Blog

HHS-OIG, GSA-SAM.gov, and State Medicaid Exclusion Lists: What’s the Difference?

photo of woman browsing computer

Do exclusions differ across databases? Does it matter where an exclusion originated, or which agency issued it?

With two federal exclusion databases and 44 state Medicaid/Medicare lists all maintaining excluded or debarred individuals and entities, monitoring every provider, payer, and vendor in your organization for exclusions can be complicated and time-consuming. But how do the datasets actually differ, how do you search them, and what is the most effective way to monitor all of the exclusion lists out there?

What is an exclusion and how does it affect your organization?

Exclusions are administrative actions that are placed upon an individual or entity by HHS OIG, a state agency or Medicaid Fraud Control Unit (MFCU), or by one of the many agencies associated with SAM.gov. Exclusions are levied across employees, vendors, suppliers, referring physicians and/or providers for violating enumerated state and/or federal rules, regulations, or laws. As a result of an exclusion or debarment, such individuals or entities may not participate in any federal healthcare reimbursement programs, regardless of the enforcing authority. All exclusion prohibitions remain the same.

Both permissive and mandatory exclusions are monitored by state and federal agencies. However, the two types of exclusions differ in duration based on the severity of the excluded party’s action. To learn more about the differences between permissive and mandatory exclusions, check out post on OIG exclusion monitoring.

A breakdown of agencies issuing exclusions: Where should you be looking?

When it comes to comprehensive exclusion monitoring, there are two major federal sources that need to be screened for exclusions on an ongoing basis:

  1. Health and Human Services – Office of Inspector General (HHS-OIG) Exclusion Program which maintains the List of Excluded Individuals and Entities (LEIE)
  2. General Services Administration System for Award Management (GSA-SAM.gov), formerly known as the EPLS

 

Additionally, there are varying, disparate State Medicaid exclusions sources that require periodic screening. The Centers for Medicare & Medicaid Services (CMS) requires healthcare organizations to screen against all these sources at least monthly.

But with so much irregularity of primary source data and formatting among federal and state databases, manually screening for excluded individuals and entities is nearly impossible, not to mention time consuming. Delayed and/or incomplete monitoring can lead to penalties and unnecessary financial burden for an organization who unknowingly engages or reimburses excluded individuals and entities, including:

  • $20,000 per each item claimed or service provided
  • Treble damages (3 times the amounts claimed to CMS for reimbursement)
  • Possible program exclusion of the company
  • Possible loss of the right to bill CMS for services rendered
  • Possible additional fines for filing false claims under the False Claims Act (Penalties up to $11,000 per claim, and possible placement in a Corporate Integrity Agreement with the OIG)
  • Possible criminal fines and/or jail time

So how do you ensure your organization isn’t at risk? It starts by understanding the most vital exclusion sources. Let’s take a look.

HHS OIG: List of Excluded Individuals and Entities (LEIE)

According to the OIG HHS website:
The Health and Human Services (HHS) Office of the Inspector General (OIG) Exclusion Program serves to protect federal healthcare programs by limiting the impact of fraudulent and bad actors. Since federal tax dollars are used to reimburse healthcare providers for services, the Department of Health and Human Services (HHS), the Center for Medicare and Medicaid Services (CMS), as well as the Department of Justice (DOJ), have oversight on how those dollars are spent.

OIG has the authority to exclude individuals and entities from federally funded healthcare programs pursuant to section 1128 of the Social Security Act (and from Medicare and state health care programs under section 1156 of the Act) and maintains a list of all currently excluded individuals and entities called the List of Excluded Individuals/Entities (LEIE). Anyone who hires an individual or entity on the LEIE may be subject to civil monetary penalties (CMP). ​​To avoid CMP liability, health care entities should routinely check the list to ensure that new hires and current employees are not on it. Read our post to learn how often you should check the OIG exclusion list.

GSA SAM.gov

The SAM.gov database is formerly known as the Government Services Administration’s (GSA) list of Excluded Parties List System (EPLS). In 2012, GSA announced it was migrating data from the EPLS to a new and more comprehensive system called the System for Award Management (SAM). Formed under a mandate of the Affordable Care Act, SAM.gov created one broader dataset of individuals and entities that are debarred, sanctioned, or excluded from doing business under a federal contract. The most significant database for healthcare providers, SAM.gov includes several federal contracting databases such as USDA-FNS, TREAS-OFAC, OPM, and more.

If an individual or entity is listed on SAM.gov, a healthcare company should not contractually engage with such person or entity to avoid conducting business with a sanctioned, debarred, or excluded party. HHS OIG and CMS have both made it clear that federal program payment for (1) items or services furnished by excluded individuals or entities, and (2) salaries, expenses, or fringe benefits of excluded individuals (regardless of whether they provide direct patient care) are prohibited. SAM.gov datasets should be included in all exclusion screening processes for employed and contracted populations.

Read our post to learn more about SAM.gov.

State Medicaid Exclusion Lists

Each state has a department or agency dedicated to upholding the integrity of Medicaid programs and public health. Though each state enforcement authority can vary by name and function (Department of Medicaid, State OIG, Department of Health Care Services), each one outlines the rules of ineligibility for licensed providers who have been disciplined or lost certain license privileges. Many states maintain and publish their own exclusion list, all of which should be included in your monthly screening process.

But state Medicaid exclusion sources are varied and present significant challenges to manual screening processes. They publish exclusion records in different formats and with varying amounts of data, making it difficult and resource-intensive to identify a match within your population. Currently, there are 42 states (44 total lists) that currently have exclusion lists publicly available. Less than five allow you to confirm a possible name match with a social security number like the OIG does. This means that most states contain nothing more than a name, possible address at the time the person or entity was excluded, and maybe a city.

Use our interactive State Exclusions List Map to find exclusion information on a particular state.

3 reasons why you should implement ongoing exclusion list monitoring

To put it simply, it’s the right thing to do to protect your organization and the patients receiving care. But to look a little deeper, here are the challenges:

  1. The GSA administers SAM.gov, which contains debarment actions taken by various federal agencies, including but not limited to exclusion actions taken by OIG.
  2. The OIG LEIE contains only the exclusion actions taken by OIG.
  3. Fifty percent of all state Medicaid exclusions never show up on the OIG LEIE. But if an individual/entity is excluded in one state, they’re excluded in all states.

Moral of the story? Best practice is to continuously search both federal and all state Medicaid exclusion lists, as all sources contain different, but applicable, exclusion information.

Guarantee Compliance with Automated Exclusion Monitoring

Every organization that manually searches primary sources can be vulnerable to missing exclusions through human error and incomplete datasets. At ProviderTrust, we know the sparse, disparate data points at the primary source are inefficient and incomplete. Our powerful data enrichment starts by combining all primary source data to deliver industry-leading compliance intelligence directly to your teams, minimizing risk and increasing operational efficiencies.

Stay Up-to-Date

Subscribe and get the latest news and advice from industry experts delivered straight to your inbox.

Related Resources

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.