Stark Law (Physician Self-Referral): Compliance Basics for Designated Health Services
9 min read · Last reviewed May 23, 2026
The federal Physician Self-Referral Law — commonly called the Stark Law after its primary sponsor — at 42 USC § 1395nn prohibits a physician from referring Medicare patients for designated health services (DHS) to an entity with which the physician (or an immediate family member) has a financial relationship, unless an exception applies. Implementing regulations sit at 42 CFR §§ 411.350-411.357. Stark is strict liability — intent does not enter the analysis. Documentation does.
What the law actually prohibits
The Stark prohibition has three working parts: a referral, a designated health service, and a financial relationship.
Designated health services are defined at 42 CFR § 411.351 and listed at 42 CFR § 411.351 (definition of DHS). The categories:
- Clinical laboratory services
- Physical therapy services
- Occupational therapy services
- Outpatient speech-language pathology services
- Radiology and certain other imaging services
- Radiation therapy services and supplies
- Durable medical equipment and supplies
- Parenteral and enteral nutrients, equipment, and supplies
- Prosthetics, orthotics, and prosthetic devices and supplies
- Home health services
- Outpatient prescription drugs
- Inpatient and outpatient hospital services
If a service is not on the DHS list, Stark does not reach it.
Financial relationship is defined to include both ownership/investment interests and compensation arrangements. Both direct and indirect relationships count. The indirect-compensation-arrangement analysis at 42 CFR § 411.354(c) is the technically most demanding element and where complex group-practice and joint-venture structures most often falter.
Referral is defined broadly at 42 CFR § 411.351 to include the request by a physician for the item or service, the establishment of a plan of care that includes the service, or the certification or recertification of need for the service. A physician ordering a lab test in the EHR is a referral.
Two structural consequences:
- Strict liability. A documentation defect, a missed signature, or an expired arrangement renders the underlying claims non-payable regardless of how the underlying clinical care was delivered or whether anyone intended to violate the statute.
- Per-claim exposure. Each non-payable claim is a separate exposure with its own refund, CMP, and FCA-by-recklessness analysis.
Exceptions and how they actually function
The Stark exceptions are at 42 CFR §§ 411.355 through 411.357. They are categorized into ownership-interest exceptions, compensation-arrangement exceptions, and exceptions applicable to both. Unlike AKS safe harbors, Stark exceptions are not voluntary — fitting an exception is the only way an otherwise-prohibited arrangement is permissible. Failure to fit any exception means the prohibition applies and the referral is non-compliant.
Exceptions most relevant to medical practices:
- In-office ancillary services at 42 CFR § 411.355(b). The cornerstone exception for group practices delivering DHS in-office (lab, imaging, PT). Three element groups: who performs (referring physician, group-practice physician, or supervised individual), where performed (same building or centralized building of the group practice), and who bills (referring physician, group, or wholly-owned entity).
- Physician services at 42 CFR § 411.355(a). Services personally performed or supervised by another group physician.
- Employment at 42 CFR § 411.357(c). Bona fide employment relationships with productivity-based compensation tied to the employee's personally-performed services.
- Personal service arrangements at 42 CFR § 411.357(d). Written, signed, one-year minimum, FMV, scope-defined.
- Rental of office space and equipment at 42 CFR §§ 411.357(a) and (b). Written lease, set rent at FMV, one-year minimum, commercial reasonableness.
- Bona fide investment in publicly-traded securities and mutual funds at 42 CFR § 411.356(a).
- Value-based arrangements at 42 CFR § 411.357(aa)–(cc). Added by the December 2020 Stark final rule.
- Limited remuneration to a physician at 42 CFR § 411.357(z). New 2020 exception covering up to a defined annual aggregate ($5,000-range, inflation-adjusted).
The group-practice definition at 42 CFR § 411.352 is itself a technical structure with its own elements: single legal entity, two or more physicians, full range of services through joint use of facilities and equipment, substantially-all-services test (75% threshold), unified business standard, and centralized decision-making. Many "groups" that operate informally as such fail one or more group-practice elements when examined.
How enforcement actually works
Stark trips practices that thought their in-office X-ray was covered under the ancillary services exception when in fact a same-building element or a group-practice element failed. Enforcement channels:
- CMS Self-Referral Disclosure Protocol (SRDP). Practices that identify a Stark exposure self-disclose to CMS through the SRDP process. CMS negotiates a settlement amount calculated against statutory factors, typically substantially below 1x of total claim value, depending on the nature of the violation and the cooperation of the disclosing entity.
- OIG SDP for Stark-with-AKS overlap. Where Stark exposure exists alongside AKS exposure, the matter goes to OIG SDP rather than SRDP — see our SDP guide.
