OIG Exclusion Screening Best Practices: Step-by-Step Checklist for Healthcare Organizations

Effective OIG exclusion screening protects your organization’s revenue, safeguards patients, and reduces enforcement risk. Use this step-by-step checklist to embed OIG exclusion screening best practices across employees, medical staff, contractors, and vendors.

Conduct Initial and Ongoing Screening

Who and when to screen

Screen anyone who can influence care, billing, referrals, or purchasing. That includes employees, licensed independent practitioners, temporary staff, volunteers in patient-facing roles, owners and investors, board members where appropriate, contractors, vendors, and key vendor personnel.

1. Pre-hire/credentialing/contract: complete screening before onboarding or contract execution.
2. Ongoing cadence: run recurring screening across the active roster, aligning frequency to risk and payer expectations.
3. Trigger events: re-screen after name changes, mergers or acquisitions, role changes, reappointments, and contract renewals.

How to screen accurately

1. Centralize a master roster with legal names, known aliases, date of birth, NPI, TIN/FEIN, and contact details.
2. Standardize data (capitalization, punctuation, suffixes) to reduce false matches and missed hits.
3. Use multi-identifier matching (name + DOB/NPI/TIN) and document disposition reasons for every potential hit.
4. Quarantine individuals/entities with unresolved matches from federally reimbursable work until cleared.
5. Record time stamps, reviewer identity, and final outcomes for audit readiness.

Monitor Additional Exclusion Lists

Reliable screening expands beyond a single database. Build coverage that reflects your programs, payers, and geographies, and document the rationale for your scope.

• List of Excluded Individuals and Entities (LEIE): the primary federal exclusion list maintained for healthcare participation.
• General Services Administration System for Award Management: screen for government-wide debarments and exclusions impacting purchasing and contracting.
• Medicaid Exclusion Lists: check every state where you operate or bill, as state actions may be broader than federal listings.
• Office of Foreign Assets Control Sanctions: screen for sanctions exposure to avoid prohibited transactions and related penalties.

Checklist for list coverage

1. Define the exact lists and jurisdictions your organization will monitor and why.
2. Normalize list formats into a single searchable dataset or tool.
3. Schedule recurring downloads/updates and maintain version history.
4. Test sample names to validate match quality and tuning.

Implement Automated Screening Systems

Automation reduces manual workload, improves accuracy, and creates defensible audit trails. Choose technology that fits your risk profile and integrates into daily operations.

Selection criteria

• Robust matching: fuzzy logic, alias handling, and support for NPI/TIN/DOB cross-referencing.
• Data stewardship: frequent list refreshes, deduplication, and clear version control.
• Dispositions and workflow: queueing, notes, reason codes, reassignment, and SLA tracking.
• Security and privacy: encryption in transit/at rest, role-based access, and detailed audit logs.
• Integration: APIs and batch jobs with HRIS, credentialing, accounts payable, EHR, and Contract Lifecycle Management to screen counterparties at intake, renewal, and amendment.
• Reporting: dashboards for coverage, hit rates, time-to-clear, exceptions, and trend analysis.

Operational rollout

1. Migrate a cleansed master roster and validate results against a manual baseline.
2. Configure alert thresholds to minimize false positives while preserving sensitivity.
3. Automate scheduling and notifications for overdue reviews and unresolved matches.
4. Document standard work instructions and contingency plans for system downtime.

Establish Internal Audits

Independent checks verify that screening is complete, timely, and correctly resolved. Incorporate Compliance Auditing into your annual plan with risk-based sampling.

Audit steps

1. Select a stratified sample across employees, providers, vendors, and high-risk roles.
2. Reperform screening for the sample and compare to recorded outcomes and timestamps.
3. Validate that exclusions triggered prompt remediation and billing safeguards.
4. Assess roster completeness, data quality, exception handling, and escalation timeliness.
5. Issue a report with findings, root causes, and corrective action owners and deadlines.

