Overview
The DPPC Abuser Registry is intended to protect individuals with intellectual or developmental disabilities (I/DD) by barring care providers who have a substantiated finding of registrable abuse from continuing to work with this population.

About the DPPC Abuser Registry
In 2020, Massachusetts enacted a law requiring the DPPC to “establish and maintain a registry of care providers against whom the (DPPC) has made a substantiated finding of registrable abuse.” The DPPC Abuser Registry is effective July 31, 2021, and is intended to protect individuals with intellectual or developmental disabilities (“I/DD”) by barring care providers who have a substantiated finding of registrable abuse from working with other persons with intellectual or developmental disabilities.
The Department of Developmental Services (DDS) and Employers, which are agencies that are funded by, contract with, or are licensed by DDS to provide services and supports to people with I/DD, are legally required to check the Abuser Registry to ensure that no care provider or prospective care provider is listed on the Registry.
The DPPC Abuser Registry is not open to the general public and all information in the Registry database is confidential.
How to Request Access to the Abuser Registry
How to Request Access to the Abuser Registry
If you are an employer who runs a program that is licensed, contracted, or funded by DDS, please submit the DPPC Employer Access Authorization Form (DOCX) and send it to the DPPC by email to DPPCRegistry@mass.gov.
The DPPC may also request documentation to confirm that you meet the definition of employer pursuant to Chapter M.G.L. c. 19C (e.g. DDS contract, DDS funding agreement, etc.). Additionally, your organization will be required to provide contact information for one individual to act as an authorized access administrator (AAA).
DPPC will consider the authorized access administrator as the employer’s official representative for all DPPC Abuser Registry matters. All future correspondence, including notifications of substantiated cases of registrable abuse by a care provider, will be addressed to the designated authorized access administrator. Authorized access administrators may also be contacted to perform employment verifications during the course of a compliance review and/or investigation.
The authorized access administrator will be responsible for approving the user accounts for employees of your organization who will be searching the DPPC Abuser Registry.
Abuser Registry Frequently Asked Questions for Employers
What is a “substantiated finding of registrable abuse”?
A substantiated finding of registrable abuse is a finding by the DPPC that a care provider abused a person with I/DD. For additional statutory definitions, please review the “DPPC Abuser Registry Definitions” drop down menu below.
Who is a care provider?
A care provider is an individual employed by DDS or employed in any program licensed, contracted, or funded by DDS to provide services and support to persons with I/DD between the ages of 18-59. Care providers can include volunteers, interns, work-study participants, or any other similar unpaid positions.
Who has access to the DPPC Abuser Registry?
The DPPC Abuser Registry is not a public registry. This information is not considered a “public record” for purposes of M.G.L. c. 66 and all information regarding care providers listed on the DPPC Abuser Registry is confidential. By law, the DPPC Abuser Registry can only be accessed by DDS or Employers who are funded by, contract with, or are licensed by DDS. Employers are required to create verified accounts to check whether employees or prospective employees are on the DPPC Abuser Registry.
Who is required to check the DPPC Abuser Registry?
DDS and agencies defined as Employers by the law must check the registry. For purposes of the DPPC Abuser Registry, Employer means any agency that provides services or treatment to people with I/DD pursuant to:
- A contract or agreement with DDS;
- Funding administered by DDS; or
- A license issued by DDS.
Can a human services agency with no DDS contract, license, or funding check the Abuser Registry?
No. At this time, the law only permits DDS or Employers who provided services or treatment to persons with I/DD pursuant to a contract or agreement with DDS, a license from DDS, or funding from DDS.
When do I need to check the DPPC Abuser Registry?
DDS or Employers who have a contract or agreement with DDS, a license from DDS, or are funded by DDS must check the DPPC Abuser Registry before employing or contracting with a care provider (a care provider is someone who is or will be working for you and may provide services or treatment to people with I/DD between the ages of 18-59.
Do I have to check the DPPC Abuser Registry before hiring staff, or is it optional?
Checking the DPPC Abuser Registry is mandatory. All Employers must check the DPPC Abuser Registry before hiring or contracting with any care provider who may be providing services or treatment to a person with I/DD between the ages of 18-59.
What types of employees do I need to check on the DPPC Abuser Registry?
Employers must screen everyone seeking to be hired as a care provider, or anyone who may be called on to function in a care provider role. Employers should determine whether staff hired to support the Employer’s operations would ever be required to act as care providers for people with I/DD such as during an unforeseen incident or emergency.
