Whether you're new to the world of OIG exclusions or an expert looking to enhance your current process, explore this guide to find the latest regulations and industry-leading best practices.
Click one of the sections to your left to get started!
When evaluating your internal exclusion monitoring process, it is critical for your team to understand the complexity and associated risk of healthcare exclusion and sanction screening according to each governing authority to best protect both your organization and its patients or members. For an in-depth review of exclusion authorities, check out our Guide to Healthcare Exclusion Authorities.
HHS Office of Inspector General (OIG) has the authority to exclude individuals and entities from federally funded healthcare programs pursuant to Section 1128 of the Social Security Act and from Medicare and state healthcare programs under Section 1156 of the SSA Act. In accordance with the SSA, HHS OIG mandates that healthcare organizations do not hire or do business with “excluded or sanctioned” individuals or entities.
In addition, each state has a department or agency dedicated to upholding the integrity of Medicaid programs and public health. Though each state enforcement authority can vary by name and functions, (Department of Medicaid, State OIG, Department of Health Care Services) each one outlines the rules of ineligibility for licensed providers who have been disciplined or lost certain license privileges. Section 6501 of the Affordable Care Act requires state Medicaid agencies to terminate the participation of any entity if such entity is terminated under Medicare or any other State Medicaid plan.
How much are civil monetary penalties for an exclusion?
CMPs enforced by HHS OIG or false claim allegations by the U.S. Department of Justice (DOJ) can result in more than $20,000 per false claim or statement, plus treble damages. Here are the latest CMPs published by the OIG.
Healthcare Exclusion Authorities & Enforcement
Exclusion monitoring is a matching game. To conduct exclusion monitoring of a given population effectively, you must collect enough identifying information to determine whether a given exclusion is or is not a match to the person or entity associated with your organization.
The data your organization collects varies by population. You’ll likely have more information about employees than vendors or provider networks.
To determine an exclusion with high confidence, you need to verify that one or more pieces of uniquely identifiable data match. For example, matching an exclusion on a name only is not enough to be conclusive, since some names are quite common. Matching an exclusion on SSN and NPI is a high-confidence, high-quality match.
What data do you need to collect from your populations?
Full Legal Name
(Additional Previous Names Included)
Date of Birth
SSN or Tax ID
When it comes to exclusion monitoring, you want to ensure your employees, vendors, or ordering, referring, or participating providers are not excluded. To prove this negative, you must check every possible exclusion source. Here’s where those sources currently stand.
State Medicaid Exclusion Sources
Provider organizations are required to screen employees and vendors at least once a month. However, because each source updates at a different frequency (and because manually checking sources wastes time and energy), ongoing exclusion monitoring has become the industry best practice. This service model allows you to know as soon as someone in your population appears on an exclusion list, instead of finding out weeks later.
Automated ongoing exclusion monitoring relies on matching algorithms that compare your monitored populations to an aggregated dataset of all federal and state exclusions. Automation is critical for enterprise organizations, but the amount of work required from internal teams can vary significantly across solutions.
Before committing to an exclusion monitoring solution, you must identify the populations for which your organization should conduct exclusion monitoring. The most recent guidance from HHS OIG on this topic comes from the 2013 Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs.
What is the difference between Exact Matches vs. Potential Matches?
If you’re evaluating exclusion monitoring solutions for the first time, you may not realize the significant difference between receiving exact matches and potential matches from your vendor.
Your exclusion monitoring solution should allow you to meet all audit and survey requirements quickly and efficiently. For example, you should be able to pull a monitoring history report for anyone in your population that fully shows the exclusion sources and results on any given date.
Audit Reports and Time Stamps
Automation is crucial to effective and efficient exclusion monitoring, but human beings are, too. Your exclusion monitoring solution should come with client support that ensures you have someone to call to answer any questions and ensure your service can scale with the evolving needs of your organization.
Exclusion monitoring serves to protect your organization from compliance and financial risk. You should have full confidence that the results you receive are accurate and complete. Make sure your vendor stands behind their service with an errors and omissions policy indemnifying you against any failures on their part.
For enterprise organizations especially, the difference between these results can be the difference between hundreds of hours of administrative work every month.
ProviderTrust confirms and verifies every exclusion, delivering only exact matches that you can trust.
HHS OIG maintains a list of all currently excluded individuals and entities called the List of Excluded Individuals/Entities (LEIE). Anyone who hires an individual or entity on the OIG LEIE may be subject to civil monetary penalties (CMP). There are two main types of exclusions – mandatory and permissive as outlined by HHS OIG. Read more about mandatory and permissive exclusions.
Download the OIG LEIE
SAM.gov refers to the System for Award Management, a database with the purpose of preventing companies from doing business with an individual or entity that has been debarred, sanctioned, or excluded by a federal agency. Read more about SAM.gov.
Most states maintain their own list of ineligible, excluded, or terminated providers, though a few report directly to the OIG without releasing their own datasets. Occasionally, states change their process for reporting exclusions, adding or discontinuing a list. See the up-to-date list of state exclusion sources.
Even if your population is only working or practicing in one or a few states, it’s still important to check every available state exclusion list. We frequently find excluded providers relocating states in an attempt to evade detection and continue participating in government healthcare programs.
Who should be included in your exclusion monitoring process?
