What the Regulation Says, in Plain English
The federal requirement for LEIE screening comes from a straightforward chain of authority. Section 1128 of the Social Security Act gives the Secretary of Health and Human Services the power to exclude individuals and entities from participation in federal healthcare programs. The Office of Inspector General (OIG), operating under that authority, maintains the List of Excluded Individuals/Entities, known as the LEIE.
The implementing regulation is 42 CFR 1001.1901(b), which requires the OIG to publish and maintain the LEIE. The list identifies every person and entity that has been excluded from Medicare, Medicaid, and all other federal healthcare programs.
"The OIG must publish a list of all currently excluded individuals and entities... Healthcare providers have an affirmative duty to check the LEIE to ensure that they do not employ or contract with excluded individuals."
42 CFR 1001.1901(b); OIG Special Advisory Bulletin, May 2013Here is the critical point: organizations that bill federal healthcare programs are prohibited from employing or contracting with excluded individuals. If you do, and that person provides services that are billed to Medicare or Medicaid, the government considers those claims tainted. The organization is on the hook for refunding every dollar associated with that individual's work, plus penalties.
In 2009, CMS reinforced this obligation with State Medicaid Director Letter #SMD 09-001, which directed state Medicaid agencies to require providers to screen their employees and contractors against the LEIE on a monthly basis. This letter did not create a new requirement so much as make an existing obligation explicit and tie it to a specific frequency.
The bottom line: if your organization participates in any federal healthcare program, you are expected to know who is on the LEIE and to make sure none of those people are on your payroll or working under contract for you.
Who It Applies To
The short answer is: any organization that bills Medicare, Medicaid, CHIP, or TRICARE. That covers a wide range of healthcare entities, including:
- Hospitals and health systems — including academic medical centers and critical access hospitals
- Physician practices — solo practitioners and multi-specialty groups alike
- Clinics and ambulatory care centers — urgent care, community health centers, FQHCs
- Managed care organizations — health plans that contract with state Medicaid programs
- Pharmacies — retail, specialty, and long-term care pharmacies
- Home health agencies — including hospice providers
- Staffing agencies — any agency that provides healthcare workers to facilities billing federal programs
- Credentialing verification organizations (CVOs) — entities that credential providers on behalf of health plans or hospitals
If your organization does not bill any federal healthcare program directly or indirectly, the LEIE screening requirement does not apply to you under federal law. However, many private payers and accreditation bodies (such as The Joint Commission) have adopted similar screening requirements. Even if you are entirely private-pay, checking the LEIE is a sound risk management practice.
One frequently overlooked point: the obligation extends to managed care organizations that contract with state Medicaid programs. If you are a Medicaid managed care plan, your downstream providers must also be screened. Several states have issued guidance making this explicit in their managed care contracts.
How Often Must You Check
The OIG recommends monthly screening. This is not a suggestion buried in a footnote. The OIG has stated it clearly in multiple Special Advisory Bulletins, and CMS reinforced it in SMD 09-001.
The practical reason for monthly screening is that the OIG updates the LEIE monthly. New exclusions are typically published between the 10th and 15th of each month. Between updates, the list does not change. So checking daily gains you nothing over checking once after each monthly update.
Here is a practical screening cadence that aligns with the regulation:
- Pre-hire/pre-contract screening — Check every new employee, contractor, or vendor against the LEIE before they start work.
- Monthly roster screening — After the OIG publishes its monthly LEIE update (typically between the 10th and 15th), run your entire active roster against the updated database.
- Best practice: complete screening within 48 hours of each OIG update. This minimizes the window during which a newly excluded individual could be providing services.
Many state Medicaid agencies explicitly require monthly checks. Some states go further. New York, for example, requires screening against both the federal LEIE and the state's own Medicaid exclusion list. If your organization operates in multiple states, you should follow the most restrictive state requirement, which in practice means monthly at minimum.
Annual screening is not sufficient. The OIG has made this clear. If you are screening annually and an employee is excluded in February, you will not discover it until the following year. Every claim submitted for that individual's services during those months is a potential liability.