- DOJ False Claims Act. Stark-tainted claims submitted with knowledge or reckless disregard of the violation are FCA-exposed. DOJ runs Stark-as-FCA cases, often initiated by qui tam relators under 31 USC § 3730.
- CMS audit channels. MAC, RAC, UPIC, and SMRC contractors can identify Stark exposure during billing reviews and refer to OIG or DOJ — see the Medicare TPE audit response guide.
Settlement values vary materially. SRDP self-disclosures have resolved in the high-five-figure to low-eight-figure range, dominated by lease and compensation-arrangement defects. DOJ Stark-as-FCA cases routinely settle in the seven- to nine-figure range with corporate integrity agreements.
What practices most often miss
The recurring Stark exposures across practice-side compliance reviews:
- Lease drift. A medical-office lease at FMV at execution; three years later the practice subleased a portion to a referring imaging center at a below-FMV rate. The lease exception failed on the FMV element the moment the sublease was signed.
- Group-practice element failure. A "group" that doesn't actually meet the 42 CFR § 411.352 elements — substantially-all services, unified business, centralized governance — cannot use the in-office ancillary services exception.
- Same-building or centralized-building defect. In-office ancillary services performed at a location that does not meet the same-building test under 42 CFR § 411.355(b)(2).
- Compensation tied to DHS volume. Productivity bonuses that include the value or volume of designated health services referred by the physician fail the personal-services exception and (for employees) the employment exception.
- Missing signatures or expired terms. The 90-day signature grace period at 42 CFR § 411.353(g) and the temporary noncompliance provisions at 42 CFR § 411.353(f) provide narrow cure paths. Outside those windows, the defect renders the arrangement non-compliant.
- Recruitment arrangements drift. Physician recruitment arrangements under 42 CFR § 411.357(e) have specific geographic and practice-establishment elements; drift in either dimension breaks the exception.
The arrangements that survive review are the ones with contemporaneous documentation: signed agreement, FMV opinion at execution, scope-of-services defined, annual review with a checked element list, and a cure-or-disclose workflow for any defect identified mid-stream.
State-law overlay
Several states have physician self-referral statutes that reach further than federal Stark:
- California Business & Professions Code § 650.01 reaches all-payer (not just Medicare) self-referral and includes a structured list of DHS categories with state-specific exceptions.
- New York Public Health Law § 238 and Education Law § 6531 prohibit physician self-referral for clinical laboratory, pharmacy, radiation therapy, and several other categories, with state-specific definitions.
- Florida Patient Self-Referral Act, F.S. § 456.053, requires disclosure of investment interests and limits referrals to designated entities.
- Illinois, Maryland, New Jersey, Connecticut maintain narrower state self-referral statutes layered on top of federal Stark.
A federally-compliant arrangement can still violate state law. State medical-board enforcement is independent of CMS, and state false-claims-act recoveries on Medicaid-side claims add a parallel exposure layer. Counsel evaluates both layers when papering any DHS arrangement.
Compliance checklist
Before any financial arrangement between the practice and a referring physician — or before any DHS arrangement under in-office ancillary services:
- [ ] Identify whether the service is a designated health service under 42 CFR § 411.351
- [ ] Identify the financial relationship (ownership/investment or compensation, direct or indirect)
- [ ] Identify the Stark exception relied upon, by citation
- [ ] Confirm every element of the exception is met, in writing, on the face of the arrangement file
- [ ] Written, signed, and dated agreement; one-year minimum where the exception requires it
- [ ] FMV opinion or benchmark contemporaneous with execution; refresh on material amendment
- [ ] Compensation not tied to the volume or value of DHS referred by the physician (or, where productivity is permitted, only personally-performed services counted)
- [ ] Group-practice elements documented for any in-office ancillary services reliance
- [ ] Same-building or centralized-building test documented for in-office ancillary services
- [ ] 90-day signature cure protocol in place for any signature lag
- [ ] Annual arrangement review with element-by-element re-verification
- [ ] SRDP-decision protocol in place for any identified noncompliance — counsel decides whether to self-disclose, cure, or treat as a 60-day overpayment
- [ ] State-law analog reviewed for any state in which the practice or referring physician operates
Restraint about outcomes
Stark Law is strict-liability and unforgiving on documentation. No template, checklist, or vendor can preempt a CMS or DOJ determination that an arrangement fails an exception. What rigorous documentation does is shrink the surface area, capture exception-fit contemporaneously, and position the practice for SRDP resolution at the lowest reasonable settlement value if a defect surfaces later.
