The Psychologist’s Guide to Mandatory Reporting & Legal Compliance in Australia

Last updated: 30 July 2025

Click on any of the questions below to jump to that section of this ‘Psychologist’s Guide to Mandatory Reporting & Legal Compliance in Australia’.

If, after reading this guide, you still have a question, get in touch as we’d love to keep adding your questions to this comprehensive guide.

Registration & Legal Status

Do I need AHPRA registration to practice as a psychologist in Australia?

Yes. You must be registered with AHPRA to legally use the title “psychologist”. That title is nationally protected. Registration requires an approved qualification and supervised practice to have been undertaken.

Practising without registration is a criminal offence, with penalties including up to 3 years’ imprisonment and/or a $60,000 fine for individuals. Renewing annually requires you to:

• Hold current professional indemnity insurance
• Meet Continuing Professional Development (CPD) requirements, and
• Declare your fitness to practise.

Can I use specialist titles like “clinical psychologist”?

Yes, but only if you hold a formal endorsement from AHPRA. There are nine endorsed areas, including clinical, forensic, and health psychology, among others. Using the title “clinical psychologist” without AHPRA’s endorsement is illegal.

What are my annual CPD requirements, and how do I meet them?

You must complete 30 hours of CPD annually, including 10 hours of peer consultation between 1 December and 30 November. Your CPD must include:

• A written learning plan, which is based on your practice.
• Recording logs, reflections, and certificates.
• Undertake an AHPRA audit submission within 28 days if you’re selected.

Can I practice across state borders with one AHPRA registration?

Yes, AHPRA registration is national. You can provide in-person or telehealth services anywhere in Australia. However, you must notify AHPRA of your practice location(s), comply with state-based laws (e.g. WorkCover and mandatory reporting), and ensure your insurance covers interstate services.

Mandatory Reporting Obligations

When must I report child abuse and neglect?

You must report an actual or reasonable suspicion of child abuse/neglect to child protection authorities as soon as practicable (or within 24-48 hours), depending on the state you are practising. This includes physical, sexual, emotional abuse, or neglect. You’re legally obliged to make such a disclosure, which overrides your duty to maintain client confidentiality. Ensure that you document your rationale for reporting this.

What is my duty to warn if a client threatens serious harm?

You have a legal and ethical duty to act if a client makes credible threats to themselves or another person. If a psychologist encounters a credible threat, they should assess the seriousness and immediacy, warn the victim and/or notify the police, refer the individual to a hospital or increase session frequency, and thoroughly document their risk assessment and actions.

Am I required to report colleague misconduct or impairment to AHPRA?

Yes, you must notify AHPRA within 7 days if you reasonably believe a colleague practised while intoxicated/impaired, engaged in sexual misconduct with a client, or significantly departed from professional standards or posed a serious risk.

What about historical abuse if the victim is now an adult?

It depends on the state. If the person accused still has access to minors, most jurisdictions require reporting. If not, reporting of this is usually voluntary. If you’re unsure, carefully document your reasoning and seek advice.

What are the penalties for failing to report?

Penalties vary for each state, but they can include fines or imprisonment, AHPRA sanctions (conditions, suspensions, or even deregistration), civil liability if harm results, and you may also suffer harm to your professional reputation.

Scope of Practice and Professional Boundaries

Can I diagnose without using formal assessment tools?

Yes, you can diagnose using clinical interviews and observation, as long as you’re competent to do so. It’s best practice to use structured interviews, gather collateral information, use standardised tools where relevant, and clearly document your diagnostic practices.

Can I refuse or terminate services?

Yes, but you must do it properly. Some reasons you might terminate your services include the knowledge required to treat the patient being outside of your competence, if a client is aggressive or refuses to pay, or if you have a conflict of interest. You must ensure that you provide reasonable notice (2 to 4 weeks), assist the client with referrals, ensure crisis coverage, and document any termination of services thoroughly.

What activities are outside my scope compared to psychiatrists?

You cannot prescribe medications, order medical tests, admit patients to hospital, or perform medical treatment or tests as a psychologist. You can, however, diagnose, treat, assess, and report, but you must refer to a psychiatrist if medication or medical intervention is needed.

Can I treat family members or friends?

Technically, yes. However, this would be strongly discouraged due to potential impaired objectivity, confidentiality risks, and the possibility of ethical breaches. If, for some reason, this is unavoidable, you must document the relationship, maintain boundaries and consider referring the patient elsewhere as soon as possible.

Privacy, Confidentiality and Record Keeping

When can I legally break confidentiality?

Only in limited cases, such as:

• Where there is imminent risk of serious harm
• An instance of mandatory reporting (such as child abuse)
• Where ordered by a Court or subpoenaed to do so
• With the client’s explicit consent, or
• For de-identified peer supervision.

You should always limit disclosure and document your decision.

How long must I keep client records?

For adults, the minimum period is 7 years after your last session; however, in some states, this can be up to 10 years. Check your state’s requirements.

For minors, until they turn 25, or 7/10 years after the last session (whichever is longer). When storing records, ensure they are stored securely and destroyed in a secure manner at the appropriate time.

Can clients access session notes or results?

Yes, under the Privacy Act, unless it poses a real risk. A real risk might involve third-party privacy or the client’s safety. You must respond to patient access requests within 30 days.

What can I share with the other healthcare providers?

You can share minimal relevant information without extra consent, but more detailed reports require specific client consent. Always keep a record of what you share and why.

