Understanding the HHS Office of Inspector General (OIG) exclusion list is essential to your path towards 100% compliance and better employee monitoring for healthcare Human Resource professionals. Since federal tax dollars are used to reimburse healthcare providers for services, the Department of Health and Human Services (HHS), as well as the Department of Justice (DOJ), have oversight on how those dollars are spent.
What is an OIG Exclusion and Why Should You Care?
An OIG exclusion is an administrative action taken against an individual or entity (such as a provider or vendor) by the Dept. of Health and Human Services (HHS), Office of Inspector General (OIG). The DHHS OIG is in charge of enforcing exclusions against individuals or entities.
The OIG mandates that healthcare organizations do not hire or do business with “excluded or sanctioned” individuals or entities. If an individual or entity is excluded, he/she/it is prohibited from participating in reimbursements for or from federally funded healthcare programs (CMS.gov – Centers for Medicare & Medicaid Services).
Once an individual or entity is excluded, he/she/it is considered excluded in all states, not just the one excluded in. In other words, under the Affordable Care Act, an individual or entity excluded in one state is not permitted to participate in federal healthcare funds in all other states. A person or entity can be excluded by a federal agency (OIG) or by a state Medicaid agency.
What are the Penalties for Allowing Services to be Performed by and Billed to Medicare and Medicaid by an Excluded Individual or Entity?
Civil fines and monetary penalties can be assessed by the OIG. Fines and penalties include the following:
- $10,000 per each item claimed or services provided
- Treble (3 times the amounts claimed to CMS for reimbursement) damages
- Possible program exclusion of the company
- Possible loss of the right to bill CMS for services rendered
- Possible additional fines for filing false claims under the False Claims Act (Penalties up to $11,000 per claim, and possible placement in a Corporate Integrity Agreement with the OIG).
- Possible criminal fines and/or jail time.
Where did Healthcare Exclusions Come From?
Since the early 1970’s, the Department of Health and Human Services (HHS), Office of the Inspector General (OIG) has the authority and responsibility “to protect the integrity of Department of Health & Human Services (HHS) programs as well as the health and welfare of program beneficiaries”. The OIG is acting in the people’s best interest to regulate and enforce violations of healthcare fraud, waste, and abuse.
The OIG was created in 1976 and oversees more than 300 other HHS programs. The most common and well known are Medicare, Medicaid, TriCare, and CHIPs. Others include the Centers for Disease Control and Prevention, National Institutes of Health, and the Food and Drug Administration. The OIG for HHS is the largest Inspector General’s office in the federal government, with approximately 1,600 employees. The current Inspector General for HHS is Daniel Levinson.
What Does the OIG Govern?
There are 11 departments in the HHS OIG organization: They revolve around auditing, investigating, enforcement, evaluating, and policy making. For the purpose of this blog, we’ll be addressing the enforcement function of the OIG.
There are three departments that focus on the enforcement of health care fraud, waste, and abuse.
- Office of Investigations (OI) which conducts criminal, civil and administrative investigations of fraud and misconduct related to HHS programs, operations, and beneficiaries.
- Office of Audit Services (OAS) which conducts independent audits of HHS programs, grantees, and contractors to examine the performance of HHS programs and responsibilities, as well as provide assessments.
- Office of Evaluation and Inspections (OEI) which conducts national evaluations of HHS programs and issue recommendations focused on preventing fraud, waste, and abuse.
What is an OIG Exclusion List?
A person or entity becomes excluded or sanctioned and placed on an exclusion list maintained by the OIG called the List of Excluded Individuals or Entities (LEIE). According to OIG, there are two types of exclusions – mandatory and permissive.
- Felony conviction for substance abuse or alcohol
- Felony conviction for patient abuse
- Felony conviction for fraud and abuse
- Felony conviction for sexual assault
- License revocation due to any of the above
- Misdemeanor convictions for substance abuse or alcohol
- Misdemeanor convictions for patient abuse
- Misdemeanor convictions fraud and abuse
- Misdemeanor convictions sexual assault
- License revocation due to any of the above
- Default on a federal student loan
Federal reimbursement, whether direct or indirect, for goods provided or services rendered by an excluded individual or entity, is prohibited. This includes reimbursement for salaries, benefits or items claimed/billed by licensed healthcare providers or administrative personnel. Also, a healthcare organization cannot purchase goods or services from an entity or vendor that is excluded.
A mandatory exclusion is for a minimum of 5 years and has been imposed for up to 50 years, in certain cases (it can be indefinite if the facts warrant). Once the exclusion period ends, the individual or entity MUST apply for reinstatement at the federal and state level. It is not automatic.
