Sorry, you need to enable JavaScript to visit this website.

Incident Reporting and Analysis System (IRAS)

The Incident Reporting and Analysis System (IRAS) is an online incident reporting tool that enables the Department to collect and analyze information about critical incidents that occur in all licensed substance abuse providers and contracted mental health treatment providers. In some cases, critical incidents that occur outside of provider agencies, such as the death of an individual served, must also be reported. IRAS is not a tool for case management or maintenance of clinical records.

Each Managing Entity must provide a mechanism for their subcontracted providers to report critical incidents to the Managing Entity.

Private (non-contracted) substance abuse providers licensed by the Department are required to submit incident reports to IRAS directly.

Private (non-contracted) designated receiving facilities are not required to report incidents to IRAS unless they are licensed by the Department as substance abuse providers.

In order to begin reporting incidents to IRAS, MEs, facilities, and staff must be registered. To learn more about IRAS registration and reporting, click on the links below.

IRAS Registration and Reporting

Providers Who Must Report

Find out the types of providers who are required to report critical incidents to IRAS.

Read more about the types of providers are required to report critical incidents via the IRAS System:

  • Managing Entities (MEs)
    Managing Entities (MEs) must submit incident reports to IRAS on behalf of their subcontracted substance abuse and mental health (SAMH) providers. Contracted SAMH providers include contracted substance abuse and contracted mental health providers, as well as contracted providers who offer both types of services.

  • Licensed Substance Abuse Providers
    Licensed Substance Abuse providers includes all providers who are licensed to provide substance abuse prevention and treatment under Chapter 397, Florida Statutes, and Chapter 65D-30, Florida Administrative Code, whether or not they serve DCF clients and whether or not they are contracted by the DCF. This is required by subsection 65D-30.004 (27), F.A.C., as a condition of licensure.

Private (non-contracted) designated receiving facilities are NOT required to submit incidents to IRAS unless they are licensed by the Department as substance abuse providers.

State mental health treatment facilities (state hospitals) are NOT required to submit incidents to IRAS.

IRAS Registration

Learn how to become an authorized user of IRAS. If you (or your facility) have not registered, you do not have access to the system. You must complete the registration process in order to begin reporting incidents to IRAS.


The following information explains the process for provider staff to become registered IRAS Users. The only providers who need to have staff register are:

  • Managing entities (MEs) and their subcontracted agencies
  • Substance abuse providers licensed by the Department but not contracted by the Department.

Provider Database

Before provider staff can register to use IRAS, the provider must be registered in the Department's provider database. Managing entities are already registered in the provider database. Non-contracted substance abuse providers may or may not be registered in the provider database. If your provider needs to register, or you are unsure if your provider is registered, send an email with the complete name and address of the facility to Sarah Griffith at DCF.

Provider Staff Registration

Please follow the steps below to register.

Each provider that is required to submit incident reports to IRAS must have at least two staff members registered in the role of Incident Coordinator. Additional staff may be registered in the Viewer role. See the IRAS User Guide for details on these and other user roles.

Complete the required HIPAA and Security Awareness trainings (if you have not done so already) and save the completion certificates.

To access the HIPPA and Security Awareness Training, you may visit the DCF Training page.

Complete a Provider Data Security Enrollment Form (entitled Database Access Request Form) and the Access Confidentiality and Nondisclosure Agreement Form and obtain your supervisor’s signature on them. Review instructions attached to the Database Access Request Form carefully prior to completing the form.

Scan and email completed Data Security Enrollment Form (Database Access Request Form), Access Confidentiality and Nondisclosure Agreement Form, and HIPAA and Security Agreement training certificates to:

  • Your Managing Entity Data Liaison if you are subcontracted with a Managing Entity.
  • Sarah Griffith at DCF if you are employed by a private licensed substance abuse provider, or a private designated Baker Act receiving facility requesting SAMHIS access.

You should receive your IRAS user logon and initial password from your Managing Entity Data Liaison, or Sarah Griffith within 30 days.  Please disregard any system generated emails from Tivoli with your user logon and a non-working link.  Please follow-up with Sarah Griffith if you do not receive your user logon and initial password within 30 days.

Install Cisco AnyConnect, and create a shortcut to the DCF Web Portal in Internet Explorer on your desktop. A link to the AnyConnect installation instructions and the DCF Web Portal login will be included on the email you receive containing your user logon and initial passwords.

Log into Cisco AnyConnect and once connected, click on your DCF Web Portal shortcut. Log into the DCF Web Portal and click on Incident Reporting and Analysis System on the left side menu.

Review the IRAS User Guide for more details (This guide is also accessible within the IRAS system).

Review DCF Operating Procedure, CF-OP 215-6, to learn what incidents must be reported and the responsibilities of provider staff.

This completes your registration. You should now be able to access IRAS to submit or view incidents. If you have technical problems while using IRAS (other than with the registration process), email @email. For problems with the registration process, contact Sarah Griffith.

Reporting Incidents to IRAS

Learn who is responsible for submitting incident reports to IRAS, the types of critical incidents that must be reported, and when they should be reported.

What Types Of Critical Incidents Must Be Reported?

The following types of critical incidents must be reported to IRAS. These incidents are defined and outlined in CF-OP 215-6.

  • Child-on-Child Sexual Abuse
  • Child Arrest
  • Child Death
  • Adult Death
  • Elopement
  • Employee Arrest
  • Employee Misconduct
  • Escape
  • Missing Child
  • Security Incident – Unintentional
  • Significant Injury to Clients
  • Significant Injury to Staff
  • Suicide Attempt
  • Sexual Abuse/Sexual Battery

The definition of each category of critical incident is also found in the Help Screens of the IRAS system. These definitions are uniform for all DCF programs and services.

When Must Incidents Be Reported?

For each critical incidents, an incident report must be submitted to IRAS within one business day. MEs must establish appropriate timelines for subcontracted providers to report critical incidents to the ME, and for the ME to submit the incident report to IRAS.

When a critical incident occurs, subcontracted provider staff should:

  • Take action to ensure the health, safety, and welfare of all individuals involved in the incident.
  • Contact law enforcement, emergency responders, or the Abuse Hotline.
  • Follow the incident reporting procedures established by the Managing Entity (ME).

CF-OP 215-6 provides additional guidance on reporting incidents.