Whether you're new to the world of OIG exclusions or an expert looking to enhance your current process, explore this guide to find the latest regulations and industry-leading best practices.
Click one of the sections to your left to get started!
When evaluating your internal exclusion monitoring process, it is critical for your team to understand the complexity and associated risk of healthcare exclusion and sanction screening according to each governing authority to best protect both your organization and its patients or members. For an in-depth review of exclusion authorities, check out our Guide to Healthcare Exclusion Authorities.
HHS Office of Inspector General (OIG) has the authority to exclude individuals and entities from federally funded healthcare programs pursuant to Section 1128 of the Social Security Act and from Medicare and state healthcare programs under Section 1156 of the SSA Act. In accordance with the SSA, HHS OIG mandates that healthcare organizations do not hire or do business with “excluded or sanctioned” individuals or entities.
In addition, each state has a department or agency dedicated to upholding the integrity of Medicaid programs and public health. Though each state enforcement authority can vary by name and functions, (Department of Medicaid, State OIG, Department of Health Care Services) each one outlines the rules of ineligibility for licensed providers who have been disciplined or lost certain license privileges. Section 6501 of the Affordable Care Act requires state Medicaid agencies to terminate the participation of any entity if such entity is terminated under Medicare or any other State Medicaid plan.
Healthcare Exclusion Authorities & Enforcement
CMPs enforced by HHS OIG or false claim allegations by the U.S. Department of Justice (DOJ) can result in more than $20,000 per false claim or statement, not including treble damages. View the latest
published by the OIG.
Learn more about federal and state exclusion sources
Section 1156 of the SSA Act
Social Security Act
Section 1128 of the
Ready to learn more? Reach out to our team below.
Exclusion monitoring is a matching game between your organization's data and information at the primary source. The data your organization collects varies by population. You’ll likely have more information about your employees than your vendors or provider networks.
To determine an exclusion with high confidence, you need to verify that one or more pieces of uniquely identifiable data match. For example, matching an exclusion on a name only is not enough to be conclusive, since some names are quite common. Matching an exclusion on SSN and NPI is a high-confidence, high-quality match.
What data do you need to collect from your populations?
Full Legal Name
(Additional Previous Names Included)
Date of Birth
SSN or Tax ID
When it comes to exclusion monitoring, you want to ensure your employees, vendors, or ordering, referring, or participating providers are not excluded. To prove this negative, you must check every possible exclusion source. Here’s where those sources currently stand.
State Medicaid Exclusion Sources
Provider organizations are required to screen employees and vendors at least once a month. However, because each source updates at a different frequency (and because manually checking sources wastes time and energy), ongoing exclusion monitoring has become the industry best practice. This service model allows you to know as soon as someone in your population appears on an exclusion list, instead of finding out weeks later.
Automated ongoing exclusion monitoring relies on matching algorithms that compare your monitored populations to an aggregated dataset of all federal and state exclusions. Automation is critical for enterprise organizations, but the amount of work required from internal teams can vary significantly across solutions.
Before committing to an exclusion monitoring solution, you must identify the populations for which your organization should conduct exclusion monitoring. The most recent guidance from HHS OIG on this topic comes from the 2013 Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs.
What is the difference between Exact Matches vs. Potential Matches?
If you’re evaluating exclusion monitoring solutions for the first time, you may not realize the significant difference between receiving exact matches and potential matches from your vendor.
Your exclusion monitoring solution should allow you to meet all audit and survey requirements quickly and efficiently. For example, you should be able to pull a monitoring history report for anyone in your population that fully shows the exclusion sources and results on any given date.
Audit Reports and Time Stamps
Automation is crucial to effective and efficient exclusion monitoring, but human beings are, too. Your exclusion monitoring solution should come with client support that ensures you have someone to call to answer any questions and ensure your service can scale with the evolving needs of your organization.
Exclusion monitoring serves to protect your organization from compliance and financial risk. You should have full confidence that the results you receive are accurate and complete. Make sure your vendor stands behind their service with an errors and omissions policy indemnifying you against any failures on their part.
For enterprise organizations especially, the difference between these results can be the difference between hundreds of hours of administrative work every month.
ProviderTrust confirms and verifies every exclusion, delivering only exact matches that you can trust.
Industry best practice is to monitor both licensed and non-licensed employees, vendors and subcontractors, owners of vendors and subcontractors, referring and ordering physicians, and both participating and non-partcipating provider networks.
Potential matches are typically delivered in a spreadsheet, requiring your team to then investigate each suspected exclusion by going to the primary source (LEIE or state list) and determine whether the excluded person or entity is the same as the one in your population. Solutions that match on name only or other unreliable fields can only return potential matches.
Exact matches have already been confirmed by the exclusion monitoring vendor. These high-quality, high-confidence matches protect your organization from risk and make your teams more effective. Exact matches should be delivered with documentation that empowers your team to follow procedures faster and with confidence.
The Basics of Exclusion Monitoring
HHS OIG maintains a list of all currently excluded individuals and entities called the List of Excluded Individuals/Entities (LEIE). Anyone who hires an individual or entity on the OIG LEIE may be subject to civil monetary penalties (CMP). There are two main types of exclusions – mandatory and permissive as outlined by HHS OIG. Read more about mandatory and permissive exclusions.
