Healthcare employers that fail to screen employees, contractors, and vendors against the OIG exclusion list expose their organizations to federal Civil Monetary Penalties that can exceed $15,000 per day in aggregated billing exposure. This guide provides a complete operational framework for running OIG exclusion checks correctly, consistently, and at the right frequency.
Key Takeaways
- The OIG List of Excluded Individuals and Entities is a federal status database, not a criminal history check, and requires a separate, recurring screening process.
- Federal law creates a de facto screening obligation through Civil Monetary Penalty liability. Employing or contracting with an excluded individual triggers that liability regardless of intent.
- Screening scope extends beyond licensed clinical staff to contractors, vendors, and volunteers whose services connect to federally reimbursed claims.
- The OIG updates the LEIE monthly. Monthly screening is the accepted minimum frequency, and it applies to current employees, not only new hires.
- Many states maintain independent Medicaid exclusion lists that the federal LEIE does not mirror. Multi-state employers must screen against each applicable state list.
- When a screening match occurs, the employer must act immediately. Documentation, legal counsel notification, and suspension of billing activity are the first priorities.
- Recordkeeping is a distinct compliance obligation. Documentation failure creates audit exposure independent of whether screening actually occurred.
- Manual LEIE checks are operationally sustainable only up to a point. Workforce size and turnover rate determine when automated screening becomes a compliance necessity.
What the OIG LEIE Is, and What It Is Not
The List Defined
The OIG List of Excluded Individuals and Entities is a federal database maintained by the U.S. Department of Health and Human Services Office of Inspector General. It identifies individuals and organizations that federal authorities have excluded from participation in Medicare, Medicaid, and other federally funded healthcare programs. The OIG adds individuals to the list following a range of qualifying events, including convictions for program-related fraud, patient abuse, controlled substance offenses, and licensing board actions. Exclusion is a federal program status determination, not a criminal conviction, and it does not always follow from one.
The LEIE updates on a monthly basis and is publicly accessible at exclusions.oig.hhs.gov. Any individual on the list at the time a healthcare employer submits a federal claim for services that person rendered creates liability for that employer. The list does not generate automatic notifications to employers. Employers must actively query it.
What the LEIE Is Not
The LEIE is not a substitute for a standard employment background check, and a standard background check is not a substitute for the LEIE. These are independent processes governed by different legal frameworks. LEIE checks involve direct employer access to a public federal database and are not subject to FCRA adverse action requirements. Background checks conducted through consumer reporting agencies carry separate FCRA obligations. Healthcare employers who rely solely on a pre-employment background check to satisfy their exclusion screening obligation are not compliant, regardless of how thorough that check is. Organizations should confirm which legal requirements apply to each process with qualified legal counsel.
The Mechanism of Liability
Federal law does not name LEIE screening as a standalone employer mandate by statute. Rather, the Social Security Act authorizes CMPs against any entity that employs or contracts with an excluded individual for services reimbursed under a federal healthcare program. That liability attaches regardless of whether the employer knew the individual was excluded. The practical consequence is a de facto screening obligation: an employer cannot avoid CMP liability by claiming ignorance if a screening program would have revealed the exclusion. The obligation is real, the exposure is severe, and the mechanism is CMP liability rather than a named screening mandate.
How to Check the OIG Exclusion List: Step-by-Step
The Process for Running an OIG Exclusion Check
The following steps describe how to conduct a compliant OIG exclusion check for an individual or entity.
- Navigate to the OIG LEIE search tool at exclusions.oig.hhs.gov.
- Search by individual name. Run first name and last name separately as well as combined to reduce false negatives from name variations.
- Search by National Provider Identifier if the individual holds one. Running both name and NPI searches reduces the risk of missing a match due to name discrepancies.
- For organizations screening large workforces, download the full LEIE database file from the OIG website and run bulk searches against the current month's file.
- Cross-check results against applicable state Medicaid exclusion lists for each state in which the organization operates or submits claims.