This guide is not legal advice. The Stark analysis on any specific arrangement is a legal determination; consult outside healthcare counsel before papering anything that involves a physician's financial relationship with the practice or with an entity providing designated health services.
How d3rx fits
The d3rx compliance binder holds the source-grounded administrative documentation a Stark-defensible program is built from — the financial relationships log, the lease and compensation arrangement file, the annual element-review checklist, group-practice documentation, and the cure-or-disclose decision log. The d3rx audit defense workflow supports the SRDP, OIG SDP, and DOJ parallel-track handling that Stark matters often require. d3rx does not represent the practice in any CMS, OIG, DOJ, or state proceeding and does not replace counsel; it is a point-in-time administrative documentation aid that counsel and the practice work from.
Step 1 · Get the binder
Get the d3rx compliance binder for your practice
Pre-filled to address the gaps this guide covers — Stark Law (Physician Self-Referral): Compliance Basics for Designated Health Services. We will email you the section preview and your binder intake link.
No PHI required. We use your email to send the binder preview and intake link only.
Frequently asked
Can my in-office DEXA scan be billed under the in-office ancillary services exception?
Generally yes if the elements at [42 CFR § 411.355(b)](https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-B/part-411/subpart-J) are met. DEXA falls within the radiology and certain other imaging services designated health service category at [42 CFR § 411.351](https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-B/part-411/subpart-J). The in-office ancillary services exception requires the service be furnished personally by the referring physician, a physician in the same group practice, or an individual supervised by such a physician; furnished in the same building or a centralized building of the group practice; and billed by the referring physician, the group practice, or an entity wholly owned by the group practice. The group-practice definition and the same-building test are where DEXA arrangements most often fail review.
Is a documentation error on a referring-physician compensation arrangement a Stark violation?
Potentially. Stark is strict liability — there is no intent element. A compensation arrangement that fails to meet every element of a relevant compensation-arrangement exception under [42 CFR § 411.357](https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-B/part-411/subpart-J) renders every Medicare claim for a designated health service referred under that arrangement non-payable. The temporary noncompliance provisions at [42 CFR § 411.353(f)](https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-B/part-411/subpart-J) and the 90-day signature grace period at [42 CFR § 411.353(g)](https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-B/part-411/subpart-J) provide narrow cure paths; CMS's Self-Referral Disclosure Protocol (SRDP) resolves the rest. Documentation discipline is the entire game.
What is the difference between Stark Law and the Anti-Kickback Statute?
Stark is civil, strict-liability, and limited to Medicare claims for designated health services where a financial relationship between the referring physician and the entity exists. AKS at [42 USC § 1320a-7b(b)](https://www.law.cornell.edu/uscode/text/42/1320a-7b) is criminal and civil, intent-based, and reaches any federal-healthcare-program remuneration tied to referrals across any item or service. Stark exceptions and AKS safe harbors are different bodies of law; an arrangement can fit a Stark exception and still violate AKS. Most enterprise compliance reviews paper the arrangement to clear both layers. See [our AKS guide](/compliance-guides/anti-kickback-statute-compliance-basics) for the AKS side.
Does Stark apply to Medicaid claims or only Medicare?
The federal Stark Law at [42 USC § 1395nn](https://www.law.cornell.edu/uscode/text/42/1395nn) is by its terms a Medicare statute. However, the Social Security Act's Medicaid-side incorporation at [42 USC § 1396b(s)](https://www.law.cornell.edu/uscode/text/42/1396b) denies federal financial participation for Medicaid services rendered under arrangements that would violate Stark on the Medicare side. Several states have their own physician-self-referral statutes (California Business & Professions Code § 650.01, New York Public Health Law § 238) that reach further than federal Stark and cover all-payer or state-program referrals.
Can a physician own an interest in a medical device or implant company and use those products?
The ownership interest is a financial relationship that triggers Stark analysis any time the physician's referrals for designated health services involve the entity. Physician-owned distributorships (PODs) draw [AKS scrutiny under the OIG Special Fraud Alert](https://oig.hhs.gov/fraud/docs/alertsandbulletins/2013/POD_Special_Fraud_Alert.pdf) and Stark scrutiny under the financial-relationship analysis. POD structures that survive both layers have material controls on return-on-investment, ownership distribution, and self-utilization volume. Most do not. Counsel papers ownership-and-utilization arrangements before any referral activity.
What is the actual penalty exposure for a single Stark violation?
