OIG Exclusion Screening False Positive: How to Verify and Resolve a Mismatched Result

Understand OIG Exclusion Screening

OIG exclusion screening checks your workforce and vendors against the Office of Inspector General’s List of Excluded Individuals/Entities (LEIE) so you do not bill federal healthcare programs for items or services furnished by excluded parties. Screening supports compliance with OIG regulations and reduces exposure to civil monetary penalties, claim denials, and reputational harm.

In practice, you compare names in your roster to federal healthcare exclusion lists and, where appropriate, state Medicaid exclusion sources. Because name-only searches can collide with common or similar identities, you must confirm matches with additional identifiers to avoid false positives and unnecessary disruptions.

The LEIE is updated monthly, and many payers and several states expect or require monthly checks. Building processes that reflect monthly exclusion screening mandates helps you demonstrate diligence and respond quickly to potential matches.

Core sources to screen

• OIG LEIE (primary federal healthcare exclusion list).
• Government-wide exclusion records (e.g., SAM exclusions) when required by contract or policy.
• State Medicaid exclusion lists where your organization operates or bills.

Identify False Positive Indicators

Not every initial name hit is a true match. Recognizing early indicators of a mismatch helps you triage efficiently and focus effort where risk is highest.

Common causes of mismatches

• Common or similar names, hyphenations, diacritics, nicknames, maiden or prior names, and generational suffixes (Jr., Sr., III).
• Key identifiers that do not align: different date of birth, NPI, state license number, FEIN, or middle name/initial.
• Geography or timeline inconsistencies, such as sanction states or dates that do not fit the individual’s work or residence history.
• Entity-versus-individual confusion (e.g., a business with the same name as a person).
• Data-entry or transcription errors creating near-matches.

Risk-based triage

• Treat any hit with at least one plausible identifier overlap as a “potential match” pending verification.
• When all key identifiers clearly diverge, you can proceed to a streamlined verification to close the case quickly.

Verify Potential False Positives

A structured false positive verification process protects patients, operations, and payments while ensuring fair treatment of your workforce and partners.

1) Preserve the initial hit

• Record the source, date/time, search criteria, and screen captures of the results.
• Open an investigation case and apply temporary controls proportionate to risk (e.g., hold onboarding or certain assignments).

2) Compare unique identifiers

• Confirm at least two unique identifiers. Acceptable data points include date of birth, last four of SSN/FEIN, NPI, state license number, middle name, and known aliases/DBAs.
• Use the minimum necessary PII, encrypt stored data, and restrict access to authorized compliance staff.

3) Review the exclusion record details

• Check alias names, sanctioning authority and state, profession/specialty, and effective dates.
• Look for license numbers or addresses that either confirm or contradict a match.

4) Engage the individual or vendor

• Request a brief attestation and supporting documentation (e.g., government ID, license card, NPI confirmation) to clarify identity.
• Ask about prior names or recent name changes that might explain the hit.

5) Cross-check other sources

• Reconfirm against the LEIE and, when applicable, SAM exclusions and state Medicaid exclusion lists.
• Use authoritative identity references (e.g., NPI and state license verification) to validate credentials and demographics.

6) Escalate unresolved cases

• Route complex or borderline cases to your compliance officer or legal counsel.
• When uncertainty remains, seek guidance from the relevant exclusion authority before making a final determination.

7) Final determination and sign-off

• Document whether the case is a true exclusion or a confirmed false positive, with a clear rationale and reviewer approvals.
• If not a match, remove temporary controls and restore normal operations.

Document Verification Procedures

Clear, consistent records are essential. Robust exclusion screening documentation requirements help you defend decisions in audits and payer inquiries.

What every case file should include

• Roster details for the person/entity (role, department, business relationship) and the unique identifiers reviewed.
• The exact search parameters, data sources, dates/times, and screenshots or exports of results.
• A side-by-side identifier comparison showing matches and mismatches.
• The determination (not a match/match), rationale mapped to evidence, and any temporary risk controls applied.
• Reviewer names, dates, sign-offs, and resolution communications (internal and external).
• Privacy and security notes describing how PII/PHI was minimized, stored, and access-controlled.

