Compliance Planning for ASCs: Essential Elements

To avoid violations, complaints, and investigations, your ambulatory surgical center needs a solid compliance plan. We break down the key aspects of robust compliance efforts.

Surgical professionals collaborating together in operating room.

Have you been dragging your feet on compliance planning? If you’re the owner or administrator of an ambulatory surgical center (ASC), compliance planning evokes concepts you probably don’t enjoy thinking about: the mountain of regulations surrounding healthcare, the requirements that divert your focus from patient care, and the belief that full compliance is difficult, perhaps even impossible, to achieve.

Set aside those notions, and instead, think about the goals that you have for your ASC. Do you want to:

  • Create a culture in which your workforce, vendors, and patients all know that you operate to the highest standards and within the law?
  • Encourage your workforce to prevent, identify, and report illegal conduct?
  • Maintain smooth relationships with government and private payors?
  • Sail through audits or investigations with nothing to hide?
  • Protect the ASC in the event of a lawsuit?

A compliance plan is not an end in itself; it’s a powerful tool for achieving the desired results above. And once you see the big picture, you’ll find the process much more accessible and rewarding.

Preventing Fraud and Breaches of Privacy

Fundamentally, compliance planning addresses two of the government’s chief concerns: 1) fraud and abuse and 2) medical information privacy. The relevant laws include:

  • Anti-Kickback Statute, which prohibits the knowing and willful solicitation, receipt, offer or payment of “any remuneration (including any kickback, bribe or rebate), directly or indirectly, overtly or covertly, in cash or in-kind” in return for or to induce the referral, arrangement or recommendation of Medicare or Medicaid business.
  • False Claims Act, which prohibits filing fraudulent or false claims that are payable by the Medicare program.
  • Stark Law, which prohibits a physician from referring patients to an entity that he or she owns or has an interest in for the provision of “Designated Health Services,” if payment for those services may be made by Medicare or Medicaid.
  • HIPAA, which requires that “covered entities” protect the privacy of individually identifiable health information, protect the integrity of the records, and establishes patients’ rights around accessing their health information.
  • The state versions of all of the federal laws above

Few ASCs intend to defraud their payors or breach patients’ privacy. Instead, many violations arise from ignorance of the law, insufficient training and communication, administrative shortcuts (sometimes expressly intended to help the patient), creative marketing efforts, and other behaviors that you might view as innocent. And thanks to better technology, the government can flag the non-compliant activities of smaller independent facilities. In other words, state and federal fraud cases aren’t limited to the flagrant, multimillion-dollar schemes you see in the headlines.

Above all, a compliance plan helps you understand precisely how the laws map onto your specific situation. A plan also helps you build routine processes across your entire team to ensure everyone operates within these parameters. By “everyone,” we include all individuals who do business with, work at, or interact with your ASC, such as practitioners, employees, board members, governing bodies, committee members, and vendors.

Identifying Safe Harbors

A compliance plan will help you identify safe harbors for your ASC. A safe harbor is a provision of a statute or a regulation that specifies conduct that will be deemed to not violate a given rule. 

Anti-Kickback Statute

CMS has implemented a “safe harbor” that applies only to Medicare-certified ASCs. The parameters are narrow and specific, and it will depend upon the safe harbor category the ASC fits into, which is based upon the ASC ownership/investors. Each one has different requirements.

Stark Law

The law doesn’t prohibit an ASC from offering surgical and related covered services that are reimbursed by Medicare under the ASC group rate, so long as they aren’t separately billable to Medicare or Medicaid programs. However, an ASC generally can’t provide separately billable labs, prescription drugs, and physical therapy services.

False Claims Act

The False Claims Act doesn’t contain specific safe harbors or protections for ASCs, so ASCs are encouraged to remember the most common violative activities: upcoding, billing for services not rendered, filing false cost reports, and double-billing.


It’s common for ASCs to outsource their HIPAA compliance to third parties. But, this doesn’t alleviate the ASC’s HIPAA compliance obligations. The third party will be a business associate, but the ASC will remain a “covered entity” under HIPAA.

A word of caution: never just assume that a safe harbor applies. Often, the laws necessitate that an attorney review the specific arrangement that you’re proposing.

Compliance Planning Steps

Appoint a Compliance Officer

Before anything, we recommend that you appoint a compliance officer to oversee the ASC’s compliance program. The person should not only head up the development of policies, but also monitor the ASC’s compliance, supervise employee adherence, facilitate training, and respond to complaints/concerns about violations of the Anti-Kickback Statute, Stark Law, False Claims Act, or HIPAA.

Establish Written Policies

Comprehensive written policies and procedures serve as the backbone of your compliance planning. You’ll need to address Anti-Kickback Statute, Stark Law, False Claims Act, and HIPAA— plus the state versions of these laws.

As part of your written policies, establish standards of conduct for the ASC’s entire workforce. These standards of conduct, which you can include in your employee handbook, should identify prohibited behavior and the process for reporting potential violations. Give extra attention to standards of conduct for high-risk activities—billing, contracting, marketing, and claims processing— because these are where most violations occur.

Areas of focus may include:

  • Avoiding routine deductible or co-pay waivers 
  • Ensuring all leases, purchase agreements, and contracts are for fair-market value
  • Avoiding referrals to the physician’s business affiliates (except as permitted by applicable safe harbors, with the ASC’s legal counsel’s go-ahead)
  • Ensuring services are billed for the permitted rate only, and report any double-billing or balance-billing
  • Submitting claims only for medically necessary services
  • Protecting confidential information, even after employment at ASC ends

Train Your Workforce

Written policies have no value if your employees and contractors lack a common understanding of how to apply those policies to their day-to-day work. Training not only fosters that understanding but also signals that you’re serious about adherence to the plan.

Train everybody in the conduct prohibited by the Anti-Kickback Statute, Stark Law, False Claims Act, and HIPAA, and educate them about how to follow ASC procedures to avoid non-compliance. Specifically, focus on billing, sales, contracting, staffing, and marketing-related employees: these are the risky areas for non-compliance

To boost buy-in and comprehension, explain the why behind the ASC’s compliance policies. Ensure that they understand what’s required of them by the ASC as well as by federal and state law. Then confirm that your staff knows that continued employment requires compliance with the ASC’s policies.

Monitor Your Compliance

Once you’ve developed your plan and trained your workforce, you can’t just rest on your laurels. Proactively monitor your ASCs compliance. Investigate any potential wrongdoing in conjunction with the ASC’s attorney, and take appropriate disciplinary action—including and up to termination— against employees who violate your policies.

Mock audits, for example, serve as a powerful tool for assessing your compliance and preparing you for a government audit. At a minimum, you should:

  • review all of the ASC’s compliance documentation
  • look over the billing and code records
  • interview your high-risk personnel (management, operations, billing, contracting, sales, marketing)
  • review all business associates’ contracts, including their compliance plans

Follow up the mock audit with a plan for corrective action, and document disciplinary action or remedial actions taken.

Where to Get Help with Compliance Planning

An experienced healthcare attorney can help you address all of the requirements for your particular structure, specialty, state, and circumstance by drafting a comprehensive policy (reflecting the ASC’s fit under applicable safe harbors) and providing guidance on implementation and maintenance.

To learn more about how Jackson LLP can set your ASC on the road to compliance, reach out to us for a consultation.

This blog is made for educational purposes and is not intended to be specific legal advice to any particular person. It does not create an attorney-client relationship between our firm and the reader and should not be used as a substitute for competent legal advice from a licensed attorney in your jurisdiction.

Free Attorney Consultation

Book Now

Skip to content