The lesson: a defensible opinion is necessary but not sufficient. Fair market value cannot exist in a vacuum. It must be informed by reality. Organizations need both credible opinions and a proactive compliance framework that produces them routinely, not reactively.
That distinction mirrors a larger shift in American healthcare, from reactive “sick care” toward proactive “health care.” Sick care produces worse outcomes, wastes resources, and drives costs higher. Regulatory compliance deserves the same reckoning.
The governance function inside most provider organizations remains stuck in a reactive posture. Too often, compliance is treated as an outside force, a check on the business, rather than a partner in it. That separation is a mistake. Effective compliance must be embedded in operations, not imposed after decisions have been made.
Consider how provider financial arrangements actually arise. Leadership teams need to establish relationships with referring providers, yet hospitals traditionally handle this transaction by transaction, forcing stakeholders to react in real time. In today’s enforcement environment, even ordinary business terms can look risky. Walking away is rarely an option because it can compromise patient care. So, executives negotiate under pressure, generating real compliance exposure for themselves and their organization.
The remedy is to move from reacting to anticipating. A proactive framework reduces both legal and business risk, preserves the ability to enter sound arrangements quickly, keeps one-off “exceptions” from becoming standard practice, and lowers the overall cost of compliance. This only works when compliance operates as part of the business team. It also transforms the FMV opinion from an after-the-fact bandage into a routine output of sound governance grounded in actual market conditions, not reverse-engineered to justify a predetermined compensation figure.
The Department of Justice’s (“DOJ”) Evaluation of Corporate Compliance Programs reinforces this approach. The guidance asks three questions: Is the program well designed? Is it adequately resourced? Does it work in practice? DOJ emphasizes whether compliance personnel have “sufficient direct or indirect access to relevant sources of data” and whether the company is “appropriately leveraging data analytics.” A former DOJ official recently described risk assessment as “the building block of the compliance program.” The message: proactive, data-driven compliance is what DOJ looks for when deciding how to treat an organization under scrutiny.
Most organizations already have compliance processes in place. The problem is what is missing: a key control absent here, thin documentation there, or a process that exists on paper but does not reduce risk. Without consistent processes, clear roles, and periodic contract reviews, gaps open up, raising the odds of payments that drift outside fair market value or fall out of step with the contract.
The scale of the problem is evident in The Centers for Medicare & Medicaid Services’ Self-Referral Disclosure Protocol data. Since 2011, aggregate settlements have exceeded $105 million, with 2025 producing the highest individual settlement on record. The volume reflects the Stark Law’s strict liability regime, where even inadvertent violations carry significant consequences. But it also reflects a regulatory environment that rewards proactive disclosure: hospitals that self-report have resolved cases at reduced damages multipliers rather than treble damages. Organizations that detect problems early fare better than those that wait to be caught.
The deeper shift is conceptual. Organizations have long treated business risk and compliance risk as a trade-off. That framing is wrong. Weak governance raises both risks together, not in opposition. The compliance function and the business must operate as partners because the risks they face are shared.
As value-based payment models grow, monitoring provider behavior becomes essential. Good monitoring does more than flag risk; it points toward the fix. Continuous, disciplined monitoring is one of the most reliable ways to lower business and compliance risk simultaneously. A single weak point can carry severe consequences, as a long line of enforcement cases demonstrates.
DOJ has made clear that organizations with effective compliance programs will “reap the benefits” when things go wrong. Under DOJ’s corporate enforcement policy, companies that voluntarily self-disclose, cooperate, and remediate can avoid prosecution entirely. Even those that fall short may receive fine reductions of 50 to 75 percent and avoid an independent compliance monitor. Proactive compliance is not just a defense against liability. It is leverage when problems arise.
The Erlanger Health System case illustrates these risks starkly. According to DOJ, the health system “sidelined” its compliance department after its 2010 corporate integrity agreement, itself the product of a $40 million settlement for the same kind of Stark violations, expired, reducing the Chief Compliance Officer to a non-voting member of the physician contracting committee and eventually terminating her. The CCO and former CFO later filed a False Claims Act lawsuit alleging Stark violations, and in early 2026 a federal court allowed the case to proceed. Because the court accepted DOJ’s representative examples, the government may now seek discovery across every physician agreement, so exposure could far exceed the $27.8 million Medicare paid on the sample claims. Erlanger signals clearly that a third-party FMV opinion does not guarantee protection. DOJ has not disputed that Erlanger used outside experts. It has argued that compensation was structured around downstream referral revenue, regardless of what those
opinions said.
Erlanger is not isolated. In 2024, DOJ resolved multiple high-profile Stark and Anti-Kickback cases, including a $42.5 million settlement with a Delaware health system, and enforcement carried into 2025, including a $31.5 million settlement with a California health system over inducements to referring physicians. In several cases, the whistleblowers were insiders, including CCOs, CFOs, and senior executives. As one attorney observed: “Unless you’re sure your 500 employees all love you and wouldn’t want you to ever be in trouble, everyone is a potential whistleblower.” The Erlanger CCO and CFO are only the latest insiders who became relators.
The lesson: dismantling compliance infrastructure once enforcement pressure passes or marginalizing compliance so it cannot participate in business decisions invites precisely the conduct that triggered enforcement in the first place. Compensation arrangements justified by downstream referral revenue attract government scrutiny, even when certified by a consultant. Fair market value cannot exist in a vacuum. It must reflect the actual services rendered, the genuine need for them, and a business rationale independent of any referral stream.
There is also growing recognition that FMV data itself may be compromised. One attorney has argued that valuation benchmarks have been distorted by the very compensation practices now under scrutiny: “Everyone is obsessed with fair market value but the data on which the appraisal has been done has to be clean data.” When hospitals overcompensate physicians and that compensation feeds back into benchmarks, the result is “a cycle of inflated numbers” disconnected from genuine market conditions. A proactive framework must ensure valuations are grounded in operational needs, not just survey data.
No organization can eliminate risk entirely. The right goal is a compliance governance structure that lets the organization identify and contain risk fast enough to protect its patients, providers, stakeholders, and itself. That structure works only when compliance is woven into the fabric of the business, present when arrangements are conceived, not brought in afterward to bless or block them. Proactive governance remains the foundation of sustainable compliance.