By law, if you fail to comply with the requirement to check the DPPC Abuser Registry before hiring care providers, or if you hire as a care provider someone listed on the DPPC Abuser Registry, you may be fined up to $5,000, have your license revoked or downgraded, forfeit your state contract, or a combination of any of these penalties.
How do I access the DPPC Abuser Registry?
An employer needs to be approved before its employees can access the DPPC Abuser Registry. If your organization does not have a DPPC Abuser Registry account, please refer to the above drop down entitled, “How to Request Access to the Abuser Registry” for eligibility details and instructions on requesting access. Once an employer has been approved, the employer’s Authorized Access Administrator (“AAA”) will receive an email with a link to activate their user account. Once the AAA has activated their own account, the AAA can create additional accounts for other agency employees. AAAs are responsible for managing access to their organization’s DPPC Abuser Registry account. The AAA is the only user with the ability to create, deactivate, and update user accounts. There is only one AAA per employer.
How can I register my organization to obtain access to the DPPC Abuser Registry?
If you are an Employer who runs a program that is licensed, contracted, or funded by DDS and your organization has not previously received an email informing you that your organization has been registered, please complete the DPPC Employer Access Authorization Form (DOCX) and send it to the DPPC by email to DPPCRegistry@mass.gov. The DPPC may also request documentation to confirm that you meet the definition of Employer pursuant to M.G.L. c.19C (for example, DDS contract, DDS funding agreement, etc.). Additionally, your organization will be required to provide contact information for one individual to act as an Authorized Access Administrator. The Authorized Access Administrator will be responsible for approving the user accounts for employees of your organization who will be searching the DPPC Abuser Registry. Each organization may have up to four user accounts.
I am Authorized Access Administrator for the DPPC Abuser Registry. What is my role?
DPPC will consider the authorized access administrator (“AAA”) as the Employer’s official representative for all DPPC Abuser Registry matters. All future correspondence sent to Employers, including notifications of substantiated cases of registrable abuse by a care provider, will be addressed to the designated authorized access administrator. Authorized access administrators may also be contacted to perform employment verifications during the course of a compliance review and/or investigation.
AAAs are also responsible for managing access to their organization’s DPPC Abuser Registry account. The AAA is the only user who has the account permission necessary to create, deactivate, and update user accounts. There is only one AAA per employer.
Do people who hire through the DDS Participant Directed Program need to check the Abuser Registry?
Yes, the fiscal intermediary (FI), Acumen Fiscal Agent (AFA) will conduct the Abuse Registry check, as well as the Massachusetts Criminal Offender Record Information (CORI) check and National Criminal Background Check for these individuals or guardians at the time of hire. For PDP participants using Agency With Choice (AWC), the agency will conduct the check. For more details, visit the DDS Self-Directed Services Page.
I ran the DDS Fingerprint Background Check, do I still need to check the DPPC Abuser Registry?
Yes. Completing a search of the DPPC Abuser Registry is required for every prospective care provider, regardless of other steps you take in order to ensure the care provider’s suitability for employment. A search of the DPPC Abuser Registry does not relieve you of your obligation to follow all other employment requirements of your organization, including DDS’s Fingerprint Background Check.
Do I need permission to check a staff/prospective staff on the DPPC Abuser Registry?
Yes. The law requires that Employers receive signed consent from the care provider or prospective care provider. You can find an example of the required consent form by downloading the DPPC Abuser Registry Search Consent Form (DOCX).
Can I check the Registry regularly or randomly after employing or contracting with a care provider?
Yes. Agencies are permitted, to check the DPPC Abuser Registry on a regular or random basis, or if they have reason to believe one of their care providers has been listed on the registry since the last time a check was completed. A regular or random search still requires signed consent. Download the DPPC Abuser Registry Search Consent Form (DOCX) for reference.
What if I want to hire someone whose name is listed on the DPPC Abuser Registry?
If you are DDS or an agency that provides services or treatment to people with I/DD under a contract, agreement, or license with DDS, or funding administered by DDS, you are prohibited from hiring someone whose name is listed on the DPPC Abuser Registry to work as a care provider. There are NO exceptions.
How do I search the DPPC Abuser Registry?
Please see the DPPC Abuser Registry User Guide.
What information will I get when I check someone’s name on the DPPC Abuser Registry?
