A Provider’s Guide to OIG Exclusions

Guide to the OIG

A Provider’s Guide to OIG Exclusions

Federal Exclusion Regulations and Enforcement Authorities, and How Providers Can Avoid Risk with Proper Exclusion Screening–Part 1

Paul S. Weidenfeld, JD

This article was originally written by Paul Weidenfeld and published by GreenBranch Publishing.  This article is Part I from a 2-Part article originally published by GreenBranch Publishing on their website.

OIG ExclusionOffice of Inspector General (OIG) exclusions[1] are one of the most powerful weapons available to the law enforcement in its efforts to fight healthcare fraud. Individuals and entities subject to an OIG exclusion are barred from participation in all Federal healthcare benefit programs, resulting in a payment prohibition on all items and services they provide, whether directly or indirectly. Additionally, providers that employ or contract with excluded individuals or entities risk the imposition of civil money penalties, overpayment liability, and even potential exposure under the False Claims Act. However, even though OIG exclusions are one of law enforcement’s oldest tools, many providers often fail to appreciate their compliance obligations and the risks associated with employing or contracting with excluded individuals or entities. Indeed, many providers take only minimal efforts to screen their employees and contractors to ensure compliance—and some make no effort at all. This article seeks to educate providers on the existing legal and regulatory framework, the risks and potential consequences of a failure to comply with those laws and regulations, and how best to comply and avoid those risks.[2]

Contact Form



Provider's Guide to OIG ExclusionsPaul Weidenfeld is a former federal healthcare fraud prosecutor and Department of Justice National Health Care Fraud Coordinator. His principle area of practice is healthcare fraud and abuse and the Federal False Claims Act, and he has represented providers and individuals in healthcare matters since leaving government in 2006. He is currently “Of Counsel” to the firm of Liles Parker. Mr. Weidenfeld also has an extensive litigation background that includes numerous trials and appeals and appearances before the United States Supreme Court, the Federal 5tht Circuit Court of Appeals, and the Louisiana Supreme Court. He has received recognition both as a prosecutor and as defense counsel and has been recipient of numerous awards. These include Nightingale’s Outstanding Healthcare Litigators, the Attorney General Award for Fraud Prevention, the Office of Inspector General Cooperative Achievement Award, and the National “Case of the Year” honors by the NHCAA. In 2014, Mr. Weidenfeld cofounded Exclusion Screening, LLC. Exclusion Screening helps providers navigate the difficulties and issues related to the screening for excluded individual and entities, and along the way he has become one of the foremost experts in the field of IG exclusions and Exclusion-related issues.

