DOJ recovered $5.7 billion in healthcare fraud in FY2025 alone. Across ArrowISE's 18-case enforcement library, ten federal settlements from 2020 through early 2026 account for $1.313 billion in combined recoveries (with Independent Health structured as up to $98M) — institutions ranging from regional hospital systems to one of the largest integrated payer-providers in the country.
The cases vary enormously in size: from Memorial Health (Savannah) at $9.89 million to Kaiser Permanente at $556 million. They span geography, institution type, and arrangement structure. But when analyzed against the operational failures their settlement narratives document, the ten cases group cleanly into three categories. Each category represents a distinct kind of compliance gap. Each requires a distinct operational response.
If you're a Chief Compliance Officer, healthcare General Counsel, or CFO at a hospital or health system, your portfolio almost certainly has exposure to at least one of these three categories. The question is whether your compliance program is built to catch the failures before federal investigators do.
Category 1: Stark Law FMV and Compensation Arrangement Failures
Six cases. $565 million in combined settlements.
The largest category in ArrowISE's enforcement library involves Stark Law violations arising from physician compensation arrangements where Fair Market Value documentation, compensation methodology, or referral-based compensation structures failed to meet the law's strict liability standard.
The cases:
| Case | Settlement |
|---|---|
| Community Health Network | $345M |
| Halifax Health (Medical Director) | $85M |
| Tuomey Healthcare | $72.4M |
| UPMC (Stark Neurosurgery) | $38M |
| Mercy Health (self-disclosed) | $14.25M |
| Memorial Health (Savannah) | $9.89M |
What this category tells compliance officers:
Physician compensation arrangements are the single largest source of federal Stark Law enforcement exposure in ArrowISE's library. Across these six cases, three operational sub-patterns recur:
First: FMV documentation that drifted out of sync with actual compensation. Stark Law requires that compensation under most exceptions reflect fair market value — not historically, not approximately, but at the time the compensation is paid. The Tuomey case settlement narrative documented FMV drift as a central operational failure. The Community Health Network case documented valuation-firm manipulation — instances where outside FMV opinions were obtained but their substance was disregarded when actual compensation was set. This pattern is the most common operational failure in Stark enforcement: an arrangement defensible when written becomes increasingly indefensible as time passes without refresh. Medical directorship compensation that was at the 53rd percentile in 2022 may sit at the 78th percentile in 2026 — through nothing more than market drift.
Second: Compensation methodologies that took into account the volume or value of referrals. The bona fide employment exception, personal services exception, and most other Stark exceptions explicitly require that compensation not be determined in a manner that takes into account the volume or value of referrals between the parties. The UPMC and Halifax Health cases both documented volume/value-based productivity bonuses as the operational pattern that drove enforcement. Compensation methodology must be defensibly documented, not just present.
Third: Documentation that existed but could not be produced when needed. The UPMC Stark Neurosurgery case and others in this category involved arrangements where the institution believed documentation existed but could not assemble it efficiently when federal subpoenas arrived. The average cost to assemble physician arrangement documentation in response to a DOJ subpoena is $30,000–$80,000 in outside counsel fees alone — and that's before any settlement amount.
The compliance question every CCO should ask: Can my organization produce, in under 30 minutes, a current FMV opinion supporting every active physician compensation arrangement — together with element-by-element evidence that the applicable Stark exception is satisfied?
If the honest answer is "no" or "I'd need to check," the portfolio has exposure to this $565 million category.
Category 2: Anti-Kickback Safe Harbor Failures
One prominent case. $31.5 million in settlement.
The Anti-Kickback Statute (AKS) provides safe harbors — specific operational conditions that, if met, immunize the arrangement from AKS prosecution. The personal services safe harbor at 42 CFR §1001.952(d) requires seven specific elements. The space rental safe harbor at 42 CFR §1001.952(b) requires similar specificity. Most safe harbors have between five and ten required elements.
The Fresno Community Health PNA/AKS case, settled at $31.5M, is the clearest example in ArrowISE's library of safe harbor failure as the underlying compliance gap. The case involved physician arrangements where the institution had attempted to structure the arrangements within an AKS safe harbor framework but failed to satisfy every required element. Fresno Community Health documented in its settlement the operational pattern of EHR safe-harbor exceedance and sham clinical-integration bonuses — concrete operational labels that translate the violation into auditable control failures.
What this category tells compliance officers:
Safe harbor compliance is binary. Partial compliance does not provide partial protection. An arrangement either meets every element of an applicable safe harbor or it does not — and if it does not, AKS prosecution is on the table even if the underlying business arrangement was substantively defensible.
