Blog /

Understanding Healthcare Sanction and Exclusion Monitoring



The COVID-19 pandemic has spurred significant changes in delivery models in the healthcare industry as organizations needed to quickly transition more towards virtual care. With increased telemedicine capabilities, physicians have been able to meet patients where they are to continue providing routine and even emergency care as needed. A recent study by McKinsey & Co. has even estimated that $250 billion of outpatient visits could be virtualized.

Image source: “Telehealth: A quarter-trillion-dollar post-COVID-19 reality?”,  McKinsey & Co

While this shift has reduced gaps in care and created easier access for many, compliance risk and the potential for fraud have grown. Surging demand for telemedicine offerings and the need to quickly onboard and scale provider networks has shone a spotlight on the need for reliable, seamless healthcare provider license verification, credentialing and monitoring.

Compliance in the healthcare space is an ever-evolving process of abiding by legal, ethical and professional standards associated with provider organizations. An effective compliance strategy is imperative for protecting health programs, organizations and patients. Ineffective compliance introduces risks for patient safety, the healthcare system’s financial integrity and the bottom line of businesses.

Millions of dollars in lost revenue and fines each year are directly attributed to an organizational failure to adhere to licensing and credentialing verification processes. How can organizations stop individuals in exclusion databases or federal health care programs from joining their teams? First, it is crucial to learn more about exclusions lists and exclusion monitoring and what your organization can do to strengthen healthcare compliance operations.

Healthcare Sanctions & Exclusions

Healthcare sanction refers to an administrative action, usually a restriction, against either an individual provider or a license by a state professional licensure board. The consequences of a sanction can vary, but the most severe result of a sanction is an exclusion. An exclusion means that the named individual or entity is prohibited from administering federally-backed healthcare services and is included in exclusion databases.

These providers are excluded from federal healthcare programs due to occurrences of healthcare fraud, misdemeanors, financial misconduct, accepting kickbacks, and patient abuse. It’s important to to make sure that these providers do not get included to federal or state healthcare programs for the protection of funds, but more importantly, patient safety.

There are two primary forms of exclusions:

  • Mandatory exclusion. Five years minimum in duration, although it has been enforced for up to 50 years. If warranted, a mandatory exclusion can be indefinite. Individuals and entities are obligated to apply for reinstatement at the federal and state level at the end of the compulsory exclusion period if they wish to begin offering services. Removal from exclusion lists is not automatic.
  • Permissive exclusion. Usually between one and three years, though the exclusion can be up to five years. Following the end of the exclusion period, the individual or entity is obligated to apply for reinstatement at the federal and state level. Removal from exclusion lists is not automatic.

OIG and SAM Exclusions Lists: Key Components and Differences

A key operational component for any healthcare organization’s compliance efforts is the ability to cross-check and monitor exclusions lists regularly - though in reality, this can often fall by the wayside, especially for newer digital health companies still learning the ropes.

There are two federal exclusion databases that contain persons and entities that have been barred from participating in federal health care programs and receiving federal contracts for health-related services: The Office of Inspector General (OIG) List of Excluded Individuals and Entities (LEIE) and the General Services Administration’s (GSA) System for Award Management (SAM).

The purpose of both OIG and SAM is to prevent organizations from doing business with any party that has been debarred, sanctioned, or otherwise excluded by a federal agency.


The Office of Inspector General (OIG), which maintains the exclusion list for the U.S. Department and Health and Human Services, keeps track of all individuals and entities currently excluded by the agency. Key information listed in the OIG’s exclusion list, updated on a monthly basis, includes:

  • Name of excluded individual or entity
  • Provider type
  • The authority under which the individual was excluded
  • The state residency held at the time of the exclusion

The importance of searching the LEIE cannot be understated. Health providers hiring any excluded individual or entity are at risk for civil monetary penalties (CMP) for any claims submitted to a Federal program for items or services provided, directly or indirectly, by those individuals or entities. Monitoring the OIG exclusion list regularly can help providers avoid CMPs stemming from services provided by both current and prospective employees and contractors.


The GSA maintains the SAM to keep track of individuals and entities excluded from Federal procurement in an effort to prevent fraudulent handling of the healthcare system and other government agencies. The following databases are captured in the SAM:

  • Central Contractor Registry (CCR)
  • Online Representations and Certifications Application (ORCA)
  • Federal Agency Registration (Fedreg)
  • Excluded Parties List System (EPLS)

If a search yields a potential hit, providers should go directly to the GSA for ultimate verification. For entities, providers need to know the Dun & Bradstreet number, while verifying an individual requires an extra four steps.

Important Operational Differences

The lists largely overlap in terms of information, but because OIG’s LEIE and GSA’s SAM exclusion lists are owned and maintained by different agencies, there are naturally distinct administrative processes. For example, the LEIE contains license information and NPI records, while the SAM does not. This can make searching for individuals in the SAM database more complicated. Additionally, the GSA does not have the authority to issue a financial penalty on an organization because it is a procurement repository - not an agency with jurisdiction.

The scope of exclusions included on OIG’s LEIEis subject to Sections 1128 and 1156 of the Social Security Act. Section 1128 covers Medicare, Medicaid, and all other Federal health care programs providing benefits funded directly or indirectly by the United States. Section 1156 extends this scope to include the state-level counterparts of Medicare and the health programs included under Section 1128. The SAM list includes debarment actions taken by a wider group of federal agencies.

Ultimately, compliance programs must cross-reference each list to ensure they are capturing complete information.

Automating Sanctions & Exclusions Checks and Ongoing Exclusion Monitoring

With such a great deal of information to synthesize, and ongoing actions and sources to monitor - it is unsurprising that many organizations relying on fragmented, manual processes struggle to maintain compliance - especially as they scale. Manual processes are tedious at worst and error-prone at best.

While some screening vendors do provide automated checks for Sanctions & Exclusions, they still often require operations teams to exit their core systems of work to verify information one-off on the vendor’s platform. This is where Verifiable delivers major impact for customers - by automating and directly integrating OIG and SAM checks into the existing systems and workflows that operations, compliance and credentialing teams are already using -- saving time, reducing costs and improving compliance.

Check out how Verifiable is helping fast-growing healthcare organizations streamline provider credentialing & enrollment and supercharge provider network management.

Learn how Verifiable can automate your OIG and SAM checks. Get a demo

More articles