Who Must Be Checked
This is where many organizations get it wrong. The screening obligation is not limited to physicians and nurses. It extends to everyone in the organization who could affect the delivery of or payment for federal healthcare program services.
The OIG has been explicit: all employees should be screened, not just clinical staff. The categories include:
- All employees — clinical and non-clinical. This includes front desk staff, billing clerks, IT personnel, and maintenance workers. If the organization bills federal programs, anyone on the payroll should be checked.
- Contractors and temporary workers — locum tenens physicians, traveling nurses, contracted therapists, temporary billing staff, IT consultants who access patient data.
- Board members and officers — individuals in governance or leadership positions who have the ability to influence the organization's operations.
- Vendors — particularly those that provide services directly related to patient care or claims submission. Not every office supply vendor needs to be screened, but medical device suppliers, laboratory services, and billing companies should be.
- Anyone who orders, provides, or could bill for services — this includes referring physicians who are not employees but whose orders generate claims.
The OIG's Special Advisory Bulletin from 2013 addressed this directly, noting that some organizations had narrowly interpreted the screening requirement to apply only to clinical staff. The OIG stated that this interpretation was incorrect and that the obligation extends to all individuals who could affect claims.
What Counts as a Proper Check
A proper exclusion check requires more than a casual name search. The OIG provides the LEIE database for download and also offers an online search tool. Either method is acceptable, but the matching methodology matters.
Minimum Matching Requirements
- Name and date of birth — This is the baseline. Search by last name, first name, and date of birth. NPI alone is not sufficient because not all excluded individuals have NPIs, and the LEIE does not always include NPI data.
- Handle name variations — Maiden names, hyphenated names, common misspellings, and nicknames can all cause false negatives. A robust screening process accounts for these.
- Check both federal and state lists — The federal LEIE is the minimum. Many states maintain their own Medicaid exclusion lists with individuals who may not appear on the federal LEIE. Checking only the federal list may leave you exposed at the state level.
Documentation Requirements
Every screening event should be documented with enough detail to demonstrate compliance during an audit. At minimum, record:
- The date of each screening
- Who was screened — the complete list of individuals checked
- The data sources checked (federal LEIE, state lists, SAM.gov)
- The results — including negative results (no matches found)
- For any matches: the disposition and follow-up actions taken
Retain this documentation for at least 10 years. Federal and state audit timelines can extend well beyond the standard statute of limitations, and you need to be able to produce evidence of your screening program on request.
What Happens When You Find a Match
Finding a potential match on the LEIE is not a reason to panic. False positives happen, especially with common names. But it is a reason to act quickly and methodically.
Step-by-Step Response
- Verify the match. Confirm that the excluded individual on the LEIE is actually the same person as your employee or contractor. Compare full name, date of birth, Social Security number (if available), and any other identifying information. The OIG's online search tool provides exclusion details that can help with verification.
- Involve the right people. Notify your compliance officer, HR department, and legal counsel. This is not a decision that should be made by one person in isolation.
- Assess the scope of exposure. Determine what services the individual has provided and which claims may have been affected. Review billing records to quantify the potential overpayment.
- Remove the individual from federal healthcare program work immediately. An excluded individual cannot provide services, order items, or perform any function that is billed to or paid by a federal healthcare program. This may mean termination, or it may mean reassigning the individual to non-federal work if such work exists and is clearly segregated.
- Self-disclose and refund. The OIG encourages voluntary self-disclosure through its Self-Disclosure Protocol. If you discover that you have billed federal programs for services provided by an excluded individual, you should report the overpayment and arrange for refund. Under the 60-day rule (Section 6402 of the Affordable Care Act), you have 60 days from the date you identify the overpayment to report and return it.
- Document everything. Record when the match was discovered, how it was verified, what actions were taken, and the timeline of the response. This documentation is your evidence of good faith compliance.
Penalties for Failure to Screen
The penalties for employing or contracting with an excluded individual are severe. They are designed to be severe. The government's position is that providers have an affirmative duty to check, and ignorance is not a defense.
- Civil monetary penalties (CMPs) — Up to $100,000 for each arrangement or contract with an excluded individual, plus up to $10,000 for each item or service furnished by the excluded individual. These are per-instance penalties, so the total exposure can escalate rapidly.
