OIG Exclusion Lists: An Ultimate Guide

In 2023, a healthcare organization entered a $866,339.25 settlement agreement with the Office of Inspector General (OIG). The Chinese-American Planning Council Home Attendant Program faced serious allegations. Accusations claiming that the organization employed an individual excluded from the New York Medicaid program.

Ignoring the OIG exclusion program cost this business greatly. Unfortunately, this isn’t the only instance of a company disregarding the risks of hiring an excluded individual. In fact, there is an entire list dedicated to the issue. The List of Excluded Individuals/Entities is the database that contains the organizations and individuals banned from participating in federal healthcare programs.

Those who hire these excluded entities may be subject to fines, also known as civil monetary penalties (CMP). To avoid financial loss, all organizations should routinely check the Department of Health and Human Services (HHS) OIG Exclusions List. Let’s go over what the HHS OIG is, the list itself, exclusion criteria, and how to prevent legal ramifications.

Understanding The OIG Exclusion Lists

Established in 1976, OIG improves the efficiency of Medicaid, Medicare, and over 100 more HHS programs. The HHS OIG team consists of approximately 1,650 personnel, including investigators, auditors, analysts, attorneys and cybersecurity specialists. These professionals investigate and audit the potential for fraud and waste within the Department. They also stay on top of audits and investigations related to potential crimes against the Department.

HHS was one of the first Departments to have an OIG team. Before this implementation, the department lost billions of dollars a year to Medicaid fraud. OIG works closely not only with HHS, but the Department of Justice (DOJ) and other executive branch agencies in hopes of achieving:

• Systemic improvements.
• Improved compliance.
• Successful enforcement actions.
• Recovery of misspent funds.

The HHS OIG exclusion list is also known as the List of Excluded Individuals and Entities (LEIE). As I mentioned, it keeps track of the individuals unable to participate in federal health care programs. The LEILE includes:  

• Individual’s or organization’s address.
• National Provider Number.
• Unique Physician Identification Number.
• Date of birth.
• Job description.
• Date of exclusion.
• Reason for exclusion.

The LEILE is available in two formats: the Online Searchable Database and the Downloadable Database. Let’s discuss the differences between these databases together!

List of Excluding Individuals and Entities

The Online Searchable Database allows employers to look up the name of an individual or entity to see if they are a part of the exclusion list. When a match pops up, the database is then able to verify the individual’s personal information. More than likely the individual’s Social Security Number (SSN) helps to ensure the individual is the correct match. Employer Identification Numbers (EINs) are also available when it comes to the verification of excluded individuals.

While the Downloadable Database allows employers to download the entire list to their personal computer. The previously downloaded data file has the ability to merge with new updates to the list. The OIG posts supplemental exclusion and reinstatement files regularly on a monthly basis. Usually in the middle of the month, and they reflect all changes from the month prior.

You can find these files on the OIG’s website. Those who wish to avoid the supplements for their updates can also download the Downloadable Data File every month. Profile updates are also available on this webpage. These updates mirror changes made to information specific to excluded individuals and entities.

Note that the Downloadable Database does not contain certain information, such as SSNs or EINs. Employers should practice verification of individuals and entities through the use of these identifiers via the Online Searchable Database.

When we talk about why an individual or organization might end up on this list, there are multiple reasons. We can compartmentalize these reasons as a means for either a mandatory exclusion or a permissive exclusion.

Different Types of Exclusions

The scope of exclusions imposed by OIG expanded from Medicare and State healthcare programs to all Federal healthcare programs, as defined in section Social Security Act 1128B(f)(1).

The Medicare and Medicaid Patient and Program Protection Act of 1987 set the framework for two different types of exclusions. Let’s start with mandatory exclusions. These last a minimum of 5 years and make up slightly more than half of all exclusions. They are also based on criminal convictions under the following circumstances:

• Convictions related to the delivery of service. Both federal and state healthcare. Minimum of 5 years exclusion.
• Convictions relating to patient neglect or abuse. Minimum of 5 years exclusion.
• Felony convictions relating to healthcare fraud programs. Other than Medicare or Medicaid. Minimum of 5 years exclusion.
• Unlawful manufacture, distribution, prescription, or dispensing of a controlled substance. Minimum of 5 years exclusion.
• Second mandatory exclusion offense. Minimum 10 years.
• Third mandatory exclusion offense. Permanent exclusion.

Although they're usually some exceptions, permission exclusions exist for 3 years. These are discretionary and usually give individuals or organizations 30 days advance appeal against it. There is also a wider range of conduct for which they can apply. Some examples may include:

• Suspension, revocation, or surrender of a license to provide healthcare. The exclusion period is the same as stated by the licensing authority.
• Misdemeanor convictions relating to health care fraud. Baseline 3 years exclusion.
• Fraud in non-healthcare programs. Baseline 3 years exclusion.
• Obstruction of an investigation or audit. Baseline 3 years exclusion.
• Misdemeanor convictions relating to controlled substances. Baseline 3 years exclusion.
• Provision of unnecessary services. As well as substandard services. Minimum exclusion of 1 year.
• Submission of false or fraudulent claims. Minimum exclusion of 1 year.
• Benefiting from unlawful kickback arrangements. No minimum exclusion time.
• Controlling a sanctioned entity. Either as an owner, officer, or managing employee. The minimum period is the same as the length of the entity's exclusion.

Exclusion List Penalties

Ignoring the fact that an entity or individual is an excluded party can mean certain penalties. For one, you are likely to find your claims coming back as rejected by the federal healthcare program. This means that you will be responsible for absorbing the cost yourself.

However, there are more penalties which can really start to add up financially. You can find them in the §1128A of the Social Security Act. The current penalties associated with engaging an excluded individual include:

• A civil monetary penalty of up to $20,000. This $20,000 is for each item or service claimed and per violation occasion.
• Assessed damages of up to three times the amount claimed. This applies to each item or service and has no limit.
• The potential of addition to state and HHS OIG Exclusion Lists. This is depending on the nature of the violations.

These penalties were last updated by the Bipartisan Budget Act of 2018, but are likely to change in the future. Keep in mind that penalties can reach a significant level if a relationship between the excluded individual and employer lasts for many years.

OIG Exclusion List Compliance

So how does one avoid the penalties associated with hiring an excluded individual or entity? Frequently checking the LEIE is the first line of defense when it comes to staying compliant. Providers and health organizations must stay on top of the regular updates to this list to ensure they mitigate any potential risks.

Checking LEIE prior to employing or contracting with persons is specifically what the HHS OIG suggests. This as well as checking the list for existing employees and contractors. Screening existing employees and having a policy to do so in an efficient manner is solely the responsibility of the employer.

Employers must report any excluded individuals or entities identified that are already employed or providing goods and services to the provider. Report these individuals to the HHS OIG via the Health Care Fraud Self-Disclosure Protocol to mitigate any risks.

Other lists to keep in mind while checking for an excluded individual are:

• The Medicare Exclusion Database (MED).
• The System for Award Management (SAM) Database.
• The National Practitioner Data Bank (NPDB).

Remember that pleading ignorance in a case of employing or contracting an excluded organization or individual is not a defense.

Conclusion

Exclusions do not only apply to those who work in a medical capacity, which includes volunteers. This is to say if a healthcare provider employs an excluded individual for an administrative role, this is also grounds for a penalty.

Understanding the ins and outs of HHS OIG Listings is essential when managing your business. Make sure your screening policies are up to date and members of your staff understand how to go about them.