Industry best practice is to monitor both licensed and non-licensed employees, vendors and subcontractors, owners of vendors and subcontractors, referring and ordering physicians, and both participating and non-partcipating provider networks.
Potential matches are typically delivered in a spreadsheet, requiring your team to then investigate each suspected exclusion by going to the primary source (LEIE or state list) and determine whether the excluded person or entity is the same as the one in your population. Solutions that match on name only or other unreliable fields can only return potential matches.
Exact matches have already been confirmed by the exclusion monitoring vendor. These high-quality, high-confidence matches protect your organization from risk and make your teams more effective. Exact matches should be delivered with documentation that empowers your team to follow procedures faster and with confidence.
The Basics of Exclusion Monitoring
An effective data science and enrichment strategy is critical to ensuring confidence that your organization never misses an exclusion across any population - it’s the only way to confidently say that your process hasn’t missed an exclusion due to a name change, a nickname, a new NPI, moving states or addresses, or a new license. A best-in-class exclusion monitoring solution enriches both primary source data and our client’s data records with identifiers to catch and verify issues no other process can, alerting you to issues you would never otherwise find.
Best-in-Class Data Enrichment
Does your organization do any of the following?
Add unique identifiers to primary source data to enable exact-match verification
When new information is found at a primary source, we add that data back into our source of truth
Add license information from other states to your organization's data that you previously didn't have
None of the above
How does your exclusion monitoring reduce the noise and toil of dealing with false positives, or potential matches? Often, selecting the right exclusion monitoring solution comes down to this critical issue: the difference between vendors or internal processes could mean countless manual hours spent verifying potential exclusions with a SSN or an NPI instead of focusing on the critical, thoughtful work that your organization needs. At a minimum, every exclusion monitoring solution should be fully automated and should deliver exact-match results. The risk, time, and effort spent on potential matches is simply moving healthcare, and your organization, backward.
Does your monitoring process require manual intervention?
Healthcare continues to move toward a state of greater interoperability across systems, tools, and data, and this trend continues into the realm of selecting an exclusion monitoring solution. It’s best practice to ensure your exclusion monitoring solution integrates seamlessly with your workflow: with well-designed SaaS software, your native systems via API integrations, or the other applications you use, such as an HRIS or a claims processing system. The best exclusion monitoring solutions do not force a new process on your teams; instead, they integrate directly with the tools and processes you already have.
Does your current exclusion process integrate into your workflows?
It’s imperative that protecting your organization and keeping your data safe and secure is a top priority of your exclusion monitoring solution. At a minimum, we recommend ensuring any exclusion monitoring solution your team evaluates is both SOC II compliant and NCQA accredited. Both of these certifications speak volumes to how a potential vendor stores, manages, and handles sensitive data from your organization.
Peace of Mind with Security
In certain circumstances, it may make the most sense to select an exclusion monitoring solution that only screens for exclusions, nothing else. However, we would challenge that thinking and recommend a holistic monitoring approach to provider monitoring, one that enables future expansion to include licensure & certification tracking, sanction monitoring, SSDMF screening, and more.
The Full Picture of Employees and Providers
Smarter Exclusion Monitoring
Which exclusion sources does your organization check?
Only the federal lists (OIG-LEIE/SAM.gov)
Only the federal lists and my state Medicaid exclusion lists
Only the federal lists, my state and surrounding states' Medicaid exclusion lists
All federal and state exclusion lists
Industry best practice is to search all federal and state exclusion lists, including the OIG-LEIE and SAM.gov, your state’s Medicaid exclusion list, and all other state exclusion lists.
How often does your organization check for exclusions?
Only at the Time of Hire or Contracting
Annually and at Hire
Quarterly and at Hire
Monthly and at Hire
Daily and at Hire
At minimum, organizations must check for exclusions on a monthly frequency. Based on primary source variability, we recommend a more frequent cadence.
Who owns exclusion monitoring at your organization?
Other or a Combination of Above
Regardless of which department owns the exclusion monitoring process, it is critical that you select a solution that reduces the cost of ownership.
How much manual effort does your process require?
My process is entirely manual
My process is automated, but we manually verify potential exclusions
My process is completely automated from searching to verification
My process is completely automated and integrated with our IT system
We think that an automatic process that allows for seamless integration and interoperability is the future of exclusion monitoring solutions.
Select the population that you need to monitor for exclusions.
Referring & Ordering Physicians
A Combination of the Above
A best-in-class solution ensures no individual or entity across every population is excluded at any point in time.
Owners of Vendors
Congratulations on completing your exclusion monitoring self assesment quiz!
Connect with our team of experts and get started today.
Learn more about our exclusion monitoring products.
Evaluate Your Exclusion Monitoring Process
See Our Products
Say hello to smarter monitoring.
Passport is the most effective and predictive healthcare solution for automated ongoing exclusion, sanction, and license monitoring with exact-match results straight from federal and state primary sources. Ideal for employee monitoring.
Dash is the customizable, ongoing monitoring solution for provider networks: participating and non-participating, as well as ordering and referring physicians. Dash features interactive dashboards to power workflows across your organization and improve program integrity.
VendorProof helps healthcare organizations manage vendor network compliance with exclusion monitoring. Combine our vendor onboarding package with attestation collection and disclosure of ownership for comprehensive vendor compliance.
Meet Our Applications
Learn More About Passport
Ready to learn more? Reach out to our team below.
Learn More About Dash
Learn More About VendorProof