Employers will be required to input identifying information for a potential care provider and the result will inform the Employer whether the information entered resulted in a match to a care provider listed on the DPPC Abuser Registry. At no time will an Employer receive a list of care providers who appear on the DPPC Abuser Registry.
Are employers notified of registrable abuse cases or proceedings?
Yes. By law, DPPC is required to notify DDS and the care provider’s last known Employer of investigation findings substantiating a care provider for registrable abuse and any further actions related to the findings, such as appeals and decisions on appeals. Notifications to the care provider’s last known Employer will be addressed to the Employer’s Authorized Access Administrator.
When can a DPPC Petition Decision be Appealed to the Division of Administrative Law Appeals?
If the Petition decision upholds the substantiation of registrable abuse, the DPPC will notify you of your right to appeal that decision with the Division of Administrative Law Appeals (“DALA”) and provide you specific instructions on how to do so. You must file your appeal with DALA within 13 business days after the DPPC mails the Petition decision to you. Per DPPC’s regulations (118 CMR 14.03 (4)), if you file an appeal with DALA, the DPPC will not enter your name on the DPPC Abuser Registry unless and until DALA issues a final decision affirming the substantiation of registrable abuse.
To learn more, visit the Division of Administrative Law Appeals (DALA) or review the Administrative Appeals Process.
Abuser Registry Frequently Asked Questions for the Public
What is a “substantiated finding of registrable abuse”?
A substantiated finding of registrable abuse is a finding by the DPPC, that a care provider abused a person with I/DD. For additional statutory definitions, please review the “DPPC Abuser Registry Definitions” drop down menu below.
Who is a care provider?
A care provider is an individual employed by DDS or employed in any program licensed, contracted, or funded by DDS to provide services and support to persons with I/DD between the ages of 18-59. Care providers can include volunteers, interns, work-study participants, or any other similar unpaid positions.
Who has access to the DPPC Abuser Registry?
The DPPC Abuser Registry is not a public registry. This information is not considered a “public record” for purposes of M.G.L. c. 66 and all information regarding care providers listed on the DPPC Abuser Registry is confidential. By law, the DPPC Abuser Registry can only be accessed by DDS or Employers who are funded by, contract with, or are licensed by DDS. Employers are required to create verified accounts to check whether care providers or prospective care providers are on the DPPC Abuser Registry.
Are victims of registrable abuse notified of registrable abuse cases or proceedings?
Yes. Victims (and their legal guardians) in substantiated cases of registrable abuse will be notified of investigations substantiating a care provider for registrable abuse and will receive instructions to track additional updates on the DPPC Abuser Registry Notification Lookup page.
What about victims with disabilities other than I/DD?
At this time, the law only permits DPPC to place care providers who work for DDS or who work for Employers who are funded by, contract with, or are licensed by DDS, onto the DPPC Abuser Registry. However, the long-term legislative goal is to expand the DPPC Abuser Registry to include caretakers for persons with all types of disabilities.
A case of abuse was substantiated against me in the past; am I listed on the DPPC Abuser Registry?
Only care providers in cases substantiated by DPPC on or after July 31, 2021 can be listed on the DPPC Abuser Registry.
What does it mean if I am listed on the DPPC Abuser Registry?
By law, DDS and Employers who are funded by, contract with, or are licensed by DDS to provide services or treatment to persons with intellectual or developmental disabilities, are prohibited from employing or contracting with you.
I got a notice telling me I was substantiated against for registrable abuse. Can I appeal?
Yes. If an allegation of registrable abuse was substantiated against you, you will receive information with specific instructions on how you can file a Petition for Review. Per DPPC’s regulations (118 CMR 14.02 (4) (a) 2), a Petition for Review must be filed within 10 business days of your receipt of the investigation report. To be considered filed within 10 business days, the Petition for Review must be received via email or postmarked by its due date. The due date for filing a Petition for Review is highlighted in the Notice — and the due date includes 3 business days for the mailing to get to you, as well as your 10 business days for responding. If you submit a timely Petition for Review, you will not be added to the DPPC Abuser Registry while a decision is being made on your Petition for Review.
What if I do not file a Petition for Review within 10 business days?
By law, if the DPPC does not receive a Petition for Review within the prescribed time, the DPPC will enter your name on the DPPC Abuser Registry.
I got a decision from the DPPC on my Petition for Review and disagree with it. Can I appeal?
