How Serious are OIG Exclusions? Key Insights into the Fraud Risk Spectrum

photo of woman concerned talking on the phone and looking at computer

It’s no secret–when fraud enters healthcare, things get risky. And when patient care and reimbursements are on the line, even one bad actor can put an entire organization’s reputation in jeopardy. The actions of these offenders often result in civil and criminal prosecution, as well as fines and penalties, ultimately impacting participation in federal healthcare reimbursement programs.

But how exactly does the HHS-OIG (Office of Inspector General), the main body responsible for conducting investigations into suspected fraudulent activity, address healthcare fraud and assess future risk of these bad actors?

Luckily for all us, there’s a spectrum–and it was created with visibility and safety in mind. In this post, we break down the basics of the False Claims Act, the OIG Fraud Risk Spectrum, and how your organization can best avoid employing bad actors on the OIG exclusion list.

How the OIG Finds & Prosecutes Healthcare Fraud

Let’s start with the role of the OIG, which is tasked with ensuring that dollars for federal healthcare programs such as Medicare, Medicaid, CHIPS, and TriCare, as well as other healthcare federal grant monies, are judiciously spent and awarded as reimbursements for quality care that is not fraudulent. Congress empowered the OIG with many avenues and enforcement resources when bad actors and/or fraud is found, the primary tool being the False Claims Act (FCA).

As a refresher, liability under the federal FCA occurs when a defendant:

  1. Knowingly presents or causes presentation of a false or fraudulent claim for payment
  2. Knowingly makes, uses, or is the cause of use of a false record or statement material for a false or fraudulent claim
  3. Conspires with others to commit such actions

Some examples of practices that may violate the False Claims Act include:

  • Billing for services not rendered or are considered worthless
  • Knowingly submitting inaccurate claims for services
  • Taking or giving kickback for a referral

The OIG, in partnership with the U.S. Department of Justice (DOJ), the U.S. Department of Health & Human Services (HHS), and the Centers for Medicare and Medicaid Services (CMS), work alongside state and federal law enforcement agencies such as local police, district attorneys, state attorneys general and the FBI to find, prosecute, and hold accountable those individuals and entities that cause patient harm, abuse the system, or seek reimbursement for care that was not provided or was provided but in a harmful way. Task forces, such as the Medicare Fraud Strike Force, work together to help uphold the FCA.

Specifically, the OIG has stressed the important role of the DOJ in prosecuting FCA cases. For context, the DOJ in conjunction with the OIG recovered over $3 billion in FCA penalties in 2019–$2.6 billion of those penalties directly related to the healthcare industry, according to

How False Claims Act Settlements Feed the OIG Fraud Risk Spectrum

In 2018, the OIG released their Fraud Risk Indicator to provide visibility into how the organization assesses the future risk and trustworthiness of False Claims Act (FCA) settling individuals and entities. According to the OIG site on Fraud Risk:
OIG applies published criteria to assess future risk and places each party to an FCA settlement into one of five categories on a risk spectrum. OIG uses its exclusion authority differently for parties in each category (as described in the criteria…). OIG bases its assessment on the information OIG has reviewed in the context of the resolved FCA case and does not reflect a comprehensive review of the party. Because OIG’s assessment of the risk posed by a FCA defendant may be relevant to various stakeholders, including patients, family members, and healthcare industry professionals, OIG makes public information about where a FCA defendant falls on the risk spectrum.

So what are the risk categories? The Fraud Risk Indicator has a spectrum that stretches from “Highest Risk” to “Lower Risk,” including actions such as (in order of severity):

  • Exclusion (most severe)
  • Heightened Scrutiny
  • CIAs
  • No Further Action
  • Self-Disclosure

The most severe penalty that the OIG can impose and the highest penalty on the spectrum is an exclusion. This is based on statutory authority and can be for a mandatory or permissive basis. Nonetheless, the exclusion is also applied in a FCA settlement or verdict when the OIG determines that the actions leading to the conviction were based on the trustworthiness of the individual in the future.

Once sanctioned, the offending individual or entity is then placed on the OIG’s List of Excluded Individuals/Entities (LEIE) and cannot receive payments for services through federal programs. If a provider employs or contracts with a person or entity on the LEIE, they may face a significant CMP (civil monetary penalty) if any services were payable through a federal program like Medicare or Medicaid.

NOTE: There are also over 40 state Medicaid exclusion agencies that can also exclude an individual or entity at the State level. Discover each state’s total number of excluded individual and entities with our interactive exclusion map.

In 2021, there were 17 exclusions based on the trustworthiness of the individuals due to their False Claims Act settlements by the OIG.
oig fraud risk spectrum 2021

Best Practices to Avoid Parties on the OIG Exclusion List

Did you know the OIG does not issue warnings or notify entities about excluded providers?

So what’s the best way to assess the trustworthiness of an employed or contracted individual or entity? It starts by continuously monitoring the OIG Exclusion List to vet current employees, potential new hires, and any contracted vendors by searching the LEIE database.

Follow these steps to protect your patients and organization from hiring those on the OIG’s LEIE:

  1. Don’t employ or contract with individuals or entities who have been convicted for certain felonies or misdemeanors. Specifically, don’t reimburse salaries, benefits or items claimed or billed by licensed healthcare providers or administrative personnel. Also, don’t purchase goods or services from an entity or vendor that is excluded.
  2. Check for currently excluded or sanctioned individuals and entities on the LEIE.
  3. Check the list regularly to ensure you’re not working with anyone on the list.

In summary, OIG LEIE compliance for a provider is imperative for their patients’ safety and care as many excluded individuals have committed some kind of fraud or harmed patients.

And a call to bad actors: Your actions do have negative consequences, resulting in civil and criminal prosecution and potential fines and penalties. Ultimately, the OIG is there to protect the patients and the integrity of the federal healthcare program dollars. And by avoiding OIG exclusion, you’re also protecting the integrity of your organization.

If you or your entity was placed on the OIG Exclusion list, you can get reinstated in most cases. Learn how to get off the OIG Exclusion List.

How to Automate your Exclusion Screening Process

Manually searching the OIG’s LEIE can be time consuming, expensive, and prone to human error. But not all exclusion monitoring solutions are created equal. At ProviderTrust, our comprehensive platform is built with proprietary data intelligence that provides exact-match results. We take away the guesswork so you can focus on what’s really important–providing best-in-class care to the patients you serve.

Is your organization effectively monitoring the OIG exclusion list to protect against potential bad actors and/or fraudulent behavior?

Stay Up-to-Date

Subscribe and get the latest news and advice from industry experts delivered straight to your inbox.

Related Resources

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.