medical, or other sensitive information, such as through intake or contact forms, you must include the specific required Privacy statements to permit such collection.

Your website needs to display a cookie notice to inform users about the tracking technologies used. If you’re using cloud storage or transferring data overseas, you must notify clients about cross-border data handling. Additionally, if you use CCTV on your premises, you’re legally required to display appropriate signage to inform people they’re being recorded.

Should I have a service agreement?

Yes, having a written service agreement is essential for setting clear expectations and maintaining professionalism. The agreement should outline your fees, payment terms, cancellation policy (e.g. requiring 24 hours’ notice), and any charges for missed sessions, reports, or court appearances. It should also clarify communication boundaries, availability and how the service can be ended.

Ensure that your client reads and signs this agreement before you commence providing services.

Do I need after-hours or crisis policies?

Yes, it is best practice, but it is not legally mandated. It helps meet the professional duty of care required for clients when you are unavailable, helps meet compliance requirements for ethical standards to manage client safety risks, helps manage client expectations, and provides clear information about what to do in a crisis.

What disclaimers do I need on mental health apps?

If you use a mental health app, include disclaimers that list your AHPRA registration details and state that your services are only for Australian residents. Make it clear that app-based therapy has limitations and explain the data security measures you have in place to ensure confidentiality. Provide information on what to do in an emergency and inform users when face-to-face care may be necessary.

What if I also offer coaching or training?

If you also offer coaching or training, you must clearly distinguish it from psychological therapy. Coaching should not overlap with therapeutic work, and separate agreements, fees, and confidentiality terms should be used. It is also essential to have different insurance coverage for each service.

Coaching should never be offered to current therapy clients, as this creates ethical risks and the potential for dual relationships.

Record Keeping, Privacy & Confidentiality Requirements

What are the record-keeping requirements for psychologists in Australia?

Under AHPRA guidelines and the Psychology Board’s Code of Conduct, psychologists must:

• Create and maintain accurate, legible records for every client interaction
• Store records securely (physical records locked; digital records encrypted and access-controlled)
• Retain records for a minimum of 7 years (adults) or until age 25 (minors), then securely destroy
• Provide clients access to their records within 30 days of request (with limited exceptions)
• Transfer or dispose of records appropriately if closing or selling a practice

Your practice should have a written Record Retention and Destruction Policy documenting these procedures.

How long must I keep client records?

Psychologists must keep client records for a minimum of 7 years after the last session for adult clients. For clients who were minors, records must be kept until they turn 25 or for 7 years after the last session – whichever is longer. Some states require up to 10 years retention – check your state’s specific requirements.

For minors, until they turn 25, or 7/10 years after the last session (whichever is longer). When storing records, ensure they are kept securely and destroyed appropriately at the appropriate time.

When can I legally break confidentiality?

Only in limited cases, such as:

• Where there is an imminent risk of serious harm
• An instance of mandatory reporting (such as child abuse)
• Where ordered by a Court or subpoenaed to do so
• With the client’s explicit consent, or
• For de-identified peer supervision.

You should always limit disclosure and document your decision.

Can clients access session notes or results?

Yes, under the Privacy Act, unless it poses a real risk. A real risk might involve third-party privacy or the client’s safety. You must respond to patient access requests within 30 days.

What can I share with the other healthcare providers?

You can share minimal relevant information without extra consent, but more detailed reports require specific client consent. Always keep a record of what you share and why.

Do I need consent to record sessions?

Yes, you must get explicit written consent to record your sessions. This paperwork should cover the purpose of recording, storage, access, and retention.

Mandatory Reporting Obligations

What are psychologists legally required to report?

Australian psychologists must report:

1. Child abuse or neglect – Physical, sexual, emotional abuse or neglect. Report to state child protection authorities within 24-48 hours of disclosure or reasonable suspicion.
2. Imminent risk of serious harm – If a client makes credible threats to harm themselves or others, you have a duty to act (warn potential victims, notify police, or arrange psychiatric intervention).
3. Colleague misconduct – Notify AHPRA within 7 days if you believe a registered health practitioner has practised while impaired, engaged in sexual misconduct with a client, or significantly departed from professional standards.

These reporting obligations override client confidentiality.

When must I report child abuse and neglect?

You must report an actual or reasonable suspicion of child abuse/neglect to child protection authorities as soon as practicable (or within 24-48 hours), depending on the state you are practising. This includes physical, sexual, emotional abuse, or neglect. You’re legally obliged to make such a disclosure, which overrides your duty to maintain client confidentiality. Ensure that you document your rationale for reporting this.

What is my duty to warn if a client threatens serious harm?

You have a legal and ethical duty to act if a client makes credible threats to themselves or another person. If a psychologist encounters a credible threat, they should assess the seriousness and immediacy, warn the victim and/or notify the police, refer the individual to a hospital or increase session frequency, and thoroughly document their risk assessment and actions.

Am I required to report colleague misconduct or impairment to AHPRA?

Yes, you must notify AHPRA within 7 days if you reasonably believe a colleague practised while intoxicated/impaired, engaged in sexual misconduct with a client, or significantly departed from professional standards or posed a serious risk.

What about historical abuse if the victim is now an adult?

It depends on the state. If the person accused still has access to minors, most jurisdictions require reporting. If not, reporting of this is usually voluntary. If you’re unsure, carefully document your reasoning and seek advice.

What are the penalties for failing to report?

Penalties vary for each state, but they can include fines or imprisonment, AHPRA sanctions (conditions, suspensions, or even deregistration), civil liability if harm results, and you may also suffer harm to your professional reputation.

