Is Your Surgery Center Ready for the Survey That Could Happen Tomorrow?

A 30-point self-assessment across 6 critical areas for surgery centers and healthcare facilities. Work through each section honestly. Your score at the end will tell you exactly where your compliance infrastructure stands — and where it doesn't.

SECTION 1 OF 6: Documentation & Policy Architecture

Question 1: All clinical and operational policies are stored in a single, centralized location — not scattered across shared drives, binders, or email folders.

Yes

If you answered NO: This is the most common source of survey citations.

Question 2: Policies are reviewed and updated on a documented annual schedule with version control showing the date of each revision.

Yes

Surveyors will ask for the last review date. 'We just do it' is not an acceptable answer.

Question 3: Every policy is linked to its governing regulation, accreditation standard, or clinical guideline (e.g., Joint Commission, AAAHC, CMS, OSHA).

Yes

Question 4: Staff can locate any policy or procedure in under 2 minutes without asking a supervisor.

Yes

Time yourself or a staff member right now. The result will tell you everything.

Question 5: Outdated or superseded policy versions are archived — not deleted — and clearly marked so they are not mistakenly followed.

Yes

SECTION 2 OF 6: Staff Knowledge & Role Readiness

Question 6: Clinical staff can accurately describe the steps of at least 3 core procedures relevant to their department — without referencing a manual.

Yes

Question 7: New hires receive a structured compliance orientation that covers department-specific policies — not just general onboarding.

Yes

One-size-fits-all onboarding is a compliance gap. A surgical tech and a front desk coordinator have very different compliance obligations.

Question 8: Competency assessments are documented for all clinical staff — on file and retrievable during an inspection.

Yes

Question 9: Staff know the correct escalation pathway when a policy is unclear, a procedure is not available, or a potential violation occurs.

Yes

If the answer is 'they'd ask their manager,' that is not a system — that is a gap.

Question 10: Role-specific compliance training is completed and documented at least annually —with records that can be produced on demand.

Yes

SECTION 3 OF 6: Infection Control & Patient Safety Protocols

Question 11: Infection control policies reflect the most current CDC, OSHA, and accreditation body guidelines — including updates from the past 12 months.

Yes

Question 12: Sterilization and disinfection logs are current, complete, and accessible — with no unexplained gaps.

Yes

Missing or inconsistent sterilization logs are among the top Joint Commission citation categories.

Question 13: The facility has a documented, tested exposure control plan — and all staff who might encounter bloodborne pathogens have received training on it.

Yes

Question 14: Surgical hand hygiene compliance is monitored and documented — with a process in place to address non-compliance.

Yes

Question 15: Medication handling, labeling, and disposal procedures comply with current USP, DEA, and state board of pharmacy requirements.

Yes

SECTION 4 OF 6: HIPAA & Data Governance

Question 16: A current, signed Business Associate Agreement (BAA) exists for every vendor, software platform, and third party that handles Protected Health Information (PHI).

Yes

AI tools, scheduling software, billing platforms, and even answering services may require a BAA.

Question 17: The facility has a documented HIPAA Privacy and Security Officer — and that person can articulate their specific responsibilities.

Yes

Question 18: Staff have received HIPAA training within the past 12 months — with signed attestations on file.

Yes

Question 19: Any AI tools used to assist with documentation, scheduling, or patient communication have been reviewed for HIPAA compliance.

Yes

This is an emerging and rapidly scrutinized area. If you are using AI tools and have not assessed them for PHI exposure, this is an immediate gap.

Question 20: A breach response plan exists, has been reviewed in the past year, and at least one drill or tabletop exercise has been documented.

Yes

SECTION 5 OF 6: Emergency Preparedness & Life Safety

Question 21: The facility has a current, CMS and/or accreditation-compliant Emergency Operations Plan — reviewed within the past 12 months.

Yes

Question 22: Fire drills and emergency evacuation exercises are conducted, documented, and include all staff shifts — not just day shift.

Yes

Facilities that only drill during business hours create a false sense of readiness.

Question 23: Medical gas systems, fire suppression equipment, and emergency exits are inspected on the required schedule — with current documentation.

Yes

Question 24: All staff can identify the location of fire extinguishers, emergency shutoffs, and evacuation routes specific to their department.

Yes

Question 25: Backup power systems (generators, UPS) are tested regularly and the test results are documented and reviewed.

Yes

SECTION 6 OF 6: AI Technology Governance

This section reflects emerging regulatory expectations from CMS, The Joint Commission, and state health departments regarding the use of AI tools in clinical and administrative settings. Surveyors are beginning to ask about AI governance. Most facilities are not prepared.

Question 26: The facility has an inventory of all AI tools currently in use — clinical documentation assistants, scheduling bots, patient communication tools, etc.

Yes

You cannot govern what you have not inventoried.

Question 27: Each AI tool in use has been assessed for HIPAA compliance, PHI exposure, and data retention practices.

Yes

Question 28: There is a written AI Use Policy that defines acceptable use, oversight requirements, and staff accountability for AI-generated outputs.

Yes

Question 29: Staff using AI tools have received training on their limitations — particularly the risk of inaccurate outputs in clinical contexts.

Yes

Question 30: AI-assisted documentation is reviewed by a licensed clinician before it is entered into the medical record.

Yes

AI documentation without clinical review creates both a safety and a liability exposure.