Why this framework, now
This is a self-audit you can run today. Seven tests — FMV currency, Stark exception completeness, compensation independence, Anti-Kickback intent, contemporaneous documentation, exclusion screening, and audit trail integrity — each with a clear pass and a clear fail. It is written for the standard that took shape in 2026, not the one that applied when most programs were designed.
Three developments moved that standard. The OIG's April 23, 2026 FAQ update restated that fair market value and Stark exception fit do not shield an arrangement from the Anti-Kickback Statute (covered in FMV Alone Won't Save You). The February 2026 Medicare Advantage compliance guidance and expanded Corporate Integrity Agreement terms reinforced it. And FY 2025 produced record enforcement — roughly $6.8 billion in False Claims Act recoveries and 1,297 qui tam filings (see The $6.8 Billion Signal). Programs built for a smaller enforcement footprint tend to have gaps they have not yet been made to find.
Each test below takes about thirty minutes; the full audit is an afternoon. Run it honestly and it will surface gaps — that is the point of running it yourself rather than waiting for someone else to. The underlying legal framework is set out in Stark Law vs Anti-Kickback Statute; what follows is the operational check. Programs that find the gaps are structural have one path in the design partner program; more on that at the end.
A word on what this is and is not. A self-audit is diagnostic: you run it to find gaps before a regulator, an auditor operating under a Corporate Integrity Agreement, or a whistleblower does. It carries no consequences of its own, which is exactly why it is worth running honestly. The value is in scoring your program against the standard an external review would apply — on your own schedule, while remediation is still cheap and quiet rather than mandated and public.
Test 1 — FMV opinion currency
Are fair market value opinions current across all active physician compensation arrangements?
Why It Matters. Most Stark compensation exceptions, including the personal services exception at 42 C.F.R. § 411.357(d), require compensation consistent with fair market value. FMV must be current when the arrangement is entered and maintained across its term; a lapsed opinion is among the most common exception failures.
How To Run The Test.
- Export a list of every active arrangement from your tracking system.
- For each, locate the most recent FMV opinion and its date.
- Flag any opinion older than 24 months.
- For flagged items, confirm the compensation has been re-benchmarked against current survey data (for example MGMA or SullivanCotter).
Passing Looks Like: every active arrangement has an FMV opinion under 24 months old, and the refresh cadence is written into policy rather than handled ad hoc.
Failing Looks Like: any active arrangement without a current opinion, or a refresh cadence that exists only in practice and is not documented.
Common Failure Pattern. FMV drift accumulates quietly: a portfolio can be several opinions past due before anyone notices, because a spreadsheet records the opinion date but does not flag its age. The Halifax Health matter ($85 million, 2014) turned on employed-physician compensation that strayed from a defensible basis. The refresh framework is developed in FMV Refresh Cadence.
Test 2 — Stark exception element completeness
For each arrangement, is every element of the applicable Stark exception documented and verifiable?
Why It Matters. The Stark Law (42 U.S.C. § 1395nn) is strict liability: a single missing element defeats the exception, regardless of intent, and the resulting claims are not payable. The OIG's General Compliance Program Guidance treats element-by-element documentation as foundational. Because liability does not depend on intent, a good-faith arrangement that simply fails to document one element is in the same position as a deliberate one; the exception is all-or-nothing.
How To Run The Test. For a personal services arrangement under 42 C.F.R. § 411.357(d), confirm each element is documented and locatable:
- A written agreement, signed by the parties, specifying the services.
- Coverage of all services the physician furnishes to the entity.
- A term of at least one year.
- Compensation set in advance, consistent with fair market value, and not varying with the volume or value of referrals.
- Commercial reasonableness even if no referrals were made.
- No arrangement to counsel or promote unlawful business.
Passing Looks Like: every element is documented and can be located in under five minutes per arrangement.
Failing Looks Like: any element undocumented, or documentation that has to be reconstructed to answer the question.
Common Failure Pattern. Programs satisfy the visible elements — a signed agreement, an FMV figure — and leave commercial reasonableness or the volume-or-value condition thinly documented. The Tuomey Healthcare matter ($237 million judgment, settled for $72.4 million in 2015) is the canonical example of an arrangement that failed the volume-or-value condition.
