How to Build an OIG Exclusion Screening Compliance Program: Requirements & Checklist

Building a rigorous OIG exclusion screening compliance program protects your organization from payment denials, civil monetary penalties, and reputational risk. This requirements and checklist guide shows you how to design a practical, auditable framework that prevents excluded persons from participating in federally funded healthcare programs.

You will screen your workforce and vendors against the Office of Inspector General’s List of Excluded Individuals/Entities (LEIE) and applicable state Medicaid Exclusion Lists, maintain airtight screening documentation, and take prompt corrective actions when potential matches arise.

Develop Written Policies and Procedures

Start by formalizing how your organization prevents, detects, and responds to exclusions. Clear, written policies anchor your program and set expectations for every department that hires, contracts, bills, or pays claims.

What your policy must cover

• Purpose and scope: explicitly prohibit employment or contracting with anyone on the LEIE or state Medicaid Exclusion Lists.
• Who is in scope: employees, medical staff, contractors, locums/temps, volunteers, students, owners/investors, board members, and vendors whose work can impact federal program claims.
• Screening sources and cadence: the LEIE as the primary database, plus relevant state Medicaid Exclusion Lists; screen pre-hire/engagement and at least monthly thereafter.
• Data required for searches: legal name, aliases, prior names, date of birth, NPI, and other identifiers where permitted by law.
• Screening documentation standards: what to capture, who signs off, retention period, and how records are retrieved for audits.
• Vendor/contract clauses: certification of non-exclusion, immediate notice of status changes, audit rights, and flow-down terms for subcontractors.
• Enforcement and corrective actions: steps to suspend from federal program work, stop billing, repay affected claims, and report as required.
• Oversight and reporting: governance by the Compliance Officer and a compliance committee, with routine KPI reporting to leadership.

Checklist

• Publish a signed policy that references the Office of Inspector General, LEIE, and state Medicaid Exclusion Lists.
• Define in-scope populations and screening frequency in plain language.
• Document recordkeeping, approvals, and retention aligned to your enterprise policy.
• Embed exclusion provisions into offer letters, credentialing packets, and supplier contracts.

Assign Responsibilities

Clear ownership prevents gaps. Assign enterprise accountability to your Compliance Officer and operational roles to the teams closest to onboarding, procurement, credentialing, and billing.

Governance and roles

• Compliance Officer: owns the program, approves policies, monitors metrics, and reports to the compliance committee and leadership.
• HR/Talent/Credentialing: runs pre-hire and re-credentialing checks; prevents start dates until “cleared.”
• Supply Chain/Procurement: screens vendors and key principals; enforces contract clauses and renewal checks.
• Revenue Cycle/Finance: places billing holds when a potential match is under review; coordinates refunds if needed.
• IT/Automation: maintains screening tools, data integrations, access controls, and audit trails.
• Department Managers: ensure individuals do not perform federal program work until cleared.

Training and accountability

• Provide role-based training on the LEIE, Medicaid Exclusion Lists, match escalation, and documentation.
• Define RACI (who is Responsible, Accountable, Consulted, Informed) for each screening task.
• Set KPIs: time-to-clear pre-hire checks, monthly completion rates, and average match resolution time.

Checklist

• Name a Compliance Officer as program owner with documented authority.
• Publish a RACI for HR, Procurement, Credentialing, Revenue Cycle, and IT.
• Track training completion and tie responsibilities to job descriptions and evaluations.

Implement Screening Procedures

Operationalize your policy with step-by-step procedures that are easy to follow and simple to audit. Standardize searches, evidence capture, and approvals across the enterprise.

Who to screen

• Employees, clinicians, students/volunteers, contractors/temps, owners, board members.
• Vendors and key vendor principals whose goods or services relate to federal program claims.

Where and when to screen

• Primary source: the LEIE (List of Excluded Individuals/Entities) maintained by the Office of Inspector General.
• Supplemental: applicable state Medicaid Exclusion Lists based on where you operate or bill.
• Timing: before hire/engagement, at credentialing and re-credentialing, and at least monthly for everyone in scope.