Retention and accessibility

• Retain records long enough to support audits and potential lookbacks tied to claims and contracts; many organizations use a 7–10 year window aligned to their enterprise retention schedule.
• Maintain a centralized index so you can rapidly assemble an evidence packet when requested by a payer or regulator.

Resolve Confirmed False Positives

Apply a clear false positive resolution protocol to close cases efficiently and avoid recurring noise.

• Update case status to “Not a Match,” citing the exact identifiers that disproved the hit.
• Release onboarding or assignment holds and communicate the clearance to managers and credentialing.
• If payments or claims were paused pending review, release them with a brief note referencing the case file.
• Record any known alias that caused the hit and, where appropriate, add a controlled exception entry to reduce duplicate alerts while preserving monthly re-checks.
• Provide the individual or vendor with a concise clearance notice when operationally helpful.

A false positive does not create healthcare program overpayment liability, but your documentation must make that conclusion obvious to an external reviewer. Keep the evidence package intact and readily retrievable.

Maintain Compliance Documentation

Strong recordkeeping proves compliance with OIG regulations and supports consistent, defensible outcomes across cases.

• Maintain a living screening log with case numbers, statuses, determination dates, and key identifiers reviewed.
• Track cycle times and false-positive rates to improve your matching rules and training.
• Schedule periodic quality reviews (e.g., sample 5–10% of closed cases monthly) to confirm evidence sufficiency and rationale quality.
• Embed clear roles and escalation paths in policy; ensure staff know when to pause work, when to escalate, and how to document.
• Include contract clauses requiring vendors to cooperate with screening, notify you of exclusions, and remediate promptly.

Implement Regular Screening Practices

Operationalize screening so that “verify and resolve” becomes routine rather than ad hoc. Align your cadence to monthly exclusion screening mandates where they apply, and treat monthly reviews as the default industry standard because the LEIE updates monthly.

Program essentials

• Screen at onboarding and before contract execution; thereafter, screen all active workers and vendors monthly.
• Include employees, contractors, temps/locums, volunteers, board members, and relevant owners or managing individuals.
• Capture and normalize aliases, prior names, hyphenations, and generational suffixes to reduce near-match noise.
• Use risk-based fuzzy matching tuned to your population; require at least two unique identifiers before declaring a true match.
• Set service levels for case review (e.g., same-day triage, resolution within 3–10 business days, faster for patient-facing roles).
• Build ready-to-share evidence packets for payers that summarize sources checked, identifiers compared, and final determination.

In summary, you avoid unnecessary disruption and safeguard revenue by recognizing false positive indicators early, following a disciplined verification workflow, documenting every step, and embedding these practices into a reliable monthly screening program.

FAQs.

What causes OIG exclusion screening false positives?

False positives typically arise from common or similar names, aliases or maiden names, punctuation or diacritics, and data-entry variations. Mismatched identifiers—such as different dates of birth, NPIs, state license numbers, or FEINs—also drive near-matches. Confusion between individuals and similarly named entities can trigger hits as well, especially when searching across multiple federal healthcare exclusion lists.

How can I verify a false positive exclusion result?

Follow a structured false positive verification process: preserve the initial hit, compare at least two unique identifiers (e.g., DOB plus last four of SSN/FEIN, NPI, license number), review the exclusion record’s details, request brief documentation/attestation from the individual or vendor, cross-check required sources (LEIE, and when applicable, SAM and state Medicaid lists), and obtain compliance sign-off. Escalate unresolved cases to legal or the relevant exclusion authority.

What are the documentation requirements for false positive investigations?

Each case file should show sources searched, dates/times, search criteria, screenshots or exports, identifier comparisons, the determination with evidence-based rationale, reviewer approvals, and any temporary controls used. Protect PII by limiting collection to the minimum necessary and securing it. These elements satisfy practical exclusion screening documentation requirements and create a defensible audit trail.

How often should OIG exclusion screenings be conducted?

Make screening monthly as a default because the LEIE updates monthly and many payers and several states expect or require it. Also screen at onboarding and before contract execution. Where monthly exclusion screening mandates apply, align your cadence accordingly and document any additional payer- or state-specific requirements in policy.