- Document the search date, the name searched, the method used, the result, and the identity of the person who performed the check.
This process applies at pre-employment and at monthly intervals thereafter for all covered employees, contractors, and vendors.
Name Search Methodology and False Negatives
Name-based LEIE searches carry inherent false negative risk. Common names, name changes, hyphenated surnames, and transliteration variations can all cause a search to return no match even when an exclusion exists. Running searches on name variants, including maiden names and known aliases, reduces but does not eliminate this risk. NPI-based searches are more precise for licensed providers and should supplement name searches wherever an NPI exists. Larger organizations using the downloadable LEIE database file should apply fuzzy or phonetic matching rather than exact-string matching to reduce false negatives at volume.
Who Must Be Screened
Beyond Licensed Clinical Staff
Most healthcare employers screen physicians, nurses, and other licensed clinical staff against the LEIE. Many screen no one else, and that is insufficient. The CMP liability mechanism under the Social Security Act attaches to items or services furnished by an excluded individual, not only to services furnished by licensed clinicians. A billing coder, a medical transcriptionist, a physical therapy aide, or a dietary worker at a skilled nursing facility may trigger CMP liability if that individual is excluded and their role connects to items or services for which the organization seeks federal program reimbursement. The scope of covered roles is interpreted broadly in OIG guidance, and organizations should confirm which positions fall within their specific billing and program arrangements with qualified legal counsel.
The practical scope of screening covers any employee, contractor, or vendor whose services could be billed to a federal healthcare program, directly or indirectly. This includes staffing agency placements, independent contractors, and third-party vendors providing services under federally funded arrangements. Many organizations also screen volunteers who provide direct patient care, reflecting a conservative interpretation of the scope.
Contractors, Vendors, and Staffing Agencies
A staffing agency that places an excluded individual at a healthcare facility may face CMP liability depending on the nature of the arrangement and how the OIG analyzes the facts. The extent of agency liability versus facility liability is a fact-specific determination. Organizations should address exclusion screening obligations explicitly in staffing contracts and confirm their exposure with qualified legal counsel. Relying on a vendor's assurance without a contractual commitment and independent verification is an inadequate compliance control.
How Often to Check: Monthly as the Standard
Why Frequency Matters
Pre-employment LEIE screening is necessary but not sufficient. The OIG adds individuals to the exclusion list continuously, and an employee who passed a pre-employment check may appear on the LEIE months later following a licensing board action or conviction. If that employee continues providing services that generate federal claims after their exclusion date, each billed item creates a separate exposure event. A clean pre-employment result provides no defense against post-hire exclusion.
Monthly screening of the entire covered workforce is the accepted minimum frequency in OIG guidance. Monthly is the floor, not the ceiling. Organizations with high turnover, rapid onboarding cycles, or large contractor populations should assess whether monthly frequency provides adequate coverage for their specific operational profile.
Operationalizing Monthly Screening
Monthly screening of a large workforce requires a systematic process, not a calendar reminder. The OIG publishes an updated full LEIE database file each month, typically in the first week. Organizations running manual checks should establish a fixed monthly workflow: download the new file, run the workforce list against it, document results, and escalate any matches immediately. The adequacy of a manual process should be assessed honestly against the organization's actual capacity to execute it consistently, not its theoretical ability to do so.
Financial Exposure: What CMP Liability Actually Looks Like
The Penalty Structure
Civil Monetary Penalties for employing or contracting with an excluded individual are authorized under 42 U.S.C. Section 1320a-7a. The penalty structure is significant and compounds quickly across normal billing activity.
| Penalty Component | Amount |
| Per item or service billed | Up to $10,000 |
| Multiplier on amount claimed | Up to 3x the amount billed |
| Aggregated daily exposure (full-time excluded employee, active billing) | Exceeds $15,000 per OIG enforcement guidance |
| Knowing vs. unknowing distinction | Affects enforcement severity, not liability itself |
OIG enforcement guidance has framed aggregated daily exposure as exceeding $15,000 for a full-time excluded employee with continuous billing activity. This figure reflects the compounding nature of per-item liability and draws from OIG Special Advisory Bulletins. Employers should verify current enforcement guidance figures with qualified legal counsel, as published guidance is subject to update.
