Understanding Regulation 299/10: the 6 areas every DS agency must track

If you work in Ontario's developmental services sector, Regulation 299/10 shapes almost every aspect of how your agency operates. It sets the quality assurance measures (QAM) that agencies must meet to maintain their funding and continue serving people with developmental disabilities. But despite its importance, the regulation itself is dense, and the practical implications are not always obvious from reading the legal text.

This article breaks down the key areas of Regulation 299/10, explains what auditors actually look for during QAM reviews, and identifies the compliance gaps that agencies most commonly miss.

What is Regulation 299/10?

Ontario Regulation 299/10 was made under the Services and Supports to Promote the Social Inclusion of Persons with Developmental Disabilities Act, 2008. It establishes the quality assurance measures that funded agencies must implement to ensure the health, safety, and well-being of the people they support.

The regulation covers six broad areas, each with specific requirements that agencies must demonstrate compliance with during periodic reviews. These reviews are conducted by compliance inspectors from the Ministry of Children, Community and Social Services (MCCSS), and the findings directly affect an agency's standing and funding.

The six key areas

1. Individual support plans. Every person receiving services must have a written individual support plan (ISP) developed within 60 days of beginning service. The plan must reflect the person's goals, needs, and preferences, and it must be reviewed at least annually. Auditors check that ISPs exist for every person served, that they were developed with the person's meaningful participation, and that the goals documented in the plan are actively being worked toward. A common gap: ISPs that were created on time but never updated to reflect changing circumstances.

2. Staff training and development. Agencies must ensure that staff and volunteers have the training necessary to carry out their responsibilities. This includes orientation training for new staff, ongoing professional development, and specific training related to the needs of the people they support. The regulation does not prescribe a fixed list of courses, but auditors look for evidence that training is systematic, documented, and aligned with the services being delivered. The most frequent finding in this area: expired certifications, particularly first aid and CPR, that went undetected because tracking was done manually.

3. Medication management. For agencies that assist with medication administration, the regulation sets strict requirements around how medications are stored, administered, documented, and reviewed. Electronic medication administration records (eMAR) must be accurate and complete. Auditors review medication logs for gaps, discrepancies between prescribed and administered medications, and evidence that medication errors are being reported and followed up on. This is one of the highest-risk compliance areas because errors can have direct health consequences.

4. Serious occurrence reporting. Agencies must have policies and procedures for reporting serious occurrences, which include but are not limited to: serious injuries, medication errors resulting in harm, allegations of abuse or neglect, missing persons, and deaths. Reports must be filed with the Ministry within 24 hours. Auditors look at whether incidents were reported on time, whether follow-up actions were documented, and whether the agency analyzed patterns to prevent recurrence. A frequent gap: incidents that were handled operationally but never formally reported because staff were unsure whether the event met the threshold for a serious occurrence.

5. Complaints and feedback. The regulation requires agencies to have a formal process for receiving, reviewing, and responding to complaints from people receiving services, their families, and other stakeholders. The process must be accessible, meaning it cannot require a level of literacy or cognitive ability that excludes the people it is meant to serve. Auditors check that the complaints process is documented, that complaints are tracked and resolved, and that the process is communicated to people receiving services in a way they can understand.

6. Agency policies and internal reviews. Agencies must maintain up-to-date policies covering all aspects of service delivery and conduct internal reviews to assess their own compliance. These self-assessments are expected to identify issues before external auditors do. In practice, many agencies treat the internal review as a checklist exercise completed shortly before an external review, rather than an ongoing quality improvement process.

What auditors actually look for

QAM reviews are not just about whether an agency has the right policies on paper. Auditors are looking for evidence that those policies are being followed in practice, consistently, across all locations and service areas.

They sample personnel files to verify training records. They pull individual support plans and compare them to daily service documentation. They review medication logs for accuracy. They check incident reports against the Ministry's serious occurrence database. And they talk to staff and people receiving services to get a ground-level view of how things actually work.

The agencies that struggle most during QAM reviews are not the ones that lack policies. They are the ones where the documentation does not match the reality. Training records that show a course was scheduled but have no completion certificate. ISPs that list goals from two years ago with no progress notes. Incident reports that were filed late because the supervisor did not see the email in time.

Common compliance gaps

After working with dozens of Ontario DS agencies, we see the same patterns repeatedly.

Training expiration tracking. Agencies with 50 or more staff simply cannot track certification expiry dates in spreadsheets without things falling through the cracks. First aid, CPR, CPI, Safe Food Handling, and other mandatory certifications all have different renewal timelines. One missed expiry means a staff member is working out of compliance, and the agency may not know until an auditor pulls the file.

ISP currency. Individual support plans are living documents, but they are often treated as one-time paperwork. When a person's needs change, the ISP should be updated. In practice, updates lag by months, and the documented plan no longer reflects the actual supports being provided.

Incident reporting timeliness. The 24-hour reporting window for serious occurrences is strict. When incidents happen during evenings, weekends, or at off-site locations, the reporting chain can break down. Staff may not know who to notify, or the designated contact may not see the message in time.

eMAR discrepancies. Medication administration records that do not match pharmacy records, or that have unexplained gaps, are major red flags. This is particularly challenging for agencies that manage medications across multiple residential locations with different staff teams.

How technology can help

Most of these compliance gaps are not caused by negligence. They are caused by the volume of documentation required and the limitations of manual tracking systems. An agency supporting 200 people across 30 residential locations generates thousands of data points every month. Tracking all of them in spreadsheets, email threads, and paper files is a system designed to fail.

Automated compliance scanning changes the equation. Instead of waiting for an auditor to find a gap, the system surfaces it the moment it occurs. A training certification expires, and the supervisor is notified the same day. An ISP passes its annual review date without an update, and it appears on a dashboard. A medication log has a gap, and it is flagged before the end of the shift.

That is exactly what Meridian was built to do. It connects to the data agencies already have and continuously scans for compliance gaps across all six QAM areas. The goal is not to replace the work agencies do, but to make sure nothing falls through the cracks between audits.