Beyond the Statute: What the OhioHealth Consent Decree Tells Compliance Officers About Long-Term DOJ Monitoring

On June 16, 2026, the U.S. Department of Justice and OhioHealth filed a consent decree resolving antitrust litigation over the health system's payer contracting practices. The settlement hinged on allegations of anti-steering, anti-tiering, and price transparency restrictions in OhioHealth's contracts with health plans in the Columbus, Ohio market.

A scope note before going further. The OhioHealth case is an antitrust matter under federal competition law. It is not a Stark Law or Anti-Kickback Statute case, and ArrowISE's compliance infrastructure is purpose-built for physician arrangement compliance under Stark, AKS, and OIG frameworks — not antitrust enforcement. Compliance officers navigating antitrust-specific obligations should engage qualified antitrust counsel.

But the compliance program obligations imposed by the OhioHealth consent decree are worth careful reading by every compliance officer at every health system — because the operational patterns mirror Corporate Integrity Agreements that already sit in the federal enforcement landscape under Stark Law and AKS. The statute differs. The documentation infrastructure required to satisfy multi-year DOJ monitoring does not.

The Compliance Obligations Imposed on OhioHealth

Per the consent decree, OhioHealth's compliance program obligations span five to ten years (with DOJ discretion on the length) and include:

• Notification distribution. OhioHealth must notify all relevant insurers of the settlement within 15 business days, and distribute the settlement to its directors, C-suite officers, and contracting staff.
• Compliance affidavits. Filed every 45 days until the decree's specific stipulations are met.
• Quarterly contract reports. Reports on new or amended payer contracts over a five-year period.
• Court-appointed compliance monitor. OhioHealth pays for the monitor for five years; the monitor has access to staff, contracts, and records, and reports directly to DOJ and the State of Ohio.
• DOJ reopening discretion. DOJ can reopen the case over the next five years if violations continue.

These obligations are operational, not legal. They require documentation infrastructure capable of producing contemporaneous, auditable records over a five- to ten-year window — through staff changes, leadership transitions, and operational evolution.

Why These Obligations Look Familiar — Corporate Integrity Agreement Patterns

Compliance officers reading the OhioHealth decree will recognize the operational pattern. The same multi-year monitoring structure appears across HHS-OIG Corporate Integrity Agreements imposed under Stark Law and Anti-Kickback Statute settlements.

Two reference points from the ArrowISE enforcement library:

• The Community Health Network Stark Law settlement ($345 million, 2023) resolved with a five-year Corporate Integrity Agreement with HHS-OIG, imposing ongoing compliance program obligations and structured reporting that extended years beyond the underlying conduct.
• The Fresno Community Health PNA AKS settlement ($31.5 million, 2025) resolved with a five-year Corporate Integrity Agreement with HHS-OIG requiring a risk-assessment program and engagement of an Independent Review Organization (IRO) through the CIA period.

The underlying statutes differ between OhioHealth (antitrust) and the Stark/AKS cases (False Claims Act, Stark Law, AKS). The compliance program obligations imposed by the settlements are operationally similar: multi-year monitoring, structured documentation, periodic reporting, designated compliance leadership, and external oversight.

What This Means for Compliance Program Infrastructure

The operational pain point in any multi-year compliance monitoring obligation is not the underlying statute. It is the documentation infrastructure required to satisfy the monitor or auditor over years of operational change.

Consider what a court-appointed compliance monitor with access to staff, contracts, and records over a five-year period actually demands operationally:

1. Contemporaneous documentation. Records that demonstrably existed at the time of the underlying activity, not assembled after the fact in response to a monitor's request.
2. Tamper-evident audit trails. Documentation systems where historical records cannot be modified without detectable evidence of modification — what defense counsel typically characterize as "tamper-evident" in CIA contexts.
3. Portfolio-level visibility. The ability to surface specific contracts, arrangements, or records across the institution at scale, not by manual retrieval from disparate systems.
4. Operational reconciliation. Evidence that documented practices match actual operational reality — the documentation says X, and the institution can demonstrate that X actually happened.
5. Reporting infrastructure. The ability to produce regular structured reports (affidavits, quarterly summaries, annual reviews) without manual assembly cycles that drift toward inaccuracy under deadline pressure.

Whether the monitor is auditing antitrust contract compliance, Stark Law physician arrangements, or AKS safe harbor documentation, the infrastructure requirements converge. The institution that can produce contemporaneous, tamper-evident, portfolio-scale documentation on demand satisfies the monitor. The institution that cannot does not, regardless of the underlying statute.

The Infrastructure Question Compliance Teams Should Be Asking

A practical compliance program question, prompted by the OhioHealth decree but applicable beyond antitrust:

If our institution entered a five-year DOJ consent decree or Corporate Integrity Agreement tomorrow — for any reason — what specific documentation infrastructure would we lack?