How Liability Accumulates
Each item of service that an excluded individual provides, and that a covered entity bills to Medicare or Medicaid, is a separate CMP exposure event. A physician excluded from federal programs who continues practicing and generating claims creates a new exposure event with every patient encounter billed to a federal payer. Across a standard clinical caseload, that exposure compounds quickly. The practical implication is that the financial risk of a missed exclusion is not a fixed penalty. It is an open-ended, accumulating liability that grows every day the excluded individual remains active and billing continues.
What to Do When You Find a Match
Immediate Response Steps
Finding a potential LEIE match requires an immediate, structured response. The following protocol describes the steps compliance teams should follow upon identifying a potential exclusion match.
- Do not dismiss the result as a false positive without formal verification. Formal verification means comparing all available identifying information in the LEIE record, including full name, date of birth, NPI, and exclusion date, against the individual's employment records. A name match alone is not sufficient to confirm a true positive, and acting on an unverified match creates independent employment law exposure. Legal counsel should be involved in the verification determination before any employment action is taken.
- Suspend the individual's access to patient care activities and federally billable services immediately, pending verification and legal review.
- Notify the organization's legal counsel and compliance officer before taking any further employment action.
- Identify and document all dates of service the individual provided after their exclusion effective date that were billed to a federal healthcare program.
- Preserve all screening records, employment records, and billing records related to the individual.
- Assess whether voluntary self-disclosure to the OIG is appropriate. The OIG's Self-Disclosure Protocol provides a mechanism for organizations to report potential violations and negotiate resolution. Self-disclosure decisions require legal counsel guidance and should not be made unilaterally by HR or compliance staff.
Self-disclosure and employment action decisions carry legal and operational consequences that require qualified counsel. HR and compliance teams should not act on either without legal review.
Termination and Contract Suspension
After legal review confirms the match, the organization must eliminate the excluded individual's participation in federally billable services. Depending on the role and organizational structure, this may involve reassignment to a position that does not connect to federal program billing, or termination of employment or contract. The appropriate action is a fact-specific determination that qualified legal counsel should guide. Termination documentation should reference the exclusion finding and the date of discovery without characterizing the individual's conduct beyond what the LEIE record reflects. For contractor and vendor relationships, the suspension or termination process should follow the applicable contractual provisions, with legal counsel guiding the communication strategy.
State Medicaid Exclusion Lists: The Layer Most Employers Miss
Why the Federal LEIE Is Not Enough
The LEIE reflects federal exclusion actions only. It does not capture every state-level Medicaid exclusion, and a state-level exclusion does not automatically generate a federal LEIE entry. A healthcare employer that screens only against the LEIE and operates in a state with an independent exclusion list is not fully compliant with that state's Medicaid program requirements. Many states, including but not limited to California, New York, Texas, Florida, and Illinois, maintain or reference independent Medicaid exclusion or sanction databases. This list is illustrative, not exhaustive. Employers operating in any state that participates in Medicaid should confirm whether that state maintains an independent exclusion list by consulting the applicable state Medicaid agency directly, as requirements and database availability are subject to change.
Multi-state healthcare employers must identify which states they operate in or submit claims to, confirm whether each state maintains an independent exclusion list, and integrate state list checks into their monthly screening workflow alongside the federal LEIE.
