Healthcare Exclusion Sources: What You Need to Know


When it comes to exclusion monitoring, there are a myriad of lists that need to be monitored, both at the federal and state levels to ensure that your patients are only seen by eligible providers. These lists include the Health and Human Services (HHS) Office of Inspector General (OIG) List of Excluded Individuals and Entities (LEIE),, and State Medicaid exclusion lists. Often lumped in with these are the Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List (SDN), the Social Security Administration Death Master File (SSA DMF), and the Medicare Opt Out list. 

In this post, we will provide an overview of all healthcare exclusion sources and a few other eligibility-affecting databases. 

Federal Exclusion Sources

The two major federal sources that need to be screened for exclusions are the OIG LEIE and (formerly known as EPLS and GSA). Healthcare organizations are required to screen against these at least monthly.


The OIG LEIE consists of individuals and entities that have been excluded from participating in federal healthcare programs. Federal reimbursement, whether direct or indirect, for goods provided or services rendered by an excluded individual or entity, is prohibited. This includes reimbursement for salaries, benefits, or items claimed/billed by licensed healthcare providers or administrative personnel. Also, healthcare organizations cannot purchase goods or services from excluded entities and vendors. 

HHS OIG Authority

HHS OIG has the authority to exclude individuals and entities from federally funded healthcare programs pursuant to Section 1128 of the Social Security Act (and from state healthcare programs under Section 1156 of the SSA Act). The two types of exclusions include:

  • Mandatory Exclusions: Individuals and entities convicted of certain types of criminal offenses as mandated by law with a minimum statutory exclusion period of five years, which can be longer based on aggravating factors. 
  • Permissive Exclusions: The OIG has the discretion to exclude individuals based on certain convictions, license revocations, misdemeanors, fraud, etc. as laid out by law. For exclusions based on convictions, the baseline exclusion period is three years, but it may be shorter or longer based on aggravating/mitigating factors. 

Individuals and entities that violate exclusions may:

  • Be subject to liability under the Civil Monetary Penalties Law (CMPL) and be denied reinstatement.
  • Face criminal liability and civil False Claims Act liability.
As of May 2021, the OIG LEIE has more than 74,000 excluded individuals and entities. And in 2020 alone, a total of 2,378 individuals and entities were excluded by the OIG. Check out our interactive exclusion map for up-to-date numbers.

Interested in learning more about the requirements and process of OIG exclusion list monitoring? Take a look at our blog post on the topic here.

The database is formerly known as the Government Services Administration’s (GSA) list of Excluded Parties List System (EPLS). In 2012, the GSA announced it was migrating data from the EPLS to a new and more comprehensive system called the System for Award Management (SAM). Formed under a mandate of the Affordable Care Act, created one broader dataset of individuals and entities that are debarred, sanctioned, or excluded from doing business under a federal contract. The most significant database for healthcare providers, includes several federal contracting databases such as USDA-FNS, TREAS-OFAC, OPM, and more. 

If an individual or entity is on, a healthcare company should not be in contractual privity with such person or company as it would be conducting business with a sanctioned, debarred, or excluded party. HHS OIG and the Centers for Medicare and Medicaid Services (CMS) have both made it clear that federal program payment for (1) items or services furnished by excluded individuals or entities, and (2) salaries, expenses, or fringe benefits of excluded individuals (regardless of whether they provide direct patient care) are prohibited. datasets should be included in all exclusion screening processes for employed and contracting populations. Authority does not have the authority to penalize an organization like the HHS OIG does, but instead is a procurement repository. If an organization is debarred, it might not mean that you cannot do business with them. If your organization does not require your vendor to be GSA approved nor is it being reimbursed through federal program dollars, the debarment may not affect your contract (this must be reviewed by your legal counsel).

As of May 2021, the database has more than 70,000 excluded individuals and entities. Check out our interactive exclusion map for up-to-date numbers.