This is the most operationally specific category in healthcare enforcement. Unlike Stark Law violations, which often involve complex FMV interpretation disputes, AKS safe harbor failures usually involve concrete operational gaps: a written agreement that wasn't executed before services commenced; a term that didn't cover all services; compensation that wasn't set in advance; commercial reasonableness that wasn't contemporaneously documented.
Three operational patterns underlie this category:
First: Element-by-element documentation that doesn't exist. Most compliance programs document that a safe harbor "applies" to an arrangement without documenting evidence that each individual element is satisfied. Without element-by-element evidence, the institution cannot defensibly assert safe harbor protection when investigated.
Second: Operational drift from contractual specifications. A written agreement may specify that a physician provides 40 hours of medical director services per month, but operational reality may diverge — fewer hours, different services, or different compensation than originally contracted. Safe harbor protection requires consistency between what's written and what actually occurs.
Third: Commercial reasonableness that wasn't documented at the time the arrangement was structured. Many safe harbors require demonstrated commercial reasonableness. Post-hoc commercial reasonableness analysis after enforcement begins is materially weaker than contemporaneous documentation.
The compliance question every CCO should ask: For every physician arrangement claiming safe harbor protection, can I produce element-by-element evidence that every required element of the applicable safe harbor is satisfied — and that the operational reality matches the contracted specification?
If the honest answer requires hours of preparation rather than minutes, the portfolio has exposure to this category.
Category 3: Medicare Advantage Coding and Risk-Adjustment Fraud
Three cases. $716.85 million in combined settlements (with Independent Health structured as up to $98M).
The fastest-growing category in federal healthcare enforcement is Medicare Advantage risk-adjustment fraud — cases where insurers and provider organizations submitted diagnosis codes that increased risk-adjustment payments from CMS without adequate clinical documentation supporting those diagnoses.
The cases:
| Case | Settlement |
|---|---|
| Kaiser Permanente (Medicare Advantage) | $556M |
| Independent Health (Medicare Advantage) | up to $98M |
| Seoul Medical Group (Medicare Advantage) | $62.85M |
What this category tells compliance officers:
Medicare Advantage now covers more than half of all Medicare beneficiaries. The financial structure of MA — where insurers receive higher capitated payments for patients with more severe diagnoses — creates incentive structures that DOJ has prioritized for enforcement. The Kaiser Permanente settlement at $556M is the largest single MA risk-adjustment case in federal healthcare history.
Unlike Stark Law and AKS cases, MA risk-adjustment cases are not strictly about physician arrangement compliance. They are about coding accuracy and documentation integrity — whether the diagnoses billed to CMS are supported by contemporaneous clinical evidence in the patient record.
But the operational discipline required to prevent MA risk-adjustment failures shares significant DNA with Stark/AKS compliance:
First: Contemporaneous documentation. MA risk-adjustment requires that diagnoses billed in a given year be supported by clinical evidence documented during that year. The Independent Health settlement documented retrospective chart review as the operational pattern of concern — chart reviews conducted after billing periods to "find" diagnoses retrospectively. Documentation reconstructed after the fact has become a focus of DOJ enforcement.
Second: Audit trail integrity. When CMS audits MA risk-adjustment data, it requires demonstration that the documented diagnoses reflect actual clinical conditions assessed during the relevant period. Institutions that cannot produce contemporaneous documentation supporting their billed diagnoses face significant settlement exposure.
Third: Operational consistency between coding and clinical reality. The Kaiser case documented diagnosis-code asymmetry — billed diagnoses that did not consistently reflect documented clinical care. The Seoul Medical Group case documented fabricated diagnosis codes alongside a radiology-group conspiracy — among the most severe MA risk-adjustment patterns prosecuted to date. This is the MA-specific version of the operational drift pattern observed in Stark/AKS cases.
The compliance question every CCO should ask: For Medicare Advantage diagnoses being billed by my organization, do I have contemporaneous clinical documentation supporting every billed diagnosis — and can I produce that documentation under audit conditions?
Healthcare organizations participating in MA programs — whether as providers, payers, or both — face material exposure to this growing category of enforcement.
The Underlying Pattern Across All Three Categories
Across all three categories — totaling $1.3 billion in federal recoveries from just ten cases — one underlying operational discipline appears to separate institutions that settled for the lowest amounts from those that settled for the highest:
The ability to produce comprehensive, contemporaneous documentation quickly when federal investigators arrive.