Test 3 — Compensation independence from referral volume or value
Is compensation structured so that no component varies with the volume or value of federal-program referrals?
Why It Matters. This condition sits at the center of both Stark compensation exceptions and Anti-Kickback intent analysis. It is where the largest matters have been decided, and the April 2026 OIG guidance makes the intent dimension independently reviewable.
How To Run The Test. Review each compensation formula and ask:
- Does base compensation reference or track referral generation?
- Do productivity bonuses scale with referral volume, directly or indirectly?
- Do quality or satisfaction bonuses correlate with referrals through how the metric is designed?
- Is there any tacit understanding — in emails or meeting minutes — tying compensation to referrals?
Passing Looks Like: compensation methodology is independent of referrals, documented in the compensation policy, and periodically confirmed in board minutes.
Failing Looks Like: any component that references referral volume or value, or any gap in the documentation of independence.
Common Failure Pattern. Community Health Network ($345 million, December 2023 — the largest Stark-based False Claims Act settlement in DOJ history) alleged physician salaries set above fair market value in exchange for referrals. The failure is rarely explicit; it is a formula that moves with referral generation while the file says it does not. Wage-per-work-unit models, collections-based splits, and quality bonuses whose metrics correlate with downstream ordering can each drift into the volume-or-value zone without a single line that names referrals — which is why the test examines how the formula behaves, not only how it is described.
Test 4 — Anti-Kickback intent analysis
Does each arrangement have documented, contemporaneous analysis addressing Anti-Kickback intent, not just Stark exception fit?
Why It Matters. This is the test most programs fail, and the one the 2026 standard added. The OIG's April 23, 2026 FAQ update (revised FAQ 4 and new FAQ 17) stated that Stark compliance and fair market value do not shield against the Anti-Kickback Statute (42 U.S.C. § 1320a-7b(b)); intent must be analyzed on its own terms (see FMV Alone Won't Save You).
How To Run The Test. For each arrangement, locate documentation addressing:
- Whether any purpose of the remuneration is to induce referrals.
- Whether the arrangement fits an Anti-Kickback safe harbor (42 C.F.R. § 1001.952).
- Whether the arrangement is commercially reasonable independent of referrals.
- Whether the written agreement's terms match actual conduct.
- Whether any off-record remuneration — gifts, marketing support, free items — accompanies the deal.
Passing Looks Like: each arrangement has a documented intent analysis dated near its start and refreshed on material changes.
Failing Looks Like: analysis that is missing, retrospective, or addresses only Stark fit — the pre-April 2026 posture the OIG named as insufficient.
Common Failure Pattern. Most spreadsheet-based systems have no structured field for Anti-Kickback intent at all. The gap is typically discovered at the next external audit or, worse, in a whistleblower filing — of which FY 2025 produced 1,297.
The distinction is not academic. An FMV opinion and a satisfied Stark exception can sit in the file while the question of purpose has never been written down. When a reviewer asks for the intent analysis and the honest answer is that the program never produced one, the gap is not a documentation lapse to be backfilled — it is the absence of the analysis the April 2026 guidance now expects, and backfilling it after the question is asked is the reconstruction Test 5 is designed to catch.
Test 5 — Contemporaneous documentation
Is the documentation supporting each arrangement contemporaneous rather than reconstructed?
Why It Matters. Auditors and whistleblowers distinguish records created during an arrangement's lifecycle from records assembled for an inquiry. Reconstruction is a red flag, and it is one an adversarial insider is well positioned to expose (see The Spreadsheet Gap).
How To Run The Test. For three arrangements chosen at random, examine the creation timestamps on:
- The FMV opinion.
- The executed agreement.
- The Stark exception analysis.
- The Anti-Kickback intent analysis.
- Any modifications to the arrangement.
Passing Looks Like: timestamps align with the arrangement lifecycle, and every edit is captured with a user and a time.
Failing Looks Like: documents created in bulk — all dated the week before an audit — missing timestamps, or edits that leave no trace.
