“Credentialing” is a word with many meanings in healthcare, and according to who you are talking to or which governing body is involved, lines can get crossed in communication. In this post, we will explore an important component of the healthcare vendor credentialing process – exclusion screening and monitoring.

Hospital Vendor Credentialing

Physicians go through a credentialing process, which is a review of their education, training, residency, certifications, and licensure. The second level of credentialing focuses on vendor representatives who visit various areas of a hospital and generally includes some level of verification of certain immunizations, certifications, training components, etc. The representative must check in at a hospital to verify they have been appropriately credentialed, and then will be given a badge defining which areas of the hospital they have access to.

Many hospital vendor credentialing processes often overlook performing checks on the companies which supply goods or provide services. If a hospital pays a vendor who is excluded from Medicare and/or Medicaid programs there can be serious repercussions fines and penalties or a potential corporate integrity agreement.

Healthcare Exclusion Screening and Monitoring for Individuals and Entities

On May 8, 2013, the HHS OIG released a Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs. In this document, the HHS Office of Inspector General (OIG) laid out guidelines for monitoring individuals and entities (vendors).

The 2013 Bulletin helps answer some important questions that were raised in regards to the previous HHS OIG Bulletin (Federal Register / Vol. 64, No. 189) submitted September 30, 1999.

  1. May an excluded person provide an item or a service that a health care provider needs but that is not for direct patient care or billing?
  2. Is a provider that employs or contracts with an excluded person to provide such item or service subject to CMP liability?
  3. What is the scope of the obligation to screen current and potential employees and contractors against OIG’s List of Excluded Individuals and Entities (LEIE) to determine whether they are excluded?
  4. How frequently should providers screen against the LEIE? How far downstream do they need to screen (e.g., do they have an obligation to screen the employees of contractors and subcontractors in addition to screening contractors)?
  5. How should a provider disclose to OIG that it has employed or contracted with an excluded person?
  6. What is the distinction between the information that appears on the LEIE and the information that appears on the General Services Administration’s (GSA) System for Award Management (SAM.gov) and other systems that report sanctions or adverse actions taken with respect to health care practitioners (e.g., the National Practitioner Data Bank (NPDB))?

Civil Monetary Penalties Liability for Employing or Contracting an Excluded Individual or Entity

According to HHS OIG, “the Balanced Budget Act of 1997 BBA (Public Law 105-33) authorized the imposition of Civil Monetary Penalties (CMP) against providers that employ or enter into contracts with excluded persons to provide items or services payable by Federal health care programs. This authority parallels the CMP for health maintenance organizations that employ or contract with excluded individuals.

If a health care provider arranges or contracts (by employment or otherwise) with a person that the provider knows or should know is excluded by OIG, the provider may be subject to CMP liability if the excluded person provides services payable, directly or indirectly, by a Federal health care program. OIG may impose CMPs of up to $10,000 for each item or service furnished by the excluded person for which Federal program payment is sought, as well as an assessment of up to three times the amount claimed, and program exclusion.”

How to Monitor Healthcare Vendors for Exclusions

The complexity of hospital vendor credentialing can become quite confusing because it can involve so many people with their own terminology and understanding of how they best interact in compliance with both hospital and government standards. Certain provider quality standards pertain to those who are billing the Centers for Medicare and Medicaid Services (CMS) for federal healthcare dollars.

When individuals or entities (vendors) do not meet these standards, they are excluded from providing services and receiving compensation for Medicare and/or Medicaid beneficiaries. If a hospital is billing Medicare and/or Medicaid, this process should also include exclusion screening or monitoring of the OIG-LEIE, SAM.gov, and all state exclusion lists to ensure the physician or entity is not excluded by one or more of these agencies. Beyond this, we would recommend going a step further to ensure the Name and TIN number provided by the vendor are valid.

To avoid potential Civil Monetary Penalties (CMP), OIG suggests checking the LEIE prior to employing or contracting with persons or contractors and screening their employee and vendor data each month to minimalize potential liability and overpayment. Also, it is recommended that providers use the same practice to screen contractors, subcontractors, and employees of contractors as they would their own employees. [Special Bulletin – Page 16]

Whether you can manage this process in-house or outsource the work to a third party vendor, exclusion monitoring should be implemented in any hospital vendor credentialing process. Choosing to be proactive when it comes to vendor monitoring helps reduce your risk and improve overall care within your population of providers, contractors, vendors, and owners.

Looking to automate? Find out more about our VendorProof solution!

VendorProof healthcare solution


Curious to learn more? You might also enjoy the following blogs:
Vendor Credentialing Service – Are you doing enough?
OIG Compliance Program Guidance For Hospitals
The Top Healthcare Compliance Software Tools You Should Be Using
5 Steps to Ensure Vendor Compliance


Written by Michael Rosen, ESQ

ProviderTrust Co-Founder, mrosen@providertrust.com

Michael brings over 20 years of experience founding and leading risk mitigation businesses, receiving numerous accolades such as Inc. Magazine’s Inc. 500 Award and Nashville Chamber of Commerce Small Business of the Year.

 Connect with Michael on LinkedIn