$14.25M

Mercy Health — $14.25M Stark Law Settlement (Self-Disclosed)

DOJ Civil Division · May 9, 2018 · False Claims Act · Stark Law · Self-disclosed

What happened

In May 2018, Mercy Health — a Cincinnati-based nonprofit operating hospitals in Ohio and Kentucky — agreed to pay the United States $14.25 million to resolve allegations that it violated the False Claims Act through improper financial relationships with referring physicians. The structural fact distinguishing this case in the ArrowISE enforcement library: Mercy Health discovered the violations itself through an internal audit and self-disclosed them to the government.

The settlement resolved allegations that Mercy Health paid compensation to six employed physicians — one oncologist and five internal medicine physicians — that exceeded the fair market value of their services. Under the Stark Law's bona fide employment exception, hospital compensation to employed physicians must be consistent with fair market value and must not be determined in a manner that takes into account the volume or value of referrals. The six arrangements at issue failed the FMV element.

The self-disclosure context

Mercy Health's spokeswoman publicly framed the disclosure this way: "During an internal audit, Mercy Health learned that it made errors in the administration of a small number of physician arrangements." The company invoked the HHS-OIG Self-Disclosure Protocol — the formal mechanism by which healthcare providers can voluntarily report irregularities to the government in exchange for the opportunity to negotiate a reduced settlement and avoid Medicare exclusion.

The 2018 settlement landed at a structurally significant moment for Mercy Health: just six months before its merger with Bon Secours Health System was finalized in September 2018, creating Bon Secours Mercy Health (BSMH) — one of the largest Catholic health systems in the U.S. with $8 billion in net operating revenue. Resolving the Stark exposure before close is a textbook M&A compliance-hygiene pattern: the acquiring system inherits the target's compliance liability unless it is fully reserved or resolved pre-transaction. Mercy Health's self-disclosure cleared the runway.

Mercy Health did not admit wrongdoing. The DOJ's announcement — from Acting Assistant Attorney General Chad A. Readler, head of the Civil Division — emphasized the structural concern: "When physicians are rewarded financially for referring patients to hospitals or other health care providers, it can affect their medical judgment, resulting in overutilization of services and higher health care costs." The framing matters: even with self- disclosure, DOJ chose to highlight the harm theory rather than the disclosure cooperation. Self-disclosure reduces the settlement amount; it does not change the regulatory framing of the underlying conduct.

Why this matters — for compliance officers

Three things compliance officers at hospitals and health systems should hold onto from this case:

1. Self-disclosure is the right answer — and it is not free. $14.25 million is the price of doing the right thing in this case. The Self-Disclosure Protocol exists to incentivize voluntary reporting, but the discounts available through it are partial, not exonerating. Compliance programs that discover a Stark issue and assume self-disclosure will be cheap should price the actual range: typically 1.5× single damages plus a modest multiplier, often without a CIA but with full repayment of Medicare receipts attributable to the affected arrangements. For a hospital system, a discovered Stark violation in six arrangements can easily reach eight figures.

2. Internal audit programs are how this gets caught early enough to self-disclose at all. Mercy Health's spokesperson explicitly cited the internal audit as the discovery mechanism. The compliance-program implication is structural: if your physician-arrangement compliance audit cycle is annual or longer, you may not surface the issue while self-disclosure economics are still favorable. A contemporaneously monitored arrangement registry surfaces drift in weeks, not years.

3. M&A timing is its own enforcement consideration. Mercy Health resolved the Stark exposure six months before closing the Bon Secours merger. Compliance officers at organizations contemplating or undergoing M&A activity should treat physician-arrangement diligence as a transaction work-stream, not a post-close cleanup item. Buyer-side diligence increasingly scopes the seller's arrangement registry, FMV opinions, and audit cycle — and any unresolved exposure surfaces in indemnification reserves or deal-price adjustments.

What ArrowISE learns from this case

This is a Direct-relevance case. The Mercy Health fact pattern is the simplest variant of the structural triad established by the prior Direct cases: compensation above FMV in employed-physician arrangements, bona-fide-employment-exception element failure, contemporaneous documentation gaps that surfaced through internal audit only after the arrangements had been in operation. ArrowISE's Defensibility Index is designed specifically to surface this pattern in months instead of years — while self-disclosure economics still apply.