- Treble damages — The government can assess damages of up to three times the amount billed for services provided by the excluded individual.
- Exclusion of the organization — In egregious cases, the OIG can exclude the organization itself from federal healthcare programs. This is effectively a business death sentence for most healthcare providers.
- False Claims Act liability — If claims were submitted for services provided by excluded individuals, those claims are considered false. The False Claims Act carries penalties of $13,946 to $27,894 per false claim (adjusted annually for inflation), plus treble damages. Qui tam (whistleblower) actions under the False Claims Act add another layer of risk.
- State-level penalties — Many states impose their own penalties for employing excluded individuals, which can stack on top of federal penalties. These vary by state and can include additional fines, mandatory refunds, and potential state-level exclusion.
The financial exposure from a single unscreened excluded individual can reach into the millions of dollars when you combine CMPs, treble damages, False Claims Act liability, and the cost of legal defense. By comparison, the cost of monthly screening is negligible.
State Medicaid Exclusion Lists
The federal LEIE is the most well-known exclusion database, but it is not the only one. Many states maintain their own Medicaid exclusion lists, and checking only the federal list may leave gaps in your compliance program.
- State-maintained lists — States can exclude individuals from their Medicaid programs independently of the federal OIG. An individual can be excluded at the state level without appearing on the federal LEIE, and vice versa.
- GSA SAM.gov — The System for Award Management, maintained by the General Services Administration, is another federal database that lists entities excluded from receiving federal contracts and certain subcontracts. While it overlaps somewhat with the LEIE, it is a separate database with its own entries. Checking SAM.gov is considered best practice and is required by some states.
- State-specific requirements — Several states, including New York, Texas, Illinois, and California, require providers to check state-specific exclusion lists in addition to the federal LEIE. If you operate in multiple states, review each state's Medicaid provider manual for specific screening requirements.
A comprehensive screening program checks the federal LEIE, the GSA SAM.gov database, and any applicable state exclusion lists. If you are only checking the federal LEIE, you are meeting the minimum federal requirement but may be falling short of state-level obligations.
How to Document for Audit
When auditors review your exclusion screening program, they are looking for evidence that you have a systematic, documented process. They want to see that screening happens regularly, that it covers the right population, and that you have a process for responding to matches.
Your documentation should include:
- Date of each screening event — showing that screenings occur monthly, in alignment with OIG updates.
- Total number of individuals screened — demonstrating that you are screening your entire active roster, not just new hires.
- Data sources checked — confirming that you screened against the LEIE and any applicable state lists.
- Results of each screening — including both "no matches found" results and any potential matches. Negative results are just as important as positive ones for demonstrating a functioning program.
- Disposition of any matches — if a potential match was found, document how it was investigated, whether it was confirmed as a true match or a false positive, and what actions were taken.
- Downloadable audit trail — maintain records in a format that can be produced on request, such as CSV or PDF reports with timestamps.
Retention period: Retain all screening documentation for at least 10 years. Some states require longer retention periods. The federal False Claims Act has a six-year statute of limitations from the date of the violation or three years from the date the government knew or should have known about the violation, whichever is later, up to a maximum of 10 years. Given these timelines, 10 years is the safe minimum.
If an auditor asks for your screening records and you cannot produce them, the absence of documentation will be treated the same as the absence of screening. The burden of proof is on the provider to demonstrate compliance.
Automate Your Monthly LEIE Screening
Signals | Exclusions automates monthly LEIE screening for $149/month. Upload your roster, we check it against every OIG update, and email you the results with an audit-ready CSV. Your first check runs within 24 hours of subscribing.
How to Format Your Roster CSV
When you subscribe, you will upload a CSV file containing your roster. Here is the expected format.
| Column | Required | Format |
|---|---|---|
lastname |
Yes | Text |
firstname |
Yes | Text |
dob |
Yes | YYYY-MM-DD |
npi |
Yes | 10 digits |
ein |
No | XX-XXXXXXX |
custom_id |
No | Your internal ID |
File must be CSV format, UTF-8 encoded, with headers in the first row. Maximum 500 entries on the Watcher plan; unlimited on the Compliance plan.