Managing State List Complexity
State exclusion lists vary in format, update frequency, and search interface. Some states provide searchable online tools similar to the federal LEIE tool. Others publish downloadable files or require direct agency contact. The lack of standardization across state systems creates a genuine operational challenge for large health systems, national staffing agencies, and multi-state behavioral health networks.
| Documentation Element | What to Record |
| Individual screened | Full name and any known aliases |
| Identifier used | NPI or other applicable identifier |
| Date of check | Exact date, not month only |
| Databases checked | Federal LEIE plus each applicable state list |
| Result | Clear, potential match, or confirmed match |
| Screener identity | Name and role of person who performed the check |
State Medicaid agency websites are the authoritative source for current list access procedures. Requirements in this area are subject to change, and organizations should verify current obligations periodically.
Documentation and Audit Readiness
What Records Must Demonstrate
A compliant LEIE screening program must satisfy two distinct documentation purposes. First, it must show that screening occurred, for whom, on what date, and with what result. Second, it must demonstrate that the process was consistent, systematic, and applied to the correct scope of individuals. Documentation that establishes the first purpose but not the second leaves an organization vulnerable to findings that its screening, while occasionally performed, was not a reliable compliance control.
Organizations running bulk checks should also retain the specific monthly LEIE database file version used for each screening cycle. Retaining the source file allows the organization to demonstrate exactly which data set each screening result drew from, which is a critical audit defense.
Retention Periods and Audit Triggers
OIG guidance and CMS program requirements do not specify a universal retention period for LEIE screening records. Many healthcare compliance programs apply a ten-year retention standard as a conservative practice, which aligns with the outer limit of the False Claims Act limitations period under 31 U.S.C. Section 3731(b). The applicable limitations period in a specific case may be shorter depending on the facts and the date of discovery. Organizations should confirm their specific retention obligations with qualified legal counsel, as requirements may vary based on program participation agreements, state law, and corporate integrity agreement terms. Audit triggers include CMS program integrity reviews, OIG investigations, whistleblower complaints, and state Medicaid agency audits.
Manual vs. Automated Screening: When the LEIE Tool Is Not Enough
Assessing Your Organization's Capacity
Manual monthly LEIE screening is compliant in principle. In practice, its reliability depends entirely on consistent execution. An organization with 20 employees can run a manual monthly check reliably with a structured workflow and a designated owner. An organization with 500 employees, high turnover, and a large contractor population faces a different calculus entirely. Manual screening at that scale requires significant staff time, creates bottlenecks when the designated screener is unavailable, and introduces human error risk in name matching and documentation.
The honest capacity question is not whether manual screening is theoretically possible, but whether the organization can execute it consistently, completely, and documentably every month without exception. A single missed monthly cycle, a skipped contractor, or an undocumented check creates a gap that carries real audit exposure.
When Automation Becomes a Compliance Necessity
Automated screening tools that run workforce lists against the LEIE and applicable state exclusion lists on a scheduled basis reduce the execution risk that manual processes carry at scale. They do not eliminate the employer's compliance responsibility. The employer remains accountable for ensuring the automated process runs correctly, that results are reviewed, and that matches trigger the appropriate response workflow. Organizations evaluating automated screening approaches should confirm that any tool they consider covers applicable state exclusion lists in addition to the federal LEIE. A federal-only tool leaves the state compliance gap unaddressed and does not constitute a complete screening program.
Conclusion
OIG exclusion check compliance is not a one-time pre-employment task. It is a recurring operational obligation with financial exposure that compounds for every day a missed exclusion goes undetected. Healthcare employers that build a systematic, documented, and appropriately scoped screening program are in a substantially stronger position, both in preventing liability and in demonstrating good faith during enforcement proceedings. Requirements in this area vary by state and are subject to regulatory change. Organizations should confirm their specific obligations with qualified legal counsel.
Frequently Asked Questions
What is the OIG exclusion list and why does it matter to healthcare employers?
The OIG List of Excluded Individuals and Entities identifies individuals and organizations barred from participating in Medicare, Medicaid, and other federal healthcare programs. Healthcare employers that bill federal programs for services provided by an excluded individual face Civil Monetary Penalties regardless of whether they knew about the exclusion. This creates a de facto screening obligation for any employer whose operations involve federally reimbursed healthcare services.