Defensibility Index Dimensions Implicated

FMV Currency (30% weight): The six arrangements at issue paid compensation above FMV. ArrowISE's FMV Sentinel tracks contemporaneous opinion + actual paid compensation per arrangement. Divergences surface at 90/60/30 days, providing the early-warning window self-disclosure economics require.
Safe-Harbor Completeness (25% weight): The Stark Law's bona fide employment exception (42 CFR §411.357(c)) is the specific provision implicated. ArrowISE's Safe-Harbor Element Validation walks each arrangement through the element-by-element test — including the FMV element that Mercy Health's six arrangements failed.
External Assessment Currency (10% weight): Mercy Health's internal audit was the discovery mechanism. Organizations operating without an explicit internal audit cycle for physician arrangements are structurally late to self-disclosure. ArrowISE's audit-evidence export produces the documentation an internal auditor needs to support a Stark-arrangement review on a quarterly cadence.

See the Defensibility Index methodology for how these weights combine into the composite 0–100 score.

Schena-Shield™ pattern rules informed by this case:

Rule ID	Pattern detected	How ArrowISE addresses it
SS-PA-10	Compensation above FMV in small clusters of arrangements (typically 1-10 physicians) that share an administrative or compensation-formula common origin	Directly addressed. The Arrangements Registry surfaces cohort-level patterns: when multiple arrangements with shared administrative attributes (same hire date range, same recruiter, same comp model template, same medical group) all show FMV drift, the Schena-Shield Score flags the cohort rather than just the individual arrangements. Cohort flagging is what internal audit needs to scope a self-disclosure investigation.
SS-PA-11	Arrangement administration errors that produce above-FMV outcomes despite intended compliance (the "errors in administration" framing Mercy Health publicly invoked)	Directly addressed. The FMV Sentinel does not assume malicious intent. Drift between contemporaneous FMV opinion and actual paid compensation surfaces whether the cause is intentional or administrative. Both produce the same enforcement exposure under the Stark Law's strict-liability framing.
SS-PA-12	Pre-M&A arrangement-portfolio review where the target system's physician-arrangement compliance may carry transaction-stage materiality	Directly addressed. ArrowISE's organization-level Defensibility Index produces a composite score that M&A diligence can scope and verify. Target systems with a transparent score + supporting per-arrangement evidence can offer buyers an objective measure of arrangement-compliance maturity.

Mercy Health is the fourth Direct case in the ArrowISE enforcement library, after Community Health Network, Fresno + PNA, and UPMC. Where those three cases involve allegations of intentional structural problems — valuation-firm manipulation, EHR safe-harbor exceedance, productivity-bonus referral correlation — Mercy Health is the case that shows what happens when a compliant-intent organization discovers its own Stark exposure through internal audit and chooses to self-disclose. The settlement amount is smaller; the operational lesson is bigger.

The numbers

Total settlement	$14.25 million
Disclosure mechanism	Voluntary self-disclosure (HHS-OIG Self-Disclosure Protocol)
Physicians implicated	6 employed (1 oncologist + 5 internal medicine)
Discovery mechanism	Internal audit
Stark Law provision	Bona fide employment exception (42 CFR §411.357(c)) — FMV element failure
Hospital footprint	Ohio and Kentucky (Cincinnati HQ)
Corporate Integrity Agreement	None publicly reported
Date DOJ announced	May 9, 2018
M&A context	Bon Secours / Mercy Health merger closed September 2018 (6 months later)

Self-disclosure economics depend on early detection. ArrowISE shortens the discovery window from years to weeks. The FMV Sentinel and Safe-Harbor Element Validation surface compensation drift contemporaneously — while the Self-Disclosure Protocol's settlement discounts still apply.
Book a 30-minute demo

Sources U.S. Department of Justice press release, May 9, 2018; Springfield News-Sun reporting (May 11, 2018); Healthcare Finance News (May 17, 2018); HHS-OIG Self-Disclosure Protocol framework. Last verified 2026-05-12.