Most compliance officers can produce a quick mental inventory of where the gaps are. Common patterns:

• Physician arrangement records distributed across spreadsheets, contract management systems, and individual compliance staff knowledge.
• FMV opinions stored as PDF documents in shared drives, without freshness tracking or compensation drift detection.
• Audit trails generated as needed rather than maintained contemporaneously, with modifications possible by authorized admin users without detectable evidence.
• Cross-system reconciliation that requires manual effort to produce and is difficult to verify against operational reality.
• Reporting cycles that produce accurate snapshots at scheduled intervals but cannot reconstruct historical states with confidence.

These gaps are not problems on a normal compliance day. They become problems on the day a settlement, decree, or audit requires retrospective documentation infrastructure that the institution does not have.

How ArrowISE Relates to This Conversation

ArrowISE's compliance infrastructure addresses Stark Law and Anti-Kickback Statute physician arrangement documentation specifically. It does not address antitrust compliance, payer contract monitoring, or the specific obligations of an antitrust consent decree.

But the documentation patterns that survive long-term DOJ scrutiny are the same patterns ArrowISE applies to physician arrangement portfolios: contemporaneous documentation, hash-chained tamper-evident audit trails, portfolio-scale visibility, operational reconciliation, and structured reporting infrastructure.

Compliance officers preparing their institutions for potential multi-year monitoring obligations under any statute should evaluate whether their Stark/AKS arrangement documentation can survive five years of scrutiny. If it cannot, that is a more immediate operational risk than the antitrust-specific lessons of OhioHealth — and it is directly addressable.

Common Questions About DOJ Compliance Monitoring

What is a Corporate Integrity Agreement (CIA)?

A Corporate Integrity Agreement is a multi-year compliance program obligation that the HHS Office of Inspector General imposes on healthcare institutions as part of a federal settlement, most commonly resolving allegations under the False Claims Act, Stark Law, or Anti-Kickback Statute. CIAs typically run three to five years and require ongoing reporting, internal audits, independent review organization oversight, and structured compliance program operations. The OIG maintains a public list of active CIAs.

How do CIA monitoring obligations typically work?

CIA monitoring obligations typically include written policies, compliance officer designation, board-level compliance committee, training and education, internal review and disclosure of overpayments, independent review organization engagement, annual reports to OIG, and ongoing screening against the OIG List of Excluded Individuals and Entities. The specific requirements vary by case and the underlying conduct, but the operational pattern of multi-year structured documentation is consistent.

What documentation does a court-appointed compliance monitor typically require?

A court-appointed compliance monitor in a DOJ consent decree typically requires access to records, contracts, communications, and staff sufficient to verify ongoing compliance with the decree's specific obligations. In the OhioHealth case, the monitor reports directly to DOJ and the State of Ohio with access to the health system's staff, contracts, and records over a five-year period. The volume of documentation required to satisfy a monitor over multiple years is substantial and is often the operational pain point compliance teams underestimate at settlement.

How is antitrust-driven compliance monitoring different from Stark Law and AKS Corporate Integrity Agreements?

The underlying statutes are distinct. Antitrust consent decrees address conduct under the Sherman Act and similar competition laws; CIAs typically resolve False Claims Act, Stark Law, or Anti-Kickback Statute allegations. The substantive compliance requirements differ — payer contract terms for antitrust versus physician arrangement documentation for Stark and AKS. However, the operational patterns share substantial overlap: multi-year monitoring, structured documentation requirements, periodic affidavits or reports, designated compliance leadership, and external oversight. Compliance officers managing both kinds of obligations face similar infrastructure requirements regardless of which statute drove the settlement.

What should compliance officers track from settlements like the OhioHealth decree?

Compliance officers in healthcare institutions should track three categories of signals from federal settlements: the underlying conduct that triggered enforcement, the specific compliance program obligations imposed, and the multi-year documentation infrastructure required to satisfy those obligations. Even when the underlying statute is outside an institution's primary risk surface, the operational patterns in settlement obligations often predict where federal enforcement is heading on adjacent statutes. The OhioHealth decree's 45-day affidavit cadence, quarterly reporting requirement, and five-year monitor engagement are operational benchmarks worth noting against any institution's current compliance program infrastructure.

Closing Note

The OhioHealth consent decree is an antitrust matter, and institutions facing antitrust questions should engage qualified antitrust counsel. But the compliance program obligations the decree imposes are operationally similar to Corporate Integrity Agreements that already define how multi-year federal monitoring works in healthcare. The institutions that build documentation infrastructure capable of satisfying a five-year monitor — on any statute — are also the institutions that surface arrangement- level compliance risks before federal inquiry begins.

For compliance officers evaluating their current infrastructure against the obligations OhioHealth now faces, the question worth asking today is not whether your institution will face an antitrust matter. It is whether your current documentation infrastructure could survive five years of monitoring on the statutes your institution is already exposed to.