Medicaid Exclusion Screening Requirements: What Providers Need to Know to Stay Compliant

Medicaid Exclusion Screening Overview

Exclusion screening is the process you use to ensure no employee, contractor, owner, or affiliated entity that touches Medicaid is barred from participation. It protects Medicaid program integrity by preventing payment for services ordered or furnished by excluded individuals or entities.

In practice, you screen people and organizations before onboarding and on a recurring basis against federal and state Medicaid exclusion lists. You confirm identities with National Provider Identifier (NPI) verification, document results, and quickly remediate any matches to maintain provider enrollment compliance.

Who must be screened

• Licensed clinicians, non‑licensed staff, temps, and volunteers involved in care or billing.
• Owners and managing employees (typically those with 5% or more direct or indirect ownership or control).
• Contractors, vendors, and delegated entities performing administrative or clinical services.
• Ordering, referring, prescribing, and attending providers tied to your claims.

What screening covers

• Federal databases: Office of Inspector General LEIE and System for Award Management (SAM).
• State Medicaid exclusion lists in every state where you operate or serve members.
• Identity confirmation steps such as National Provider Identifier (NPI) verification.

Federal Exclusion Lists

Office of Inspector General LEIE

The OIG List of Excluded Individuals/Entities (LEIE) is the primary healthcare sanctions database. It identifies people and organizations excluded from federal healthcare programs, including Medicaid, for reasons such as fraud, patient abuse or neglect, and licensure issues. You should search by name and, when available, by NPI to reduce false positives.

System for Award Management SAM

SAM is the government‑wide database for exclusions, debarments, and suspensions that affect federal awards and procurement. While not healthcare‑specific, many state Medicaid programs require checks of SAM because it can capture exclusions that impact provider eligibility. Review both entity and individual records and note the Unique Entity ID (UEI) when applicable.

Using both LEIE and SAM effectively

• Search with exact names plus common aliases; confirm using NPI, date of birth, or FEIN as appropriate.
• Document search parameters, date/time, and outcomes; retain evidence for audits.
• Investigate potential matches immediately; do not bill Medicaid until cleared or resolved.

State Exclusion Lists

Most states maintain their own Medicaid exclusion lists or termination/suspension rosters. These may include actions by state Medicaid agencies, licensing boards, attorneys general, or inspectors general. Requirements vary, but many states obligate providers to check both the state list and federal lists on a recurring basis.

Screen every state in which you deliver services, refer, or bill—even via telehealth. If you operate near state borders or serve members who cross state lines, expand screening to adjacent states. Keep proof of each check and be prepared to reconcile differences between state and federal records.

Best practices for state screening

• Build a register of relevant state Medicaid exclusion lists and update it at least annually.
• Capture screenshots or exports that show the search terms, date, and “no match” or match results.
• Monitor state board actions that can trigger exclusions or terminations and align internal alerts accordingly.

Screening Frequency and Procedures

Conduct exclusion screening at onboarding and prior to any work or claim submission. Thereafter, monthly screening is the widely accepted standard and is often required for OIG LEIE; many states expect monthly checks of state Medicaid exclusion lists and may also require regular SAM checks. Apply the same cadence to employees, contractors, owners, and ordering/referring providers tied to your claims.

Step‑by‑step screening workflow

1. Define scope: include staff, contractors, volunteers, owners (≥5%), governing members, delegated vendors, and referring/ordering clinicians.
2. Collect identifiers: legal name, aliases, NPI, date of birth, FEIN/SSN (as permitted), license numbers, and practice locations.
3. Perform National Provider Identifier (NPI) verification to confirm identity and taxonomy before database checks.
4. Search OIG LEIE and SAM; then search applicable state Medicaid exclusion lists.
5. Resolve potential matches using secondary identifiers; escalate uncertain cases to compliance leadership.
6. Block onboarding, work assignments, and claim submission for any unresolved or confirmed match.
7. Document everything: search sources, terms, dates, outcomes, resolver, and disposition; retain records for at least six years or longer if your state requires.
8. Automate monthly monitoring where feasible; audit your process annually to verify completeness and accuracy.
9. Train staff and delegated entities; your contracts should require they perform and document exclusion screening.