How to screen and reduce false positives

• Normalize names (aliases, hyphenations, prior names) and search with and without middle names/initials.
• Use additional identifiers (DOB, NPI) to differentiate common names and document each comparison.
• Apply consistent match tiers (e.g., exact, probable, possible) with predefined escalation paths.
• Automate recurring monthly checks where feasible; require manual secondary review for possible/probable matches.

Screening Documentation

• Record the search date/time, sources queried, search terms and identifiers used, and results (including “no match” confirmations).
• Capture artifacts (export, report ID, or screenshot) and the reviewer’s sign-off.
• Maintain an auditable log of communications, escalations, and final determinations.
• Retain records per policy and payer requirements; ensure they are searchable for audits and investigations.

Checklist

• Define in-scope populations, sources, frequency, and search parameters.
• Standardize reviewer notes, file naming, and approval steps.
• Automate monthly screening and exception reporting; require dual review for potential matches.
• Store evidence centrally with controlled access and retention rules.

Address Potential Matches

Move quickly and methodically when a potential match surfaces. Your goal is to verify identity, contain risk, and, if confirmed, execute corrective actions that remediate overpayments and prevent future occurrences.

Triage and verification

• Immediately pause onboarding or remove the individual/vendor from federal program work; place a billing hold as needed.
• Compare unique identifiers (DOB, NPI, address history) and request documentation to confirm or rule out identity.
• Escalate unresolved cases to the Compliance Officer for determination and legal consultation when appropriate.

If the match is confirmed

• Implement corrective actions: end or reassign duties that touch federal programs, stop billing for affected services, and calculate potential lookback periods.
• Refund/adjust claims as required; consider self-disclosure or payer notification based on counsel’s guidance.
• Remediate root causes (process gaps, training, contract language, system controls) and document lessons learned.

Communication and closure

• Notify leadership per your incident protocol and provide a written summary of findings, actions taken, and prevention steps.
• Close the case with final documentation, including timelines, approvals, and proof of remediation.

Checklist

• Hold work and billing immediately for potential matches.
• Verify identity using secondary identifiers; document every step.
• Execute corrective actions, including refunds and contract remedies where applicable.
• Complete a root-cause analysis and update procedures and training.

Monitor and Update the Program

Effective programs evolve. Establish monitoring that proves the process works, and update procedures as your operations, payers, and regulations change.

Ongoing monitoring

• KPIs: monthly completion rates, exception volume, average days to resolve potential matches, and audit findings closed on time.
• Quality checks: re-perform a sample of screenings each month; test false-positive handling and approvals.
• System health: validate automation jobs, data feeds, user access, and backups.

Program updates

• Incorporate changes to the LEIE format or search tools and any new or revised state Medicaid Exclusion Lists.
• Update workflows after acquisitions, new service lines, or vendor transitions.
• Refresh training, templates, and job aids annually or when procedures change.

Reporting and assurance

• Provide quarterly reports to the compliance committee and leadership with trends and remediation status.
• Schedule periodic internal audits and include exclusion screening in enterprise risk assessments.

Conclusion

By codifying policies, assigning clear ownership, operationalizing standardized screening, responding decisively to matches, and monitoring performance, you create a reliable OIG exclusion screening compliance program. This requirements and checklist approach helps you prevent excluded individuals and entities from affecting your federal program participation—and proves it during audits.

FAQs

What is an OIG exclusion screening compliance program?

It is a structured set of policies, procedures, and controls to prevent excluded individuals or entities from participating in federally funded healthcare activities. You screen your workforce and vendors against the Office of Inspector General’s LEIE and relevant Medicaid Exclusion Lists, keep thorough screening documentation, and take corrective actions if a match is confirmed.

How often should exclusion screening be conducted?

Screen before hire or engagement and at least monthly thereafter for everyone in scope. Also recheck during credentialing/re-credentialing, contract renewals, and whenever new identifiers (e.g., name changes, NPIs) are added. Monthly monitoring helps you catch changes quickly and demonstrate continuous compliance.

What steps should be taken if a match is found in the exclusion list?

Immediately remove the person or vendor from federal program work and place a billing hold. Verify identity using secondary identifiers; if confirmed, execute corrective actions—stop billing for affected services, evaluate and refund overpayments as required, update contracts or terminate engagements, and document the full investigation and remediation.