Common Failure Pattern. Spreadsheet-based tracking is structurally unable to prove contemporaneousness: the only timestamp is the file's, and it is trivially modifiable. The record cannot vouch for its own timeline.
Test 6 — Exclusion screening currency
Has every arrangement counterparty been screened against the OIG LEIE and applicable state lists within the past 30 days?
Why It Matters. Payments to an excluded individual or entity are non-payable regardless of how compliant the arrangement otherwise is, and the exposure has a strict-liability character. The OIG recommends monthly screening because the List of Excluded Individuals and Entities is updated monthly. A single payment to an excluded provider can convert an otherwise-compliant arrangement into an overpayment and civil-monetary-penalty exposure, and the screening obligation reaches referral sources and contractors, not only employees.
How To Run The Test.
- Pull screening logs from the past 30 days.
- Confirm 100% coverage of active arrangement counterparties.
- Confirm the check ran against the current LEIE and the relevant state exclusion lists.
- Confirm any hits are documented and resolved.
Passing Looks Like: 100% coverage within the past 30 days, on an automated cadence.
Failing Looks Like: any counterparty unscreened, or state-list coverage absent.
Common Failure Pattern. State exclusion lists are the usual miss — Texas, California, Ohio, and others each maintain separate lists that a federal-only LEIE check will not cover.
Test 7 — Audit trail integrity
Is your arrangement audit trail tamper-evident — would a forensic auditor detect after-the-fact edits?
Why It Matters. Documentation integrity is what separates evidence from data. If a record cannot demonstrate that it was not altered, its contents prove less than they appear to (see The Spreadsheet Gap and the security overview).
How To Run The Test. For one arrangement, ask:
- Can I change the FMV opinion date after the fact without a detectable trace?
- Can I edit the compensation amount without a record?
- Can I delete a Stark analysis without evidence of the deletion?
- Is the audit log itself editable?
Passing Looks Like: every field change is captured with a timestamp, a user identity, and the prior value, and the audit log itself is immutable.
Failing Looks Like: spreadsheet-based tracking (never tamper-evident), or a GRC tool without field-level audit history.
Common Failure Pattern. Programs discover the gap when a whistleblower produces internal records that do not match the "audit trail" shown to regulators — at which point the mismatch, not the underlying arrangement, becomes the problem.
What to do with your results
Passed all seven. The program is operating at the post-April 2026 standard. The remaining risk is consistency at scale: do these tests pass for every arrangement, or only the ones you spot-checked? A program passes a self-audit on a sample; it survives an external review on the whole portfolio, which is a different and harder claim.
Failed one or two. Targeted remediation is achievable. Prioritize Test 4 (Anti-Kickback intent) — it is the fastest to close and the highest enforcement priority.
Failed three or more. The program needs infrastructure, not remediation. Spreadsheet-based tracking cannot pass Tests 4, 5, and 7 at any scale, because those tests are about structured intent capture and tamper-evidence that a spreadsheet does not provide. This is not a failure of diligence; it is the ceiling of the tool. A team can maintain an immaculate spreadsheet and still fail Tests 4, 5, and 7, because those tests ask the record to do something a spreadsheet was never built to do. The enforcement library and methodology describe what the alternative looks like; the quarterly audit cadence describes how to keep it current.
Unsure. Run Test 4 first. If Anti-Kickback intent analysis is missing across the portfolio, the other tests are usually failing too.
The cohort building infrastructure that passes all seven
The ArrowISE Design Partner Cohort is five hospital compliance programs building infrastructure where these seven tests pass by design — FMV currency and Stark elements scored, Anti-Kickback intent captured as a first-class field, exclusion screening on cadence, and a tamper-evident audit trail underneath all of it.
Applications open July 15, 2026, and the cohort begins August 15. It is a six-month program with direct founder access and a reference commitment; conversion at cohort end is at a locked rate, 50% off the standard enterprise price. The full criteria and the application are on the design partner program page.
The seven tests take an afternoon to run. Building compliance infrastructure where they pass every quarter, at audit-defensible quality, is what the design partner cohort is doing. Applications open July 15.