Yes. If the Petition decision upholds the substantiation of registrable abuse, the DPPC will notify you of your right to appeal that decision with the Division of Administrative Law Appeals (“DALA”) and provide you specific instructions on how to do so. You must file your appeal with DALA within 13 business days after the DPPC mails the Petition decision to you.
Per DPPC’s regulations (118 CMR 14.03 (4)), if you file an appeal with DALA, the DPPC will not enter your name on the DPPC Abuser Registry unless and until DALA issues a final decision affirming the substantiation of registrable abuse. To learn more about the Division of Administrative Law Appeals (DALA), visit DALA’s Official Page. For details on the administrative appeals process, visit MA Administrative Appeals Process.
What if I don’t file an appeal with DALA after receiving a Petition decision from the DPPC?
If you do not seek further review by DALA, DPPC will enter your name on the DPPC Abuser Registry.
What information is listed on the DPPC Abuser Registry?
The DPPC Abuser Registry contains care providers’ first names, last names, middle initials, dates of birth, and last four digits of their Social Security numbers. This information is not visible on the DPPC Abuser Registry. Employers must check the Abuser Registry by submitting identifying information for a potential care provider. The Employer will receive a search result informing the Employer of whether the information entered resulted in a match to a care provider listed on the DPPC Abuser Registry. At no time will an Employer receive a list of care providers who appear on the DPPC Abuser Registry.
Do I need to consent to an Employer checking if I am on the DPPC Abuser registry?
Yes. The Employer will ask you to sign a consent form before checking your information against the DPPC Abuser Registry.
What if I don’t sign the consent form?
You cannot be hired or retained as an employee.
Can someone request to be removed from the DPPC Abuser Registry?
Yes. Five years after being placed on the DPPC Abuser Registry, or five years after the conclusion of any prior Petition for Removal from the DPPC Abuser Registry, you have the right to petition for removal from the DPPC Abuser Registry. More information about this process can be found in DPPC’s Regulations at 118 CMR 14.04 (PDF).
When can a DPPC Petition Decision be Appealed to the Division of Administrative Law Appeals?
If the Petition decision upholds the substantiation of registrable abuse, the DPPC will notify you of your right to appeal that decision with the Division of Administrative Law Appeals (“DALA”) and provide you specific instructions on how to do so. You must file your appeal with DALA within 13 business days after the DPPC mails the Petition decision to you. Per DPPC’s regulations (118 CMR 14.03 (4)), if you file an appeal with DALA, the DPPC will not enter your name on the DPPC Abuser Registry unless and until DALA issues a final decision affirming the substantiation of registrable abuse.
To learn more, visit the Division of Administrative Law Appeals (DALA) or review the Administrative Appeals Process.
Terms Relevant to the DPPC Abuser Registry
See 118 CMR 2.02 for all definitions.
Caretaker: A Caretaker who is employed by, or contracts with, the Department or an Employer to provide services or supports to a Person with an Intellectual Disability or a Person with a Developmental Disability. Care Providers include all Caretakers in any program licensed, contracted, or funded by the Department; and any Caretaker who provides services on behalf of any program licensed, or funded by or contracted with the Department. A Care Provider shall be considered to be contracting with the Department or Employer irrespective of whether the Care Provider is receiving compensation for services, including volunteers, interns, work-study participants, or any other similar unpaid position.
- Employer: An entity that provides services or treatment to a Person with an Intellectual Disability or a Person with a Developmental Disability pursuant to: (i) a contract or agreement with the Department (of Developmental Services); (ii) funding administered by the Department (of Developmental Services); or (iii) a license issued pursuant to M.G.L. c. 19B, § 15 or 15A. An entity shall be considered an Employer if any part of its operations are funded or licensed by the Department or contracted with the Department.
- Registrable Abuse: An Act or Omission of a Care Provider that results in Serious Physical Injury or Serious Emotional Injury or constitutes Abuse Per Se of a Person with an Intellectual Disability or a Person with a Developmental Disability between the ages of 18 and 59. Registrable Abuse shall not include instances in which the Commission, after review of an objection under 118 CMR 14.02 (3), issues a decision pursuant to 118 CMR 14.02 (4) (b) 2, that upon weighing the conduct of the Care Provider and its outcome, the Commission determines that the incident was isolated and unlikely to reoccur and that the Care Provider is fit to provide services or supports to persons with intellectual or developmental disabilities.