State Exclusion Lists

State Medicaid Exclusion Lists

Apart from the federal exclusion lists, the available State Medicaid lists must also be monitored. To review the number of currently active State Medicaid exclusion lists, check out our interactive exclusion map

State Medicaid exclusion sources are varied and present significant challenges to manual screening processes. They publish exclusion records in different formats and with varying amounts of data, making it difficult and resource-intensive to identify a match within your population. 

It’s vital to check every available state exclusion source because if an individual or entity is excluded in one state, they’re excluded in every state. And because 50% of all state Medicaid exclusions never show up on the OIG LEIE.

State Medicaid Exclusion Authorities

Medicaid Fraud Control Units (MFCUs) investigate and prosecute Medicaid provider fraud as well as patient abuse or neglect in healthcare facilities. The MFCUs, usually a part of the State Attorney General’s office, employ teams of investigators, attorneys, and auditors; are constituted as single, identifiable entities; and must be separate and distinct from the State Medicaid agency.

According to Performance Standard 8, MFCUs must transmit all pertinent conviction documentation within 30 days of sentencing to HHS OIG for purposes of program exclusions under section 1128 of the Social Security Act, including the charging documents, plea agreements, and sentencing orders.

As of May 2021, State Medicaid lists include more than 74,000 excluded individuals and entities. Check out our interactive exclusion map for up-to-date numbers. 

Additional Eligibility-Affecting Sources


OFAC publishes the Specially Designated Nationals and Blocked Persons List (SDN) and the Consolidated Sanctions List, as well as other sanction lists, including the Foreign Sanctions Evaders List, the List of Persons Identified as Blocked Solely Pursuant to E.O. 13599, the Non-SDN Iran Sanctions Act List, and more. 

OFAC administers a number of different sanctions programs. The sanctions can be either comprehensive or selective, using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals. To find the full list of OFAC sanctions programs, visit their database for specific references. Currently, the HHS does not require screening of OFAC sanctions lists. However, healthcare organizations can still be susceptible to fines and penalties for transactions from Medicare and Medicaid services.

It’s important for healthcare companies to effectively screen providers, suppliers, contractors, vendors and owners, FDRs, and more who could be affected by OFAC enforcement. 


The Death Master File (DMF) from the Social Security Administration (SSA) contains more than 85 million records of deaths that have been reported to SSA. The SSA receives death reports from many sources, including family members, funeral homes, financial institutions, postal authorities, state information, and other federal agencies. It is important to note that the SSA records are not comprehensive of all deaths in the country.

The SSA stores death information on the NUMIDENT (short for “numerical identification”) – an electronic database containing SSN records assigned to each citizen since 1936. According to the SSA, it does not have a death record for all persons and does not guarantee 100% accuracy of the data. Further stating that those who review the DMF should not assume the absence of a particular individual proves the person is alive.

Many healthcare organizations choose to include SSA DMF monitoring alongside their exclusion and license monitoring to guard against identity theft and fraud in both provider and member populations.

Medicare Opt Out

The Medicare Opt Out list includes physicians, practitioners who do not wish to enroll in the Medicare program. It’s important for your organization to not include any of these individuals in billing to avoid errors and claims that cannot be processed. On a monthly basis, healthcare organizations should pull information from the Medicare Provider Enrollment, Chain, and Ownership System (PECOS) to verify that no network providers or employees are currently on the Medicare Opt Out list and receiving Medicare reimbursement. 

Is your organization monitoring all of these exclusion sources in the most comprehensive and efficient manner to ensure no exclusions are missed? If your answer isn’t an unequivocal yes, we are here for you. ProviderTrust specializes in delivering the industry’s best compliance monitoring experience for exclusions, license verification, and other related databases. We built our process to ensure your team spends less time on compliance monitoring and has full confidence in our exact-match results.

Stay Up-to-Date

Subscribe and get the latest news and advice from industry experts delivered straight to your inbox.

Related Resources

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.