“OIG” in this paper refers to “Office of Inspector General, Department of Health and Human Services” unless otherwise stated.  The term “OIG Exclusion” is used as shorthand for an administrative action taken by the OIG barring an individual or entity from participating in Federal health care programs pursuant to §1128(a)(1)-(4), (b)(1)-(b)(16) or §1156 of the Social Security Act (SSA).
[2] This article focuses on exclusions from a regulatory and enforcement perspective, but exclusions also play a critical role in compliance and risk management programs. See, e.g., HCCA, Measuring Compliance Program Effectiveness: A Resource Guide (Jan. 2017), available at ttps://oig.hhs.gov/compliance/compliance-resource-portal/files/HCCA-OIG-Resource-Guide.pdf. (guidance reconfigures the traditional “Seven Elements of an Effective Compliance Program” and makes the “Screening and Evaluation of Employees, Physicians, Vendors and other Agents” an element unto itself – or the new “Seventh Element of Compliance”).
[3] The Medicare-Medicaid Anti-Fraud and Abuse Amendments of 1977, Public Law 95142.  In 1979, the Department of Health Education and Welfare was renamed the Department of Health and Human Services (HHS).
[4]See e.g. Crackdown on Health Care Fraud, https://www.nytimes.com/1995/12/22/us/in-crackdown-on-health-care-fraud-us-focuses-on-training-hospitals-and-clinics.html.
[5] In addition to establishing the principle of insurance portability, HIPAA contained several provisions related to health care fraud enforcement, including containing legislation that significantly increased the ability of law enforcement agencies to obtain and share information and establishing the Health Care Fraud and Abuse Fund (HCFAC) as a permanent funding source specifically designated for health care fraud enforcement.
[6] The effect of an OIG Exclusion is addressed in the Special Advisory Bulletin on the Effects of Exclusion from Federal Health Care Programs,” issued September 2, 1999, and in the “Updated Special Advisory Bulletin on the Effect of Exclusions from Participation in Federal Health Care Programs,” issued May 8, 2013.  Hereinafter, the initial advisory will be referred to as the “1999 Special Advisory” and the update will be referred to as the “Updated Special Advisory” or the “2013 Special Advisory.”  The 1999 Special Advisory can be found at: https://oig.hhs.gov/fraud/docs/alertsandbulletins/effected.htm; the 2013 Updated Special Advisory can be found at https://oig.hhs.gov/exclusions/files/sab-05092013.pdf. 
[7] Inspector General June Gibbs Brown, in the press release for the 1999 Special Advisory.   
[8] See 42 C.F.R. § 1001.10. Definitional changes were made to direct and indirect claims pursuant to rulemaking authority granted to the OIG in the MMA and the ACA; See also, OIG Advisory Opinion No. 18-01 at 5 (Feb. 20, 2018) available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-01.pdf.
[9] The Data in the figures in this section come from the exclusion data reportered in the List of Excluded Individuals/Entities (LEIE) by calendar year.
[10] The data in the charts in this section comes from exclusion data reported in the List of Excluded Individuals/Entities (LEIE).
[11] These calculatiosn are based on the composition of the LEIE through December 31, 2017.
[12] See, §§ 1128(c)(3)(G)(i) and (G)ii of the SSA. See also 82 Fed. Reg. 4100.
[13] See https://oig.hhs.gov
[14] See Criteria for implementing section 1128(b)(7) exclusion authority (April 18, 2016) available at https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf. The OIG breaks these down into “high risk factors,” “low risk factors,” and factors that have “no effect.” High risk factors include the impact on beneficiaries cooperation, and whether an adverse licensing action occurred. “Lower risk” factors include acceptance of responsibility and self-disclosure. Factors that are “expected,” and thsu have “no effect”, are coopearation in the investigation and having a compliance plan with the seven elements of compliance.
[15] See Guidance for the Implentation of its Permissive Exclusion Authority Under Sectino 1128(b)(15) at 1, available at https://oig.hhs.gov/fraud/exclusions/files/permissive_excl_under_1128b15_10192010.pdf. The guidance was issued because 1128(b)(15) provides for exclusion based on whether the individual in question is either an owner or an officer or a managing employee and the analysis is different for each.
[16] Criteria for implementing section 1128(b)(7) exlcusion authority (April 18, 2016) avialable at https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf.See also 81 Fed. Reg. 88, 334 (Dec. 7, 2016): “In 1981, Congress enacted the CMPL, section 1128A of the Act (42 U.S.C. §1320a-7a), as one of several administrative remedies to combat fraud and abuse in Medicare and medicaid”
[17]Id. 81 Fed. Reg. at 88.
[18] This is a listing of the CMP authorities related to exclusion violations. A complete listing of the OIGs CMP authorities can be found on the OIG’s website, or at 42 C.F.R. § 1003.210. 
[19] The OIG may also impose a penalty or, when applicable, an assessment, against a Medicare Advantage or Part D contracting organization with a contract under section 1857 or 1860D-12 of the SSA if any of its employees, agents, or contracting providers violate § 1003.400(a) – (d). 
[20] The penalty amounts for CMPs and assessments are updated annually and are published at 45 C.F.R. § 102.
[21] A discussion of the change is found in 81 Fed. Reg. 88, 334 (Dec. 7, 2016). 
[22] See 42 CFR § 1004.140(c); see also Criteria for implementing section 1128(b)(7) exclusion authority (April 18, 2016), available at https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf..
[23]See § 3729(a)(1) of the Fraud Enforcement Recovery Act of 2009 and § 6401of the Affordable Care Act (2010).

Who Is to Blame for Gaps in OIG and State Exclusion Lists? What Is the Impact on Providers?


The failure to report excludable offenses by state Medicaid offices and licensing boards is a longstanding issue for the OIG. Recent OIG audits and reports have confirmed these state failures to report. For example, an OIG study released in August found that over 12% of terminated providers were able to continue participating in other state Medicaid programs because states were not sharing terminated provider information. In addition, two recent Medicaid Fraud Control Unit (MFCU) audits discovered that they routinely failed to timely report conviction information to the OIG and sometimes did not report them at all.[1] Reporting failures lead to gaps in the OIG Exclusion List (LEIE) because the OIG cannot exclude an individual if the OIG is never informed of the state’s conviction, termination, or suspension of providers. Such failures to report are important because the information that would have been reported can lead to exclusion violations, which are listed on the LEIE. But, state compliance failures are not the only cause of gaps in OIG and State exclusion lists – as we discuss, no matter who is at fault, the provider may pay for anyone’s mistake.

The OIG Exclusion List Has Limited Search Capabilities

One important reason providers should not rely on screening only the LEIE is that its search function is extremely narrow.  If an excluded individual uses a different name, such as a middle or maiden name, an LEIE search using the person’s first and last names my not produce any results.[2]  For example, J. A.[3] was excluded from participation on Georgia’s state exclusion list in August 2015. However, a search for “J.A.” on the LEIE currently produces zero results. 