Institutions that could demonstrate that their compliance programs caught issues, that documentation supported clinical and contractual decisions, and that operational reality matched documented specifications — these institutions typically reached settlements at materially lower amounts than institutions whose documentation gaps prolonged investigations and signaled systemic compliance weakness.
The institutions with the highest settlements in ArrowISE's library generally shared characteristics that predicted enforcement exposure: physician arrangement data tracked in spreadsheets, FMV documentation stored across email archives and shared drives, safe harbor compliance asserted but not element-by-element documented, MA diagnoses billed without contemporaneous chart support, audit response capability measured in weeks rather than minutes.
The institutions in this enforcement library represent a population of healthcare organizations that, between 2020 and 2026, learned the same lesson: compliance programs built on tools that weren't designed for the work eventually fail when tested.
The Operational Audit Every Healthcare Organization Should Run This Quarter
Run your portfolio against these six questions:
For Category 1 (Stark FMV/Compensation Arrangements):
- Can you produce current FMV opinions supporting every active physician compensation arrangement in under 30 minutes?
- Has every compensation increase or modification since the underlying FMV opinion been validated against that opinion's documented range?
For Category 2 (AKS Safe Harbor):
- For every physician arrangement claiming safe harbor protection, can you produce element-by-element evidence that every required element is satisfied?
- Does the operational reality of each arrangement match what's documented in the written agreement?
For Category 3 (Medicare Advantage):
- For Medicare Advantage diagnoses being billed, do you have contemporaneous clinical documentation supporting every billed diagnosis?
- Are diagnoses being added through retrospective chart review or contemporaneously during clinical care?
If the honest answer to any of these six questions is "no" or "I'd need to check," the portfolio has exposure that matches patterns from ArrowISE's enforcement library.
Where ArrowISE Fits
ArrowISE is purpose-built compliance infrastructure for physician arrangements under Stark Law, Anti-Kickback Statute, and OIG regulatory frameworks. The platform addresses Categories 1 and 2 directly:
For Category 1 (Stark FMV/Compensation): Real-time FMV expiration alerts at 90, 60, and 30 days before opinions expire. Compensation drift detection against documented FMV ranges. Element-by-element evidence of Stark exception compliance. Hash-chained audit trail showing every modification to every arrangement.
For Category 2 (AKS Safe Harbor): Element-by-element safe harbor validation walking through every required element of the applicable safe harbor. Evidence capture for each element with timestamped documentation. Operational reality verification against written contract specifications.
For Category 3 (Medicare Advantage): MA risk-adjustment compliance is adjacent to ArrowISE's current product focus. The operational discipline required — contemporaneous documentation, audit trail integrity, operational consistency — shares significant DNA with the Stark and AKS workflows ArrowISE addresses today. The Medicare Advantage category is on ArrowISE's product roadmap horizon as the platform expands.
The Practice tier of ArrowISE — sufficient for most physician groups and mid-size practices — costs $1,990 per year. The Health System tier — appropriate for institutions in the size range of several settling institutions in this analysis — costs $9,990 per year. The 10 cases referenced here cost their institutions $1.313 billion in combined federal recoveries (with Independent Health structured as up to $98M).
The math is not subtle.
Conclusion
Three categories of federal healthcare compliance enforcement. Ten cases. $1.3 billion in recoveries from a single five-year window. None of the patterns are new. None of the operational gaps are unfamiliar. None of the settlement amounts would have surprised the institutions involved if they had been told, at the time the arrangements were structured, what would happen by the time DOJ investigators arrived.
What changed for each institution was time — and the gradual operational drift that occurs when compliance programs depend on tools that weren't built for the work.
DOJ recovered $5.7 billion in healthcare fraud in FY2025 alone. The institutions that contributed to that number did not choose to violate the law. They built compliance programs on tools that weren't designed to catch the patterns documented above.
There is now a tool that is.
settlementAmount and violationType
structured data); DOJ FY2025 False Claims Act recovery
announcement; 2024 OIG General Compliance Program Guidance
(November 2023); 2026 OIG Medicare Advantage Industry
Segment-Specific Compliance Program Guidance (February 2026);
42 CFR §1001.952 Anti-Kickback safe harbor regulations;
42 CFR §411.357 Stark Law exceptions. Primary source
materials available on the
OIG Compliance Guidance page.
ArrowISE has no affiliation with HHS-OIG, DOJ, CMS, or any
government agency. Case names appear here solely to identify
publicly documented enforcement actions.