Two of the most common areas of risk for physiotherapists are complaints made against them and cybercrime. 

Complaints 

Ahpra’s 2023–24 annual report provides an overview of the agency’s activity in the previous year. 

Within the report, the Physiotherapy Board of Australia outlines the most common types of complaints made against physiotherapists. 

The report identifies clinical care as the number one source of complaints, accounting for 24.9 per cent of complaints. Inappropriate treatment, incorrect diagnosis and inappropriate follow-up or review all fall under the banner of clinical care-related issues. 

To avoid such complaints, physiotherapists should ensure that each client is assessed carefully. 

During assessment, physiotherapists should appraise whether the treatment is within their scope of practice and if they need to seek assistance from another physiotherapist or health practitioner. 

Following the appointment, they must ensure that adequate systems are in place to review their treatment and follow up with the client. 

Barry Nilsson has recently seen instances where practitioners have been criticised for not seeking further information from a patient’s previous treating medical practitioners prior to providing the physiotherapy treatment. 

Behavioural issues account for 20.9 per cent of complaints against physiotherapists. 

Although behavioural complaints can relate to serious conduct issues, Barry Nilsson often sees practitioners face such complaints because the client has potentially misconstrued their actions. 

By consistently demonstrating professional behaviour towards clients, physiotherapists can mitigate the risk of their actions being misconstrued and leading to a complaint. 

Communication complaints make up 10.9 per cent of complaints and often comprise issues relating to the clinical care and behaviour of physiotherapists. 

Barry Nilsson and BMS often see these complaints arise when physiotherapists do not have appropriate verbal and written communication with colleagues and clients. 

Physiotherapists should therefore consider whether their communication style, method and frequency are appropriate for each recipient and the relevant circumstances. 

Often, communication that does not appropriately address the client’s questions and concerns is the catalyst for a complaint. 

Finally, physiotherapists should ensure that they are aware of their professional scope and the restrictions on their practice. 

If they are unsure about whether they are practising within scope, physiotherapists should consult with a colleague and, where appropriate, refer the client to another practitioner better able to provide care. 

It is never appropriate for a physiotherapist to act outside of their scope of practice/registration. 

Great care should be taken to ensure that the physiotherapist does not lose sight of their scope when seeking to assist clients. 

Cyber risks 

While the services physiotherapists provide remain the primary area for risk, health professions are increasingly attractive targets for cybercrime. 

Physiotherapists handle sensitive patient data such as health information, financial information and other personal details, making them appealing targets for cyber attackers. 

The increasing reliance on and uptake of digital tools further increases the potential for cybercrime. 

So, what is the risk? You may think that cyber attacks are only relevant to large businesses but this is a misconception. 

According to the Office of the Australian Information Commissioner, the majority of cybercrime reports in 2023–24 came from small businesses. 

Cybercriminals know that small businesses often do not have the robust IT controls and protections that are employed by large businesses. 

According to the Australian Signals Directorate’s Australian Cyber Security Centre’s Annual Cyber Threat Report 2023–2024, the average self-reported cost of cybercrime per report was $30,700 for individuals.

For businesses, the cost varied by size: small businesses reported average costs of $49,600 per incident, medium businesses $62,800 and large businesses $63,600. 

Several factors contributed to the cost including system recovery, third-party regulatory defence and penalties, operational disruption, patient turnover (due to cancellations or loss of patient trust) and PR and reputational management efforts. 

Physiotherapists should therefore take active steps both to ensure that they are aware of the potential cyber risks their business may face and to mitigate those risks. 

As part of this risk mitigation, physiotherapists should ensure that they are meeting their obligations in handling health information. 

These obligations include: 

• taking reasonable steps to protect personal information (including health information) they hold from misuse, interference and loss as well as unauthorised access, modification or disclosure
• taking active measures to ensure the security of personal information they hold and actively considering whether they are permitted to retain personal information
• advising patients as to why their health information is being collected as well as how the health information will be stored and protected
• advising patients if there are any other parties their health information may be disclosed to
• maintaining a privacy policy that includes a summary of how the health service provider handles health information. 

If faced with a claim or incident, speak to your insurer directly for information about the claims process and support. 

If you are part of the APA Member Insurance Program, BMS can assist you. Speak to BMS on 1800 931 068 or email apa@bmsgroup.com 

This article is facilitated by BMS with information on common claims and cyber risks written by Scott Shelly and Alexander Sheridan of Barry Nilsson. Barry Nilsson communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. You must be a current APA member to be eligible for the APA member insurance program. You must be part of the APA member insurance program in order to access additional cover. If your membership ceases you will not be offered renewal when your policy expires. In arranging this insurance for our members the APA is acting as a distributor of BMS Risk Solutions Pty Ltd (BMS) AFSL 461594, ABN 45161187980. This insurance is issued by BMS under a binder with Certain Underwriters at Lloyd’s. When acting under a binder BMS is acting as the agent for the insurer and not as your agent. This is general advice only and BMS has not considered whether it was suitable for your particular objectives, needs or financial situation. Please read the Policy Wording and the BMS Terms of Engagement which contains the Financial Services Guide before making a decision about purchasing this policy. The APA may receive a percentage of the commission paid to BMS by the insurer and/or a fee per policy.