OIG Exclusion Lists (LEIE): How to Search, Verify, and Stay Compliant

Online Searchable Database

The OIG Exclusion Lists (LEIE) is the official List of Excluded Individuals/Entities used to screen employees, contractors, and vendors against Federal Health Care Program Exclusions. Using the online searchable database helps you quickly identify potential matches and stay aligned with OIG Regulatory Requirements.

Step-by-step: run and document a search

• Prepare identifiers: full legal name and known aliases for people; legal business name for entities; any NPIs, dates of birth, and available tax IDs.
• Search broadly first, then narrow: run exact and partial name searches to capture spelling variants, hyphenations, and spacing differences.
• Review each candidate record carefully: match on name, state, exclusion date, and profession or business type before assuming a hit.
• Use the site’s verify function for Social Security Number Verification (last four digits) or Employer Identification Number Validation to confirm a match.
• Record your findings immediately as Compliance Documentation, including date/time, search terms, and verification outcome.

Interpreting results and avoiding false positives

• Never rely on name alone. Confirm with secondary identifiers (DOB for individuals, EIN or NPI for entities) before taking action.
• Watch for reinstatement notes. If a record shows reinstatement, it is not an active exclusion.
• Escalate ambiguous results to compliance for additional review rather than proceeding with onboarding or assignment.

Downloadable Database Usage

The downloadable LEIE files enable organization-wide screening at scale and are ideal for large rosters or continuous monitoring. They support automated matching against the List of Excluded Individuals/Entities and help standardize reporting.

How to implement

• Ingest both the full dataset and monthly update files to capture additions and reinstatements without missing changes.
• Normalize data (e.g., casing, punctuation, nicknames) and standardize identifiers (NPI, EIN) before matching.
• Apply layered matching: exact match, phonetic/fuzzy logic for names, then confirm with DOB/NPI/EIN.
• Flag potential matches for manual review and run final Social Security Number Verification or Employer Identification Number Validation before decisions.

Quality controls

• Time-stamp each run, archive the input files, and retain output logs as Compliance Documentation.
• Use test records and periodic audits to validate matching accuracy and reduce false positives/negatives.
• Document exceptions and resolutions to demonstrate consistent, defensible processes.

Verifying Excluded Individuals and Entities

Verification is the critical step that turns a “possible” hit into a confirmed decision. It protects against mistaken adverse actions and ensures you act only on verified results.

Social Security Number Verification and Employer Identification Number Validation

• For individuals, use the LEIE verification function with the last four digits of the SSN to confirm identity.
• For entities, validate using the EIN. Where available, corroborate with NPI, address, and corporate officers to strengthen the match.
• If you cannot obtain SSN/EIN, use multiple independent data points (full name, DOB, state, NPI) and escalate uncertain cases.

Resolution workflow

• No match: document the negative result and proceed.
• Potential match: pause onboarding or assignment, obtain needed identifiers, and re-verify.
• Confirmed match: do not hire, contract, or assign work on Federal health care program claims; follow internal protocols for Exclusion Enforcement Actions.

Maintaining Search Documentation

Strong recordkeeping proves your due diligence and supports audits, payer reviews, and investigations. Treat documentation as part of your core OIG Regulatory Requirements program.

What to capture each time

• Who and what you searched: names, aliases, and identifiers used (SSN last four, EIN, NPI).
• When and where: date/time of the search and the specific LEIE source (online vs. downloadable, file version).
• How you verified: verification steps taken and results (e.g., SSN/EIN confirmation, DOB match).
• Outcome and action: cleared, escalated, or confirmed exclusion; any hold or corrective step taken.
• Evidence: screenshots, exported results, and archived data files maintained as Compliance Documentation.

Retention and security

• Retain records per your retention schedule and applicable payer or state requirements; many organizations maintain records for multiple years to support audits.
• Protect PII: store SSN/EIN data minimally (prefer last four digits), restrict access, and encrypt at rest and in transit.
• Periodically test retrieval to ensure records remain complete and readable over time.

Compliance Best Practices

• Screen at key lifecycle points: pre-hire/engagement, prior to new assignments, and monthly thereafter.
• Apply the same standards to employees, contractors, vendors, volunteers, referring providers, and board members.
• Automate where feasible: scheduled imports of the downloadable files, alerts for new matches, and dashboard reporting.
• Embed requirements in policies, job aids, and contracts, referencing applicable OIG Regulatory Requirements.
• Train staff on interpreting results, protecting PII, and documenting verification steps.
• Conduct periodic internal audits and remediate gaps promptly, documenting corrective actions.

Consequences of Non-Compliance

Hiring or retaining an excluded person or entity can trigger repayments, civil monetary penalties, and potential False Claims Act exposure. Claims tied to Federal Health Care Program Exclusions may be denied, and organizations may face Exclusion Enforcement Actions and heightened oversight.

• Financial: repayment of affected claims, civil monetary penalties, and interest.
• Legal and regulatory: potential self-disclosure obligations, settlement agreements, and future monitoring requirements.
• Operational: halted assignments, re-credentialing work, and resource-intensive remediation.
• Reputational: loss of trust with patients, partners, and payers.

Key takeaways

• Search the LEIE, then verify using SSN/EIN before you act.
• Document every step with clear, reproducible Compliance Documentation.
• Screen routinely and train teams to reduce risk and meet OIG Regulatory Requirements.

FAQs

How often should the LEIE be checked for updates?

Check at onboarding or engagement and then monthly, since the LEIE updates regularly. Also re-screen immediately before sensitive assignments, contract renewals, and whenever new information suggests risk.

What identifiers are required to verify excluded individuals?

Use the last four digits of the Social Security Number for Social Security Number Verification of individuals and the EIN for Employer Identification Number Validation of entities. Supplement with DOB, NPI, and address details to resolve ambiguities.

How should documentation of LEIE searches be maintained?

Maintain dated logs of searches, identifiers used, verification steps, results, and evidence (e.g., screenshots or exports). Protect PII, restrict access, and retain records in line with your policy and applicable payer or state requirements.

What are the penalties for hiring excluded parties?

Organizations may owe repayments on affected claims, face civil monetary penalties, and risk False Claims Act exposure. Additional consequences can include Exclusion Enforcement Actions, corrective action plans, and reputational harm.