Triggers for off‑cycle screening

• Adverse licensure or disciplinary actions, malpractice findings, or criminal charges.
• Ownership changes, new locations, or new lines of business.
• Name, NPI, or taxonomy changes; enrollment revalidation events; payment suspensions.

Risk-Based Screening Levels

Medicaid enrollment uses risk‑based screening—limited, moderate, and high—to match safeguards to fraud/abuse risk. The higher the risk, the more intensive the screening. States may elevate a provider’s risk level based on past behavior, payment suspensions, or other program integrity concerns.

Limited risk

Applies to provider types historically associated with lower fraud risk, such as many physicians, non‑physician practitioners, and group practices. Screening focuses on identity and licensure verification plus database checks of the OIG LEIE, SAM, and state Medicaid exclusion lists.

Moderate risk

Includes provider types with elevated vulnerability. In addition to limited‑risk checks, moderate‑risk enrollment typically adds unannounced or pre‑enrollment site visits and closer monitoring of ownership and control disclosures.

High risk

Targets provider types or circumstances with the greatest exposure. High‑risk screening layers on fingerprint-based criminal background checks for owners or individuals with 5% or more controlling interest, increased site visit scrutiny, and tighter oversight of changes in ownership or location.

Limited Risk Screening Protocols

If you fall into the limited risk category, you still need a disciplined protocol to remain compliant and audit‑ready. The emphasis is on proving identity, licensure, and the absence of exclusions across federal and state sources.

Core controls for limited risk providers

• Identity assurance: National Provider Identifier (NPI) verification and confirmation of legal names and aliases.
• Licensure: primary source checks for active, unrestricted licenses and certifications in every practicing state.
• Database checks: monthly screening against the Office of Inspector General LEIE, System for Award Management (SAM), and applicable state Medicaid exclusion lists.
• Ownership and control: collect and validate disclosures for owners/managers with ≥5% interest; monitor changes between revalidations.
• Documentation: maintain audit trails, screenshots/exports, and written dispositions; integrate results with HR and enrollment files.
• Revalidation readiness: track renewal cycles specified by your state Medicaid agency and ensure screening evidence spans the full look‑back period.

Compliance Importance and Consequences

Consistent exclusion screening is central to Medicaid program integrity and provider enrollment compliance. It prevents improper payments, protects patients, and demonstrates a strong control environment to regulators, plans, and auditors.

Non‑compliance can trigger serious consequences. Claims linked to excluded individuals or entities are not payable and become overpayments subject to refund. You may face civil monetary penalties, assessments, or treble damages, along with enrollment termination or suspension. Payers and partners may impose corrective action plans or end contracts, and reputational harm can be lasting.

If you identify a match, immediately remove the individual or entity from federally funded work, quantify and refund related claims, update your screening processes to close gaps, and consider using applicable self‑disclosure pathways with federal or state authorities.

FAQs

What are the main federal exclusion lists?

The two primary federal sources are the Office of Inspector General LEIE, which is healthcare‑specific, and the System for Award Management (SAM), which captures government‑wide exclusions and debarments. You should check both, because each can list exclusions that affect Medicaid eligibility.

How often must providers conduct exclusion screenings?

Screen at onboarding and then monthly as a best practice. Many states require monthly checks of the OIG LEIE and state Medicaid exclusion lists, and programs often expect regular SAM checks as well. Follow your state Medicaid agency’s cadence if it is more specific or stringent.

What risk levels affect screening requirements?

Medicaid uses limited, moderate, and high risk levels. Limited risk emphasizes identity, licensure, and database checks. Moderate risk adds site visits and closer oversight. High risk includes those measures plus fingerprint-based criminal background checks for owners or individuals with significant control.

What are the consequences of non-compliance with Medicaid exclusion screening?

Consequences include denial of payment, mandatory refunds of overpayments, civil monetary penalties and assessments, enrollment termination or suspension, contract losses, and reputational damage. Prompt detection, removal, repayment, and process remediation are critical to limit exposure.