A permissive exclusion can be up to 5 years (typically 1-3 years). At the conclusion of the exclusion period, the individual or entity MUST apply for reinstatement at the federal and state level. It is not automatic.
OIG Exclusion List Database (LEIE)
Understanding the differences between the exclusion datasets in the healthcare compliance industry can be overwhelming at times. To clarify, there are two main federal exclusion lists and 42 available state Medicaid exclusion lists. All of these exclusion lists need to be individually cross-checked and monitored on a monthly basis in order to remain compliant.
The most familiar safeguard for our industry is the HHS OIG’s List of Excluded Individuals and Entities (LEIE). The LEIE, along with the other federal datasets, exists to inform the healthcare industry of currently excluded individuals, likely due to an offense related to fraud or abuse. A person or entity becomes excluded, or sanctioned, and is placed on the LEIE, maintained by the OIG.
To make it even more complicated, not every list shares the same data with the OIG on a timely basis, let alone with each other. Excluded individuals or entities can be found on federal or state exclusion lists. Don’t forget, state Medicaid Fraud Control Units (MFCU) also have Medicaid exclusion lists as well!
General Services Administration (GSA – EPLS)
In addition to being excluded on the OIG-LEIE, an individual or entity can also be debarred or sanctioned at the GSA -Excluded Parties List System. The GSA or General Services Administration is the federal entity that excludes companies and individuals from receiving federal contracts. The GSA administers all procurement databases through the System for Award Management (SAM.gov).
System for Award Management (SAM)
SAM.gov now houses the old Excluded Parties List System (EPLS) which contains debarment actions taken by various federal agencies, including exclusion actions taken by the OIG. Not all OIG records are contained at SAM.gov, and the OIG recommends searching the OIG-LEIE database as the primary source for OIG-LEIE records.
The System for Award Management‘s purpose is to prevent companies from doing business with an individual or entity that has been debarred, sanctioned, or excluded by a federal agency.
State Medicaid Exclusion List
Individual states maintain a Medicaid exclusion list as well as federal. Employers need to search these in addition to the OIG LEIE and the SAM.gov. Today, there are 42 states that have a state Medicaid exclusion list. Each year, more state Medicaid exclusion lists are added and made publicly available. Efficiency and accuracy from Medicaid Fraud Control Units reporting excluded individuals or entities to the OIG have been a serious issue, and many times can leave HR professionals and compliance programs open to risky situations if they are solely checking federal databases.
How Often are Records Updated at the Primary Source?
Federal Exclusion Datasets
The OIG-LEIE list is updated once a month, typically between the 10th and 15th. Each week, the SAM.gov database is updated from multiple sources. There is no designated time in which exclusion data is uploaded into SAM.gov. ProviderTrust updates its database from SAM.gov at least twice a month.
State Medicaid Exclusion Lists
Each state updates at different intervals. Some update once a month, others once a quarter, and others update periodically. ProviderTrust monitors for state updates each month. To find out more information about state Medicaid exclusion updates, take a look at our latest Compliance Healthcare Index Report.
How Often Should an Employer Monitor for Exclusions?
Monthly Monitoring is Best Practice
HHS OIG Inspector General Daniel Levinson once said: “We [OIG] update our list monthly and we recommend that employers search it monthly.”
The Affordable Care Act expanded the types of actions that can result in an exclusion and the U.S. Congress tasked the Centers for Medicare and Medicaid Services (CMS) to issue guidance to employers. The CMS Guidance, issued in February 2011, “recommended with guidance” that employers search the OIG and GSA monthly. CMS issued letters to each State Medicaid Director in 2009 reminding them to advise employers to check monthly.
Many states have issued state Medicaid bulletins that require monthly monitoring of the OIG LEIE, SAM.gov, and their own state Medicaid lists.
Exclusion Monitoring for Healthcare HR + Compliance
The message is clear these days. Healthcare providers must monitor their staff and vendors for exclusions each month. The OIG is serious about enforcing fines and penalties for violations. If you are only conducting federal OIG LEIE screening, you should enhance your compliance program to include SAM.gov and the available state Medicaid Exclusion lists. Effective compliance programs require a monitoring and auditing function. Ensuring that exclusion monitoring is part and parcel of your monthly monitoring is key. The fines and penalties that the OIG can impose are 100% avoidable. If you have any questions regarding whether your compliance program is executing best practice in this area, our team is always available to discuss and advise!
Start the conversation – Which best practices does your organization implement in your compliance program? Comment below.
Check out our latest resources!
Written by Michael Rosen, ESQ
Michael brings over 20 years of experience founding and leading risk mitigation businesses, receiving numerous accolades such as Inc Magazine’s Inc 500 Award and Nashville Chamber of Commerce Small Business of the Year.