OIG Background Checks: What to Know and How to Prepare
A single employee or vendor on exclusion lists can cost your healthcare organization six figures and/or harm your reputation, but there is a reliable process to avoid this fate. OIG background checks are a vital part of any healthcare compliance program, so you avoid hiring or partnering with an excluded individual or entity and remain fully OIG compliant.
This article explains what that means in practice and provides a proven framework to help you implement and scale OIG background check best practices. But first, let’s establish why compliance leaders should care about this topic.
OIG Background Checks: Understanding the Basics
What is an OIG Background Check?
An OIG background check is a form of screening that assesses whether a specific individual or entity has been excluded from participating in Medicare, Medicaid, and other federal healthcare programs. These checks support compliance with federal regulations and protect patients from unqualified providers.
But how exactly are these background checks undertaken?
What is the OIG Exclusion List (LEIE)?
The List of Excluded Individuals and Entities (LEIE) is the database the U.S. Department of Health and Human Services (HHS) maintains of individuals and organizations barred from federally funded health care programs. It holds tens of thousands of active records and is updated every month as new exclusions are added and reinstated parties are removed.
Exclusions fall into two categories:
- Mandatory exclusions for serious offenses such as Medicare fraud, patient abuse, and felony drug convictions
- Permissive exclusions applied at the OIG’s discretion for offenses such as misdemeanor fraud, professional license revocation, or defaulting on health-related loans
An OIG background check searches the LEIE to determine whether a name is currently listed.
Who Should Be Screened?
Healthcare organizations should screen everyone whose work touches patient care, billing, or federal program funds.That includes:
- Employees: All clinical staff (e.g., doctors, nurses, therapists) and administrative personnel involved in patient care or billing
- Contractors and Vendors: Third-party service providers, including medical equipment suppliers, IT service providers, consultants and temporary staff
- Volunteers: Individuals who may have access to patient information or participate in patient care activities
Licensed providers carry particular risk, because a revoked or sanctioned license can lead to exclusion. For a closer look at that scenario, see the breakdown of the healthcare sanctions check on physicians.
Any failure to do so will lead to a range of problems – including steep fines and reputational harm.
Why do OIG Background Checks Matter?
OIG background checks matter for two reasons: they are a legal requirement, and they protect the integrity of the organization.
1. Legal and Regulatory Compliance
The OIG exclusion list is not advisory; it is illegal to work with excluded individuals or entities – and non-compliance can lead to a range of penalties:
- Financial Costs: Each item or service billed in connection with an excluded individual can trigger a civil monetary penalty, and the OIG can assess up to three times the amount claimed. Every affected claim must be repaid, and an unreturned overpayment can convert into liability under the False Claims Act. The OIG can also argue that the organization should have known about the exclusion, which raises the exposure.
- Insurance Losses: Care delivered by excluded individuals will not be reimbursed – potentially leading to steep losses. Not only is the treatment not repaid by Medicare or Medicaid, but allowing excluded individuals to administer care is illegal and has led to $27 million in fines against numerous providers.
- Organizational exclusion: In serious cases the OIG can exclude the organization itself from federal programs, which for most providers is an existential threat.
- Reputational Damage: The OIG publishes its enforcement actions on a public portal, and that visibility can affect recruitment as well as patient acquisition and retention.
2. Protecting Organizational Integrity
Exclusions often follow low-quality care, fraud, or patient neglect, so screening is a safeguard against malpractice and a direct way to protect patients. It also supports the systems that keep patient information secure; see how sanction screening supports patient data security.
How Do You Conduct an OIG Background Checks
Most OIG background checks are run manually through the OIG’s public online database. A basic check requires only a name search. Compliance teams can:
- Search for individuals/entities by name or National Provider Identifier (NPI)
- Download the full monthly updated list for bulk searches
- Use name variations to avoid false negatives
If an individual is flagged on the LEIE, compliance officers should:
- Verify Identity: Avoid false positives by checking name variations and associated aliases, along with the individual’s NPI and Social Security Number (SSN).
- Review Employment History: Assess the employment record to determine whether they directly or indirectly participate in federally funded programs, including subcontracted or vendor-related work.
- Consult Legal: Ensure appropriate steps are taken in accordance with federal and state regulations, documenting the decision-making process for future audits.
- Resolve the Issue: This might mean immediate termination, temporary suspension, notification to relevant authorities, and guidance on how the individual may apply for reinstatement if applicable.
In theory, this process is relatively straightforward and protects your organization from the prospect of non-compliance. But there are several factors that make OIG background checks more complicated.
What Makes OIG Background Checks Challenging?
Three issues affect organizations of every size.
