Associated Providers in Aged Care: Registration & Compliance Obligations

Under the Aged Care Act 2024, the concept of associated providers has taken on new significance. When an approved aged care provider engages another entity to deliver services on its behalf — whether through subcontracting, partnership, or related-entity arrangements — both parties take on compliance obligations that the ACQSC monitors closely.

This guide covers who qualifies as an associated provider, the due diligence requirements, ACQSC notification obligations, and how to manage associated provider risk without creating compliance gaps.

An associated provider is any entity that delivers aged care services on behalf of a registered provider, or that has a significant business relationship with a registered provider. The definition in the Act is deliberately broad and captures:

- Subcontractors who deliver care or support services directly to aged care consumers (e.g., an agency nursing provider, a cleaning contractor, a meal delivery service) - Related entities under the Corporations Act 2001 — parent companies, subsidiaries, and entities controlled by the same persons - Joint venture partners involved in aged care service delivery - Entities sharing key personnel — where responsible persons or senior executives hold positions in both organisations

The key question is whether the entity has a relationship with the registered provider that could affect the quality, safety, or governance of aged care services. If the answer is yes, it is likely an associated provider under the Act.

Providers sometimes overlook associated provider obligations for entities they consider peripheral — such as maintenance contractors, IT service providers, or food service companies. However, if these entities have regular access to aged care consumers or their personal information, they may meet the threshold.

The ACQSC's interest in associated providers stems from a simple principle: the registered provider remains accountable for the quality and safety of all services delivered to its consumers, regardless of who actually delivers them.

If a registered provider engages a nursing agency to supply RNs, and one of those agency nurses causes a SIRS-reportable incident, the registered provider is responsible for reporting, investigating, and remediating the incident — not the agency. If a food service subcontractor delivers meals that do not meet dietary requirements, the registered provider bears the compliance risk under Quality Standard 6.

The ACQSC has identified associated provider arrangements as a governance risk area. During assessment contacts, assessors will ask about your subcontracting arrangements, how you monitor the quality of services delivered by third parties, and whether your due diligence processes are adequate.

Providers who cannot demonstrate effective oversight of associated providers are vulnerable to findings of non-compliance with Quality Standard 2 (The Organisation) — specifically the requirements around governance, risk management, and accountability.

Before engaging an associated provider, the registered provider must conduct due diligence to satisfy itself that the entity is suitable. While the Act does not prescribe a specific due diligence framework, best practice includes:

Corporate and financial checks. Verify the entity's registration status, ABN, insurance coverage (professional indemnity, public liability, workers' compensation), and financial viability. An entity that becomes insolvent mid-contract creates immediate service continuity risk.

Workforce suitability. Confirm that the associated provider's workers who will deliver services to aged care consumers meet the same screening requirements as your own staff — including police checks and NDIS Worker Screening Checks. The registered provider should require evidence of screening compliance, not just an assurance.

Quality and safety systems. Assess whether the associated provider has adequate incident reporting processes, complaints handling procedures, and quality management systems. Services delivered by an associated provider must meet the same Quality Standards as services delivered by the registered provider's own staff.

Code of Conduct acknowledgement. All workers delivering aged care services — including those employed by associated providers — must be aware of and comply with the Aged Care Code of Conduct. The registered provider should require Code of Conduct acknowledgement from associated provider staff as a condition of engagement.

Contractual protections. The service agreement with the associated provider should include quality standards, reporting obligations (including SIRS), access rights for audit and monitoring, termination provisions for non-compliance, and data protection requirements.

Providers must notify the ACQSC of certain associated provider arrangements. The notification requirements include:

- New associated provider relationships that involve the delivery of care or services to aged care consumers - Changes to existing relationships — including changes to the scope of services, key personnel, or ownership of the associated provider - Termination of relationships — particularly where the termination was due to quality, safety, or compliance concerns

Notifications must be submitted within the timeframes specified in the Act. Late or missing notifications are treated as governance failures and may trigger closer regulatory scrutiny.

The Associated Providers module in Statura Care tracks all associated provider relationships, due diligence records, contract terms, screening compliance, and ACQSC notifications in a single register — with automated deadline tracking for notification obligations.

Due diligence is not a one-off exercise. The registered provider must maintain ongoing oversight of associated providers throughout the relationship. This includes:

Regular performance reviews. Schedule formal reviews of associated provider performance — at least annually, and more frequently for high-risk arrangements (e.g., clinical care, personal care, medication management).

Incident monitoring. Track incidents involving associated provider staff through the same SIRS processes as incidents involving your own staff. Analyse whether incident patterns differ between your workforce and associated provider workforces.

Screening verification. Periodically verify that associated provider staff who interact with aged care consumers continue to hold current screening checks. Require the associated provider to notify you of any screening failures or changes.

Complaints analysis. Monitor whether complaints from consumers or families relate to services delivered by associated providers. A pattern of complaints about a specific subcontractor is a signal that the arrangement requires review.

Contract compliance. Verify that the associated provider is meeting its contractual obligations — including reporting requirements, quality standards, insurance maintenance, and any agreed KPIs.

The most frequently identified associated provider compliance gaps include:

No formal register. The provider has subcontracting arrangements but no centralised register of associated providers, their services, due diligence status, and contract terms.

Inadequate screening verification. The provider relies on the associated provider's assurance that its staff are screened, without independently verifying screening records.

No incident reporting integration. Incidents involving associated provider staff are reported through a separate process (or not reported at all), creating gaps in SIRS compliance.

Missing ACQSC notifications. Changes to associated provider arrangements — including new engagements, scope changes, and terminations — are not notified to the ACQSC.

No ongoing monitoring. Due diligence was conducted at the start of the relationship but there is no process for ongoing performance review and compliance verification.

The Associated Providers module provides a centralised register of all associated provider relationships with due diligence tracking, screening verification records, contract management, and ACQSC notification templates with automated deadline tracking.

Incidents involving associated provider staff are captured through the same SIRS & Incidents module as all other incidents, ensuring complete reporting and enabling trend analysis across your entire service delivery ecosystem.

The Reporting Hub generates associated provider performance reports for governing body oversight, and the Quality Standards module maps associated provider compliance data as evidence for Standard 2 (The Organisation).

Associated provider management is one of 35 modules in Statura Care's aged care compliance software — purpose-built for the Aged Care Act 2024.