J.A. LEIE_Redacted

Conversely, when we searched J.A. on SAFERTM, our proprietary exclusion database, we not only found a match on the Georgia list (“J.A.”), but we also found a match on the LEIE and SAM databases for “R.J.A.”. Interestingly, “J.A.” has the same middle and last name as “R.J.A.,” they are both Georgia residents, and they were both excluded from participation in April 2015. Like many states, the identifying information on Georgia’s list is sparse. Nevertheless, it is extremely likely that R.J.A. and J.A. are the same person, which a provider would have missed if he only searched the LEIE for J.A.


Reported Cases May Not Be Picked Up by OIG

Florida’s Agency for Health Care Administration publishes monthly press releases which identify persons terminated from participation in Florida Medicaid.  It expressly states that the exclusion information was “reported to the federal government for placement on the federal exclusion list,” and named providers appear on Florida’s Excluded Provider List.  When we conducted a SAFERTM search for G.B., who was listed on the April 2015 memo as “terminated from participation,” the only two “hits” were from Florida’s state exclusion list.  

G.B. SAFER_Redacted

However, an LEIE search for G.B. produced zero results.  

G.B. LEIE_Redacted

One possible explanation for why G.B. fails to show up on the LEIE could be the administrative process of OIG actually reviewing the reason for the termination and then formally excluding G.B. Nevertheless, a provider who only screens the LEIE and employs or is considering employing G.B. would miss this exclusion.  

OIG Just Misses Some Cases

K.B., a Registered Nurse (RN) with multistate licensure privileges, was placed on probation for substance abuse in February 2005. After testing positive for morphine, Iowa revoked her license and several other states revoked her multistate privileges. While the revocations were reported, the licensure revocation only resulted in K.B.’s exclusion from participation by California and the GSA-SAM in 2010. K.B. is not listed on the LEIE. This means that K.B. is unable to participate in any other state Medicaid program because under the ACA 6501, if you are terminated for cause from participation in one state, then you are terminated in all states, and K.B. is barred from contracting with the federal government. However, if a provider only screened the LEIE he would be completely unaware and could potentially face very hefty fines.

What This Means

Clearly some information is getting lost or mixed up in the reporting pipeline between state Medicaid offices, MFCUs, and the OIG, and the lesson for providers is that merely screening the LEIE is not enough. The examples above demonstrate that human error, narrow search functions, and simply missed information all play a role in the gaps that exist between publication on state exclusion lists and the LEIE.

State Medicaid offices are responsible for compiling and reporting information about excluded providers. However, as demonstrated by the “J.A.” case, the probable human error of transposing names combined with the LEIE’s limited search capabilities could result in a provider employing an excluded person, even though he was properly screened against the LEIE. To avoid this, providers should screen against the LEIE, the GSA-SAM, and all available state lists monthly. Practices should also ensure they use wide search parameters (alternate spellings, full names, maiden names, etc.) when conducting searches or they should select a vendor, like Exclusion Screening, LLC, with a system designed to anticipate these issues.

Notwithstanding name discrepancies, some information just does not make it to the LEIE. As the “G.B.” example reveals, a practice may face considerable monetary fines because it failed to screen the Florida exclusion list and relied solely on the LEIE for exclusion information, and the OIG failed to add G.B.’s name to the LEIE. Similarly, a provider who considered employing “K.B.” would be totally unaware that she was excluded from participation unless the provider screened the GSA-SAM and/or the California exclusion list. Remember that ACA section 6501 states that when an individual or contractor is excluded in one state, he or she is excluded in all states. When a provider misses such state exclusion information, he or she could be liable for CMPs of $10,000 for each claim provided directly or indirectly by the excluded individual, an assessment of up to three times the total amount paid by the government, and potential false claims liability.  Relying on the LEIE’s exclusion information without checking all other available state exclusion lists is a substantial monetary risk for a practice to take. 

Are you taking the necessary precautions to ensure you are not working with an excluded entity? We know it can be difficult to screen every Federal and State exclusion list. Call Exclusion Screening at 1-800-294-0952 or fill out the form below to hear about our cost-effective solution and for a free quote and assessment of your needs.

[1] MFCUs are supposed to send a referral letter to the OIG within 30 days of sentencing for the purpose of alerting the OIG about providers excluded from state programs, but the OIG found that in some cases this exclusion information was not referred to the OIG for over 100 days.

[2] We have even found that hyphenated names frustrate LEIE searches even where the actual names are used!

[3] Full names have been redacted for privacy.