Healthcare organizations of all sizes face three pervasive issues when running OIG background checks:
1. Reporting delays and data lag
The exclusion data depends on state reporting, and the timing varies. A name can be excluded weeks or months before it appears in the records a compliance team searches, which leaves a window where an organization could onboard someone who is later confirmed as excluded. This is the central reason the OIG directs organizations to re-screen the LEIE every month rather than only at hire.
2. Managing False Positives
Given the number of individuals and entities included in exclusion lists, it is not uncommon for false positives to emerge. An employee may share their name with an excluded individual, and a simple manual search will make them appear to be excluded themselves.
Cross-referencing using additional information to confirm the individual’s true identity is therefore essential. But this creates extra effort for compliance teams and can be highly time-consuming – especially when you consider how much effort screening programs already entail.
3. Scale of Screening Requirements
An OIG check is light on its own, but it rarely stands alone. Compliance teams must screen every employee and vendor against multiple lists: the System for Award Management (SAM), TRICARE, OFAC, FDA debarments, and the Medicaid exclusion lists that many states maintain on their own. The combined volume is where screening turns inconsistent or slips through entirely.
The total workload is substantial, and many compliance teams are already under-resourced. Add to this the fact that many States maintain their own exclusion lists and federal contract recipients must be screened in addition to OIG background checks – and you start to see how screening can become inconsistent or simply fall through the cracks.
What Are Best Practices for OIG Compliance?
Compliance Resource Center has refined a screening process across more than three decades and more than 3,000 healthcare organizations. Four practices turn OIG screening into a standard operating procedure at any size.
1. Frequent Screening
The first step is to ensure you are meeting the correct frequency with OIG background checks. Best practices recommend screening during:
- Employee Hiring: This ensures that no new employees or contractors are listed in the OIG exclusion database before being brought on board.
- Vendor/Supplier Due Diligence: All third-party service providers must be vetted before agreements are finalized to mitigate compliance risks.
- Post-acquisition/Merger: When acquiring a healthcare entity, screening all inherited employees and contractors is critical to avoid financial and reputational risks.
- Monthly Re-Screening: Since the LEIE is updated frequently, organizations must conduct recurring checks to ensure continued compliance.
2. Record-Keeping Practices
Next, we must ensure that you maintain comprehensive documentation of all screenings to prove due diligence and combat potential claims of negligence. Organizations must:
- Store Search Results: Retaining copies of searches ensures a verifiable history of due diligence in compliance efforts.
- Implement Internal Policies for managing identified exclusions: Defining clear guidelines for what actions to take when an excluded individual is discovered ensures consistency and mitigates liability.
- Ensure Reporting Compliance: Reporting protocols should align with federal and state regulations to demonstrate a proactive approach to compliance.
- Develop an Audit-Ready Process: Implementing an internal audit process for verifying and documenting screenings will help organizations defend against potential OIG investigations.
3. Employee Training
OIG background checks require skilled professionals who understand the process in detail. This often requires dedicated compliance training to ensure you have adequate screening processes in place – and can run them properly.
For example, your team must be aware of the prospect of false positives and follow the steps outlined above to avoid them. This should become second nature; no action should ever be taken without thorough verification of the individual or vendor’s identity.
4. Automate screening at scale
Scaling is the hardest part. The manual workload of a full screening program outstrips most compliance resources, which is why many organizations move to purpose-built software that screens every list at once.
Frequently Asked Questions
How often should OIG background checks be performed?
Screen at hire, before signing vendor agreements, after a merger or acquisition, and every month thereafter. The OIG directs organizations to check the LEIE monthly, since the list is updated each month.
Is screening the LEIE enough for OIG compliance?
No. The LEIE is one list among several. The SAM exclusion list, OFAC, and the Medicaid exclusion lists maintained by many states each carry their own requirements, and a complete program screens against all of them. See how full sanction screening closes the gaps.
What is the difference between mandatory and permissive exclusions?
Mandatory exclusions are required by law for serious offenses such as Medicare fraud, patient abuse, and felony drug convictions. Permissive exclusions are applied at the OIG’s discretion for offenses such as misdemeanor fraud, license revocation, or defaulting on health-related loans.
Can a name match alone confirm an exclusion?
No. Name matches produce false positives. Identity must be confirmed with additional identifiers such as NPI and Social Security Number, before any action is taken.
Streamline Sanction Screening with Compliance Resource Center
Compliance Resource Center offers sanction screening software that enables compliance teams to check all lists and exclusions with ease. Based on the most up-to-date data available, the software can be used for either single-name or batch-processing to assess all employees and vendors with confidence – and reduce the burden on your resources.
Want to explore how it could help you stay OIG compliant?
Subscribe to blog