Do I need consent to record sessions?

Yes, you must get explicit written consent to record your sessions. This paperwork should cover the purpose of recording, storage, access, and retention.

Professional Liability and Risk Management

What insurance do I need?

AHPRA requires professional indemnity insurance that covers negligence claims, defence costs, and past services, for a cover amount of $5 to $10 million (depending on your type of practice) plus run-off cover if you stop practising.

What are common reasons psychologists get sued?

Reasons include breaches of confidentiality, failure to warn of harm, personal/family relationships, misdiagnosis or misassessment, and poor record-keeping.

How can I minimise liability in psychological reports?

There are multiple ways you can minimise the risk of liability and protect yourself from legal issues. Here are some practical tips:

• Basing opinions on solid, proper assessments
• Be clear about your role and limits as a psychologist
• Use neutral professional language
• Clearly separate fact from opinion
• Double-check your reports and add disclaimers.

What is client abandonment and how to avoid it?

Client abandonment occurs when a psychologist discontinues services without referring the client to alternative services. To avoid this, provide written notice of the termination of your services (2 – 4 weeks), offer transitional care or referrals, and ensure that crisis support is readily available. You should never end contact with a client during a crisis without another care plan in place.

Am I liable if a client harms others after a session?

Possibly, if harm was reasonably foreseeable and your response fell below the professional standards. To avoid liability, ensure that you thoroughly document your sessions and any decisions made during them. Follow-ups with your client also help demonstrate reasonable care.

Legal Agreements & Notices

What do I need in private practice?

You will need to:

• Conduct client intake and consent forms.
• Have an Australian Privacy Principles-compliant Privacy Policy.
• Have the Australian Privacy legislated required statements for the collection of health information.
• Have a Terms of Service Agreement to cover things like fees, cancellations, and confidentiality.
• Obtain session recording consent if applicable.
• Develop emergency and after-hours procedures.
• Display your AHPRA registration and complaints process.

Do I need special consent for tests?

Yes, written consent is required for testing. Your agreement regarding consent must include:

• Purpose, methods, limits and uses.
• Scope of confidentiality.
• Storage, Access, and Retention Terms.
• Right to refuse.

Which privacy notices are required?

You must have a full Privacy Policy that outlines how you collect, use, and store personal data. Each time you collect health, medical, or other sensitive information, such as through intake or contact forms, you must include the specific required Privacy statements to permit such collection.

Your website needs to display a cookie notice to inform users about the tracking technologies used. If you’re using cloud storage or transferring data overseas, you must notify clients about cross-border data handling. Additionally, if you use CCTV on your premises, appropriate signage is legally required to inform people they’re being recorded.

Should I have a service agreement?

Yes, having a written service agreement is essential for setting clear expectations and maintaining professionalism. The agreement should outline your fees, payment terms, cancellation policy (for example, requiring 24 hours’ notice), and any charges for missed sessions, reports or court appearances. It should also clarify communication boundaries, availability and how the service can be ended.

Ensure that your client reads and signs this agreement before you commence providing services.

Do I need after-hours or crisis policies?

Yes, it is best practice, but it is not legally mandated. It helps meet the professional duty of care required for clients when you are unavailable, helps meet compliance requirements for ethical standards to manage client safety risks, helps manage client expectations, and provides clear information about what to do in a crisis.

What disclaimers do I need on mental health apps?

If you use a mental health app, include disclaimers that list your AHPRA registration details and state that your services are only for Australian residents. Make it clear that app-based therapy has limitations and explain the data security measures you have in place to ensure confidentiality. Provide information on what to do in an emergency and inform users when face-to-face care may be necessary.

What if I also offer coaching or training?

If you also offer coaching or training, you must clearly distinguish it from psychological therapy. Coaching should not overlap with therapeutic work, and separate agreements, fees, and confidentiality terms should be used. It is also essential to have different insurance coverage for each service.

Coaching should never be offered to current therapy clients, as this creates ethical risks and the potential for dual relationships.

We hope you found this Psychologist’s Guide to Mandatory Reporting and Legal Compliance in Australia helpful.

References

1. Australian Health Practitioner Regulation Agency (AHPRA) – Psychology Board: Registration, Standards and Guidelines URL
2. Australian Psychological Society (APS): Professional Development & CPD URL
3. Australian Psychological Society (APS): Code of Ethics URL
4. Australian Government Attorney-General’s Department: Mandatory reporting of child abuse and neglect URL
5. NSW Government: Mandatory Reporting URL
6. Office of the Australian Information Commissioner (2023): Australian Privacy Principles (APPs) URL

About the Author: Vanessa Emilio

Vanessa Emilio (BA Hons, LLB, ACIS, AGIA) is the Founder and CEO of Legal123.com.au and Practice Director of Legal123 Pty Ltd. Vanessa is a qualified Australian lawyer with 20+ years experience in corporate, banking and trust law. Click for full bio of Vanessa Emilio or follow on LinkedIn.

Disclaimer: We hope you found this article helpful, but please be aware that any information, comments or recommendations are general in nature, do not constitute legal advice and may not be suitable for your specific circumstances. Whilst we try our best to ensure that the information is accurate, sometimes there may be errors or new information that has yet to be included. Any decisions you take based on information on this website are made at your own risk and we cannot be held liable for any losses you suffer. Contact us directly before relying on any of this information.