How do I check if someone is on the OIG exclusion list?
Navigate to the OIG search tool at exclusions.oig.hhs.gov and search by name and, where available, by National Provider Identifier. Run name variations to reduce false negatives. For larger workforces, download the monthly LEIE database file and run bulk searches. Document the date, name searched, method used, and result for every check.
Is the OIG exclusion check legally required for all healthcare employees?
Federal law does not name LEIE screening as a standalone mandate. Rather, Civil Monetary Penalty liability attaches when a covered entity bills federal programs for services provided by an excluded individual. Many states impose independent screening requirements through Medicaid program rules. Organizations should confirm their specific obligations with qualified legal counsel.
How often should healthcare employers check the OIG exclusion list?
The OIG updates the LEIE monthly, and monthly screening of the entire covered workforce is the accepted minimum standard. Pre-employment checks are necessary but not sufficient, as individuals can be added to the list after hire. High-volume hiring environments should assess whether monthly frequency provides adequate coverage for their specific operational profile.
What are the penalties for employing an excluded individual?
Civil Monetary Penalties reach up to $10,000 per item or service billed to a federal healthcare program, plus up to three times the amount claimed. OIG enforcement guidance has framed aggregated daily exposure as exceeding $15,000 for a full-time excluded employee with active billing, based on OIG Special Advisory Bulletins. Employers should verify current figures with qualified legal counsel, as guidance is subject to update.
What should an employer do immediately after finding a potential LEIE match?
Verify the match by comparing all available LEIE record identifiers against employment records, as a name match alone does not confirm a true positive. Suspend the individual's access to billable services pending legal review, and notify legal counsel and the compliance officer before taking any employment action. Assess whether voluntary self-disclosure to the OIG is appropriate with legal counsel guidance.
Does the federal LEIE cover state Medicaid exclusions?
No. The LEIE reflects federal exclusion actions only. Many states maintain independent Medicaid exclusion lists, and a state-level exclusion does not automatically generate a federal LEIE entry. Multi-state employers must screen against applicable state lists in addition to the federal LEIE each month.
What documentation should employers keep for OIG exclusion screening?
Retain the name of the individual screened, any NPI or identifier used, the date of the check, the databases checked, the result, and the name of the person who performed the check. Organizations running bulk checks should retain the specific monthly LEIE file version used. Many compliance programs apply a ten-year retention standard as a conservative outer-limit practice. Confirm the applicable period with qualified legal counsel.
Additional Resources
- OIG List of Excluded Individuals and Entities (LEIE) Search Tool
https://exclusions.oig.hhs.gov - OIG Exclusions Program Overview
https://oig.hhs.gov/exclusions/ - OIG Self-Disclosure Protocol
https://oig.hhs.gov/compliance/self-disclosure-info/ - Civil Monetary Penalties Law: 42 U.S.C. Section 1320a-7a
https://www.govinfo.gov/content/pkg/USCODE-2022-title42/pdf/USCODE-2022-title42-chap7-subchapXI-partA-sec1320a-7a.pdf - OIG Compliance Program Guidance for the Healthcare Industry
https://oig.hhs.gov/compliance/compliance-guidance/ - CMS Medicare Program Integrity Manual
https://www.cms.gov/Regulations-and-Guidance/Guidance/Manuals/Internet-Only-Manuals-IOMs-Items/CMS019033
ABOUT THE CREATOR
Charm Paz, CHRP
Recruiter & Editor
Charm Paz is an HR and compliance professional at GCheck, working at the intersection of background screening, fair hiring, and regulatory compliance. She holds both FCRA Core and FCRA Advanced certifications through the Professional Background Screening Association (PBSA) and supports organizations in navigating complex employment regulations with clarity and confidence.
With a background in Industrial and Organizational Psychology and hands-on experience translating policy into practice, Charm focuses on building ethical, compliant, and human-centered hiring systems that strengthen decision-making and support long-term organizational health.