SAM.gov refers to the System for Award Management, a database with the purpose of preventing companies from doing business with an individual or entity that has been debarred, sanctioned, or excluded by a federal agency. Read more about SAM.gov.
Most states maintain their own list of ineligible, excluded, or terminated providers, though a few report directly to the OIG without releasing their own datasets. Occasionally, states change their process for reporting exclusions, adding or discontinuing a list.
Exact matches have already been confirmed by the exclusion monitoring vendor. These high-quality, high-confidence matches protect your organization from risk and make your teams more effective. Exact matches should be delivered with documentation that empowers your team to confidently follow procedures faster.
owners of vendors
Download the OIG-LEIE
See list of state exclusion sources
Complete data profiles of your employee, physician and vendor populations are critical to ensuring confidence that your organization never misses an exclusion. By incorporating new standards of compliance intelligence within your exclusion monitoring process, you can connect the dots within your population data profiles. A best-in-class exclusion monitoring solution enriches both primary source data with your organization's internal data records with the necessary unique identifiers to catch and verify exclusions no other process can, alerting you to issues that might otherwise never be found.
Best-in-Class Exclusion Monitoring
Does your organization do any of the following?
Add unique identifiers to primary source data to enable exact-match verification
Systematically update internal data profiles based on new information found at a primary source
Add license information from other states to your organization's data that you previously didn't have
None of the above
How does your current exclusion monitoring solution and process manage the heavy lift of false positives and/or potential matches? Selecting the right exclusion monitoring solution comes down to this critical issue - how can you alleviate the countless manual hours it takes to verify potential exclusions with an SSN or NPI so your team can focus on other critical initiatives at your organization? At a minimum, look for a solution that automates your process and delivers exact-match results. Otherwise, the risk, time, and effort spent on manually resolving potential matches is simply holding your organization back.
Does your monitoring process require manual intervention?
Healthcare continues to move toward a state of greater interoperability across systems, tools, and data, and this trend continues into the realm of selecting an exclusion monitoring solution. It’s best practice to ensure your exclusion monitoring solution integrates seamlessly within your workflow; with well-designed SaaS software, your native systems via API integrations, or the other applications you use, such as an HRIS or a claims processing system. The best solutions do not force a new process on your teams; instead, they integrate directly with the tools and processes you already have.
Does your current exclusion process integrate within your workflows?
It’s imperative that protecting your organization and keeping your data safe and secure is a top priority of your exclusion monitoring solution. At a minimum, we recommend ensuring any exclusion monitoring solution your team evaluates is both SOC II compliant and NCQA accredited. Both of these certifications speak volumes to how a potential vendor stores, manages, and handles sensitive data from your organization.
Peace of Mind with Security
In certain circumstances, it may make the most sense to select an exclusion monitoring solution that only screens for exclusions and nothing else. However, we challenge that approach and recommend a holistic monitoring approach to exclusion monitoring - one that enables future expansion to include licensure and certification tracking, sanction monitoring, SSDMF screening, and more.
The Full Profile of Employees and Providers
Smarter Exclusion Monitoring
Which exclusion sources does your organization check?
Only the federal lists (OIG-LEIE/SAM.gov)
Only the federal lists and my state Medicaid exclusion lists
Only the federal lists, my state and surrounding states' Medicaid exclusion lists
All federal and state exclusion lists
Industry best practice is to search all federal and state exclusion lists, including the OIG-LEIE and SAM.gov, your state’s Medicaid exclusion list, and all other state exclusion lists.
How often does your organization check for exclusions?
Only at the time of hire or contracting
Annually and at hire
Quarterly and at hire
Monthly and at hire
Daily and at hire
At minimum, organizations must check for exclusions on a monthly frequency. Based on primary source variability, we recommend a more frequent cadence.
Who owns exclusion monitoring at your organization?
Other or a combination of the above
Regardless of which department owns the exclusion monitoring process, it is critical that you select a solution that reduces the cost of ownership.
How much manual effort does your process require?
My process is entirely manual
My process is automated, but we manually verify potential exclusions
My process is completely automated from searching to verification
My process is completely automated and integrated with our IT system
We think that an automatic process that allows for seamless integration and interoperability is the future of exclusion monitoring solutions.
Select the population that you need to monitor
Referring & Ordering Physicians
A combination of the above
A best-in-class solution ensures no individual or entity across every population is excluded at any point in time.
Owners of Vendors
Congratulations on completing your exclusion monitoring self assesment quiz!
Connect with our team of experts and get started today.
Learn more about our exclusion monitoring products.
Evaluate Your Exclusion Monitoring Process
See Our Products
Reimagine Your Exclusion Monitoring
We deliver healthcare’s most trusted ongoing compliance monitoring for every employee. Keep your workforce free of bad actors, reduce risk, and better connect HR and Compliance processes and teams.
Reduce Risk and Empower
Our approach to provider eligibility monitoring delivers one source of truth, offering centralized and always-accurate data insights that build complete profiles of every provider in your network.
Ensure Eligibility of Your
Onboard, manage, and monitor your organization’s entire vendor network with confidence with healthcare's most effective vendor compliance solution, ensuring always-accurate data insights on payment eligibility.
Visualize the Complete Profile for Every Vendor
Reimagine Your Exclusion Monitoring
Explore Employee Monitoring
Explore Provider Network Monitoring
Explore Vendor Monitoring