Key metrics

• Roster coverage percentage and update latency.
• Match rate and false-positive rate by population.
• Median time-to-disposition and backlog of unresolved hits.
• Policy exceptions, recurrence of prior findings, and closure effectiveness.

Develop Remediation Procedures

Clear, consistently applied remediation protects patients and programs while containing financial exposure. Define responsibilities for HR, medical staff services, supply chain, legal, and compliance.

Triage and verification

1. Immediately restrict potentially matched individuals/entities from federally reimbursable work and pause related claims or payments.
2. Verify identity using multiple identifiers (DOB, NPI, TIN, address, aliases) and document evidence.
3. Escalate confirmed exclusions to legal and compliance leadership with a written impact assessment.

Confirmed exclusion response

1. Remove the excluded party from affected duties or terminate the relationship per policy.
2. Quantify and refund any associated overpayments and evaluate exposure to Civil Monetary Penalties.
3. Follow appropriate self-disclosure or reporting pathways when indicated and track all communications.
4. Complete root cause analysis and implement corrective actions to prevent recurrence.

Clearing false positives

1. Record the rationale and supporting documents for “not a match” decisions.
2. Apply time-bound whitelisting rules in your tool to avoid rework, and revalidate at set intervals.

Train Compliance Staff

Targeted training ensures consistent execution and high-confidence decisions. Extend training to HR, credentialing, medical staff leadership, supply chain, accounts payable, and contracting teams.

Program design

• Role-based curricula covering lists, cadence, triage, escalation, and documentation standards.
• Scenario-based exercises simulating tricky matches, urgent holds, and repayment workflows.
• Job aids: checklists, decision trees, and disposition reason libraries.
• Onboarding plus periodic refreshers; measure competency and remediate gaps.

Maintain Documentation and Reporting

Audit-ready records prove diligence and support rapid investigations. Establish retention practices aligned to organizational policy and applicable requirements.

What to keep

• Roster snapshots, search inputs, list versions, timestamps, and reviewer identities.
• Match evidence, disposition notes, escalation records, and remediation artifacts.
• Financial impact analyses, repayment documentation, and training attestations.
• Audit plans, working papers, reports, and corrective action monitoring.

Program reporting

• Monthly completion rates and unresolved-hit aging.
• Coverage by population and vendor tier, including high-risk categories.
• Trendlines for match rates, time-to-clear, and repeat findings.
• Board/leadership summaries highlighting risk, actions, and outcomes.

Conclusion

By centralizing rosters, monitoring the List of Excluded Individuals and Entities, the General Services Administration System for Award Management, Medicaid Exclusion Lists, and Office of Foreign Assets Control Sanctions, automating workflows, enforcing Compliance Auditing, and executing disciplined remediation, you create an end-to-end, defensible OIG exclusion screening program.

FAQs

How often should OIG exclusion screening be conducted?

Screen before hiring, credentialing, or contracting, and then on a recurring schedule—commonly monthly—for all active employees, providers, contractors, and vendors. Also re-screen after trigger events such as name changes, reappointments, and contract renewals, and for higher-risk populations as needed.

What are the consequences of employing excluded individuals?

Claims tied to excluded individuals or entities can be treated as ineligible, driving repayments, Civil Monetary Penalties, potential False Claims exposure, and contract sanctions. You may also face reputational harm, operational disruption, and intensified oversight or audits.

How can automated systems improve exclusion screening?

Automation standardizes data, updates lists frequently, reduces false positives with advanced matching, and creates auditable workflows. Integrations with HRIS, credentialing, accounts payable, EHR, and Contract Lifecycle Management enable screening at intake, renewal, and amendment—catching risks earlier and speeding resolution.

What steps are involved in remediating a potential exclusion match?

Immediately restrict the individual or entity from federally reimbursable work, verify identity using multiple identifiers, and document findings. For confirmed exclusions, remove or reassign, quantify and refund affected amounts, evaluate Civil Monetary Penalties exposure, follow appropriate disclosure pathways, and implement corrective actions with tracked ownership and deadlines.