OIG Exclusion Screening Investigation Steps: How to Conduct a Compliant Review

Effective OIG exclusion screening protects your organization from hiring or contracting with individuals or entities barred from federal health care programs. By centering your review on the Office of Inspector General exclusion list and aligned controls, you reduce billing risk, safeguard patients, and strengthen compliance monitoring.

This step-by-step guide shows you how to run a compliant review from setup to remediation. You will standardize health care provider screening, perform Medicare exclusion verification, and document results in a way that stands up to regulatory guidelines for exclusions and audit scrutiny.

Establish Screening Protocols

Define scope and roles

• Population: employees, licensed professionals, medical staff, owners/board members, contractors, referral sources, and key vendors.
• Ownership: assign a compliance lead; define HR, supply chain, and revenue cycle responsibilities; set independent review checkpoints.
• Risk tiers: apply enhanced controls to high-impact roles (billing-facing, prescribing, access to federal program claims).

Set timing and triggers

• Baseline frequency: screen at hire/credentialing and perform ongoing checks at least monthly.
• Event-driven triggers: mergers, name changes, license actions, new NPIs, role transfers, and contractor onboarding.
• Ad hoc reviews: when tips, audits, or data anomalies suggest elevated exclusion risk.

Choose tools and controls

• Leverage exclusion screening software to batch search, de-duplicate, and maintain audit trails across sources.
• Establish access controls for PII, encryption in transit and at rest, and documented user permissions.
• Standardize search strings, alias logic, and match thresholds to ensure repeatable outcomes.

Write policy and train staff

• Document steps for screening, verification, escalation, corrective actions, and retention.
• Train staff on red flags, documentation rules, and how to handle potential matches without disrupting operations.

Access OIG Databases

Primary sources to use

• OIG’s List of Excluded Individuals and Entities (LEIE) as your authoritative Office of Inspector General exclusion list.
• SAM.gov Exclusions for federal debarments and related actions that affect federal program participation.
• State Medicaid exclusion lists and, where relevant, state licensing board disciplinary listings to catch jurisdiction-specific actions.

Search strategies that reduce misses

• Normalize names (aliases, hyphenation, maiden names) and search common transpositions and nicknames.
• Use exact and fuzzy searches; confirm with multiple identifiers before clearing or confirming a match.
• Batch screening for large populations; on-demand single lookups for hires or urgent cases.

Data governance

• Limit PII exposure to minimum necessary fields and maintain an access log.
• Store extracts and results in a secure, versioned repository with time stamps.

Verify Entity Identifiers

Collect and confirm identifiers up front

• Individuals: legal name, prior names, date of birth, last four of SSN/ITIN, professional license number, and NPI.
• Entities: legal name and DBA, EIN, address, owner/controller names, NPIs, and billing identifiers.

Resolve potential matches systematically

• Compare multiple data points (DOB, NPI, license, EIN) to rule in/out matches; do not rely on name alone.
• Request documentation from the subject (e.g., driver’s license, license card) to confirm identity where ambiguity remains.
• Escalate uncertain cases to compliance and legal for final disposition under documented criteria.

Medicare exclusion verification

• Validate that cleared individuals/entities have no active OIG or SAM.gov exclusions that would taint Medicare claims.
• Record the verification date and sources consulted for each subject tied to Medicare billing.

Conduct Regular Screening

Frequency and cadence

• Run monthly ongoing screening across your active population to align with industry expectations and payer oversight.
• Perform pre-hire, pre-credentialing, and pre-contract checks before any work or billing begins.
• Re-screen promptly after material changes (e.g., license action, legal name change) per regulatory guidelines for exclusions.

Who and what to include

• All W-2 staff, medical staff, and allied professionals; owners, managing employees, and board members.
• Contractors, locums, telehealth providers, billing vendors, DME suppliers, referral sources, and high-risk suppliers.
• Facility NPIs and corporate entities tied to claims submission.

Automation and quality control

• Schedule recurring jobs in exclusion screening software; monitor completion, exceptions, and error rates.
• Sample results for accuracy; run periodic independent rechecks to validate the process.

Document Screening Results

Capture the right evidence

• Search date/time, databases used, exact search terms, and identifiers compared.
• Match status (cleared, potential, confirmed), reviewer name/sign-off, and escalation notes.
• Attachments: screenshots, exports, correspondence, and validation artifacts.

Record negative results properly

• Store proof of “no record found” with the parameters used, so you can replicate the outcome.
• Link the record to the person/entity master file for easy retrieval during audits.

Build complete positive-match files

• Document scope of involvement (dates, roles, programs affected) and immediate containment steps.
• Track notifications, repayments, employment or contract actions, and exclusion reporting requirements to payers or agencies.

Implement Corrective Actions

Immediate risk controls

• Remove excluded individuals/entities from federally reimbursed activities and block access to billing systems.
• Hold and review potentially tainted claims while you investigate the time period and impact.

Remediation plan

• Quantify exposure, adjust claims, and process repayments consistent with applicable payer rules.
• Update rosters, schedules, credentialing files, and vendor listings to prevent re-engagement.
• Deliver targeted re-training and revise procedures that allowed the lapse.

Notifications and governance

• Brief leadership, the compliance committee, and the board as appropriate.
• Coordinate legal review and any required disclosures or certifications.

Root cause and prevention

• Analyze what failed (scope, cadence, identifiers, or tools) and implement systemic fixes.
• Enhance monitoring dashboards and exception alerts to catch issues earlier.

Maintain Compliance Records

Centralized, defensible repository

• Maintain a secure, searchable archive with immutable time stamps and version history.
• Retain records per policy and law; many organizations keep exclusion files at least six years.

Auditing and reporting

• Track completion rates, exception volumes, time-to-clear matches, and corrective-action closures.
• Provide periodic compliance monitoring reports to management and the board.

Continuous improvement

• Monitor regulatory guidelines for exclusions and update procedures, templates, and training accordingly.
• Benchmark software performance and consider new features that improve accuracy and auditability.

Conclusion

By codifying protocols, using authoritative sources, verifying identifiers, and documenting every step, you create a reliable OIG exclusion screening program. Consistent reviews, swift corrective actions, and strong records reduce financial, operational, and reputational risk across all federal health care programs.

FAQs

What is the purpose of OIG exclusion screening?

OIG exclusion screening prevents your organization from employing or contracting with individuals or entities barred from federal health care programs. It protects patients, preserves program integrity, and reduces the risk of improper claims, penalties, and reputational harm.

How often should exclusion screening be conducted?

Screen at the time of hire or engagement and then at least monthly for all active staff, medical professionals, owners, contractors, and relevant vendors. Also re-screen promptly after material changes such as name updates, license actions, or new NPIs.

What are the consequences of failing OIG exclusion screening?

Consequences can include repayment of tainted claims, civil monetary penalties, contract termination, credentialing issues, and reputational damage. Repeated failures may trigger audits, corrective action plans, or heightened oversight by payers or regulators.

How should screening results be documented?

Record the date/time, databases searched, search terms, identifiers compared, match status, reviewer sign-off, and any escalation or corrective actions. Keep supporting evidence—screenshots, exports, and correspondence—in a secure repository with clear retention and retrieval procedures.