Registration & Legal Status

Do I need AHPRA registration to practice as a psychologist in Australia?

Yes. You must be registered with AHPRA to legally use the title “psychologist”. That title is nationally protected. Registration requires an approved qualification and supervised practice to have been undertaken.

Practising without registration is a criminal offence, with penalties including up to 3 years’ imprisonment and/or a $60,000 fine for individuals. Renewing annually requires you to:

• Hold current professional indemnity insurance
• Meet Continuing Professional Development (CPD) requirements, and
• Declare your fitness to practise.

Can I use specialist titles like “clinical psychologist”?

Yes, but only if you hold a formal endorsement from AHPRA. There are nine endorsed areas, including clinical, forensic, and health psychology, among others. Using the title “clinical psychologist” without AHPRA’s endorsement is illegal.

What are my annual CPD requirements, and how do I meet them?

You must complete 30 hours of CPD annually, including 10 hours of peer consultation between 1 December and 30 November. Your CPD must include:

• A written learning plan, which is based on your practice.
• Recording logs, reflections, and certificates.
• Undertake an AHPRA audit submission within 28 days if you’re selected.

Can I practice across state borders with one AHPRA registration?

Yes, AHPRA registration is national. You can provide in-person or telehealth services anywhere in Australia. However, you must notify AHPRA of your practice location(s), comply with state-based laws (e.g. WorkCover and mandatory reporting), and ensure your insurance covers interstate services.

Professional Liability and Risk Management

What insurance do I need?

AHPRA requires professional indemnity insurance that covers negligence claims, defence costs, and past services, for a cover amount of $5 to $10 million (depending on your type of practice) plus run-off cover if you stop practising.

What are common reasons psychologists get sued?

Reasons include breaches of confidentiality, failure to warn of harm, personal/family relationships, misdiagnosis or misassessment, and poor record-keeping.

How can I minimise liability in psychological reports?

There are multiple ways you can minimise the risk of liability and protect yourself from legal issues. Here are some practical tips:

• Basing opinions on solid, proper assessments
• Be clear about your role and limits as a psychologist
• Use neutral professional language
• Clearly separate fact from opinion
• Double-check your reports and add disclaimers.

What is client abandonment and how to avoid it?

Client abandonment occurs when a psychologist discontinues services without referring the client to alternative services. To avoid this, provide written notice of termination of your services (2 – 4 weeks), offer transitional care or referrals, and ensure that crisis support is readily available. You should never end contact with a client during a crisis without another care plan in place.

Am I liable if a client harms others after a session?

Possibly, if harm was reasonably foreseeable and your response fell below the professional standards. To avoid liability, thoroughly document your sessions and any decisions made during them. Follow-ups with your client also help demonstrate reasonable care.

Scope of Practice and Professional Boundaries

Can I diagnose without using formal assessment tools?

Yes, you can diagnose using clinical interviews and observation, as long as you’re competent to do so. It’s best practice to use structured interviews, gather collateral information, use standardised tools where relevant, and clearly document your diagnostic practices.

Can I refuse or terminate services?

Yes, but you must do it properly. Some reasons you might terminate your services include the knowledge required to treat the patient being beyond your competence, a client being aggressive or refusing to pay, or a conflict of interest. You must provide reasonable notice (2 to 4 weeks), assist the client with referrals, ensure crisis coverage, and document any termination of services thoroughly.

What activities are outside my scope compared to psychiatrists?

You cannot prescribe medications, order medical tests, admit patients to the hospital, or perform medical treatment or tests as a psychologist. You can, however, diagnose, treat, assess, and report, but you must refer to a psychiatrist if medication or medical intervention is needed.

Can I treat family members or friends?

Technically, yes. However, this would be strongly discouraged due to potential impaired objectivity, confidentiality risks, and the possibility of ethical breaches. If, for some reason, this is unavoidable, you must document the relationship, maintain boundaries and consider referring the patient elsewhere as soon as possible.

We hope you found this Australian Psychologist’s Legal Compliance Guide helpful.

Related Legal Guides for Health Practitioners

• Legal Guide for Psychiatrists
• Legal Guide for Counsellors and Therapists
• How to Write a Privacy Policy

References

1. Australian Health Practitioner Regulation Agency (AHPRA) – Psychology Board: Registration, Standards and Guidelines URL
2. Australian Psychological Society (APS): Professional Development & CPD URL
3. Australian Psychological Society (APS): Code of Ethics URL
4. Australian Government Attorney-General’s Department: Mandatory reporting of child abuse and neglect URL
5. NSW Government: Mandatory Reporting URL
6. Office of the Australian Information Commissioner (2023): Australian Privacy Principles (APPs) URL

About the Author: Vanessa Emilio

Vanessa Emilio (BA Hons, LLB, ACIS, AGIA) is the Founder and CEO of Legal123.com.au and Practice Director of Legal123 Pty Ltd. Vanessa is a qualified Australian lawyer with 20+ years experience in corporate, banking and trust law. Click for full bio of Vanessa Emilio or follow on LinkedIn.

Disclaimer: We hope you found this article helpful, but please be aware that any information, comments or recommendations are general in nature, do not constitute legal advice and may not be suitable for your specific circumstances. Whilst we try our best to ensure that the information is accurate, sometimes there may be errors or new information that has yet to be included. Any decisions you take based on information on this website are made at your own risk and we cannot be held liable for any losses you suffer. Contact us directly before relying on any of this information.