Each claim submitted for a designated health service referred under a non-compliant arrangement is non-payable, and amounts already received are overpayments subject to refund under the 60-day rule at [42 USC § 1320a-7k(d)](https://www.law.cornell.edu/uscode/text/42/1320a-7k). CMPs of up to $15,000 per service plus assessment of up to 3x amounts claimed under [42 USC § 1395nn(g)](https://www.law.cornell.edu/uscode/text/42/1395nn), inflation-adjusted. Exclusion authority under [42 USC § 1320a-7](https://www.law.cornell.edu/uscode/text/42/1320a-7) for knowing-and-willful conduct. Stark-tainted claims are also False Claims Act-exposed where the arrangement was known or reckless, adding treble damages and per-claim penalties under [31 USC § 3729](https://www.law.cornell.edu/uscode/text/31/3729).
Turn this into a review-ready binder
The Security Risk Analysis is where this guide becomes documentation you can actually hand to a reviewer — assembled into one review-ready binder. Source-grounded, citation-linked, and explicit about what it does and does not do.
Editorial process. This guide was drafted by an LLM (Anthropic Claude) against primary HHS, OCR, CMS, eCFR, NIST, and state-regulator publications, and edited by the D3rx team for restraint and source fidelity. A named credentialed reviewer (CHC, CHPC, or healthcare attorney) is being engaged to verify citations — see the team page for status. Until that reviewer engagement is finalized, this page does not claim credentialed review.
This article is an administrative documentation aid. It does not certify compliance, provide legal advice, replace counsel, or guarantee an audit outcome. The practice remains responsible for reviewing, adopting, and maintaining its compliance program. References cited link to primary sources at HHS, OCR, CMS, the Code of Federal Regulations, NIST, and state regulators.
D3rx is a healthcare-billing and compliance research aid maintained by D3rx Inc. Articles are drafted by an LLM (Anthropic Claude) against primary HHS, OCR, CMS, eCFR, NIST, and state-regulator publications, and reviewed for restraint and source fidelity by the D3rx team.
Reviewer status: a named credentialed reviewer (CHC, CHPC, or healthcare attorney) is being engaged. Until that engagement is finalized, this page does not claim credentialed review.
- 42 CFR §§ 411.350-411.357https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-B/part-411/subpart-J
- SRDP processhttps://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Self_Referral_Disclosure_Protocol
Sources verified as of May 23, 2026
This guide is a plain-English summary maintained by D3rx for healthcare practice administrators. It is not legal advice, medical advice, or accounting advice. The authoritative source is the cited regulation or agency document. Always confirm with qualified counsel before acting on a specific compliance question affecting your practice.
Related Guides
Anti-Kickback Statute: What Medical Practices Actually Need to Know (42 USC § 1320a-7b(b))
9 min readEmergency ResponseOIG Self-Disclosure Protocol: When to Use It, When to Hold Back
10 min readEmergency ResponseThe Medicare 60-Day Overpayment Rule: How to Comply (and What Triggers Worse)
8 min readRelated across the archive
- ComplianceAnti-Kickback Statute: What Medical Practices Actually Need to Know (42 USC § 1320a-7b(b))The federal Anti-Kickback Statute is intent-based, criminal-grade, and the most common fraud-and-abuse theory in OIG enforcement. Here is what AKS actually prohibits, how the safe harbors function, and where practices get caught.
- ComplianceThe OIG's 7 Elements of an Effective Compliance Program (Applied to a Small Practice)The OIG's seven elements of an effective compliance program, what each one looks like in a 1–15-clinician practice, and how to document each in 2026.
- ComplianceThe Medicare 60-Day Overpayment Rule: How to Comply (and What Triggers Worse)The 60-day clock starts at identification. Miss it, and the overpayment becomes a False Claims Act violation. Here is the actual procedure.
- ComplianceOIG LEIE Monthly Exclusion Screening: Process + Audit-Ready LogsMonthly OIG LEIE and SAM.gov exclusion screening for every workforce member and vendor: the workflow, the log fields auditors require, and the escalation path.
- GlossaryGroup Practice (Stark)A defined-term group of physicians who share specific operational characteristics making them eligible for certain Stark Law exceptions.
- RegulationStark Law Overview (42 USC 1395nn)Strict-liability prohibition on physician referrals to entities for designated health services payable by Medicare when the physician (or immediate family member) has a financial relationship with the entity, unless an exception applies.
- BillingWhat to Do When a Payer Says You're UnderbillingGot a letter saying you're underbilling? Here's what it actually means, whether you should worry, and what action to take.
- SRACMS Promoting Interoperability and the Security Risk Analysis AttestationHow the CMS Promoting Interoperability program (formerly Meaningful Use) requires a HIPAA Security Risk Analysis for each EHR reporting period, what the attestation actually claims, and how CMS audits it after the fact.