OIG vs SAM.gov vs NPDB: Which Exclusion Databases Should You Check?

There is no single national database that tracks every exclusion, sanction, and adverse action against a healthcare provider. There are four that matter — each administered by a different federal agency, covering different types of adverse events, with different legal requirements for who must check them and how often. Using the wrong one, or only one, leaves meaningful gaps.

Here is a breakdown of each database: what it covers, who runs it, how the data is accessed, and who is legally required to check it.

OIG LEIE — The List of Excluded Individuals and Entities

Administrator: U.S. Department of Health and Human Services, Office of Inspector General

What it tracks: Individuals and entities excluded from participation in Medicare, Medicaid, and all federal healthcare programs. Exclusions result from convictions for healthcare fraud, patient abuse, controlled substance offenses, and related misconduct. Exclusion is mandatory for certain conviction types and permissive for others.

Legal requirement to check: While no single statute mandates a specific check frequency for all employers, CMS and OIG guidance makes clear that employing an excluded provider triggers Civil Monetary Penalties regardless of whether the employer knew of the exclusion. The OIG recommends monthly checks at minimum for all healthcare organizations participating in federal programs.

Data format: The LEIE is available as a free monthly CSV download from the OIG website. The OIG also provides a free online search tool and a paid exclusion verification service. Automated compliance platforms query the database on a rolling basis rather than monthly batch.

Penalty for non-compliance: $10,000 per item or service billed while an excluded individual is employed, plus 3x the claim amount in assessments. The organization itself can be excluded. See the full breakdown of penalties for employing an excluded provider.

Who should check it: Every healthcare organization that bills Medicare or Medicaid — hospitals, physician practices, nursing facilities, home health agencies, DME suppliers, pharmacies, behavioral health providers, and ASCs.

SAM.gov — System for Award Management

Administrator: U.S. General Services Administration

What it tracks: Entities and individuals excluded from federal procurement contracts and federal financial assistance (grants, cooperative agreements). Exclusions on SAM.gov result from causes including fraud, integrity violations, and debarment actions across all federal agencies — not just HHS. It includes some individuals who also appear on the OIG LEIE, but the populations are not identical.

Legal requirement to check: Required for organizations that receive federal contracts or grants. The Federal Acquisition Regulation (FAR) prohibits awarding contracts to debarred parties, and the uniform grant guidance (2 CFR Part 180) requires grantees to verify non-exclusion before subawards and procurement transactions above specified thresholds.

Data format: SAM.gov provides an API for programmatic access and a web-based search interface. The database is updated daily, unlike the OIG LEIE which publishes monthly.

Who should check it: Healthcare organizations that receive federal grants (research institutions, federally qualified health centers, community health programs) and organizations with federal contracts. Pure private-pay practices with no federal funding relationship have minimal direct obligation, but best practice includes SAM.gov checks for key staff and vendors.

NPDB — National Practitioner Data Bank

Administrator: U.S. Health Resources and Services Administration (HRSA)

What it tracks: Malpractice payments made on behalf of a provider; adverse licensure actions by state boards; adverse clinical privilege actions by hospitals; DEA actions; exclusions by federal and state health programs; and negative actions by professional societies. The NPDB is the most comprehensive source for a practitioner's adverse action history across multiple domains.

Legal requirement to check: Hospitals are required by statute (the Health Care Quality Improvement Act) to query the NPDB at initial medical staff appointment and every two years at reappointment. Hospitals must also query when granting clinical privileges to new categories of practitioners. Other entities — HMOs, group practices, state licensing boards — are eligible to query but not mandated to by federal law. Some states impose independent query requirements.

Data format: Subscription-based query API. Organizations pay per query or subscribe to continuous querying. There is no public bulk download — the NPDB is not a public database. Results are returned only to authorized querying entities.

Who should check it: Hospitals (required), health systems, HMOs, group practices credentialing practitioners for clinical privileges, malpractice carriers, and state licensing boards. See how board actions appear in the NPDB and how they affect credentialing decisions.

State Medicaid Exclusion Lists

Administrator: Each state Medicaid agency independently

What it tracks: Providers excluded from the state's Medicaid program under state law. These lists overlap with the OIG LEIE for federally mandated exclusions, but include additional individuals excluded under state-specific statutes. A provider not on the federal LEIE can still be excluded from your state's program.

Legal requirement to check: State law varies. Most states with managed care programs require managed care organizations to verify non-exclusion for network providers. State Medicaid billing rules typically require providers to represent that they are not excluded.

Data format: Highly variable. Some states publish downloadable lists; others require web-based searches provider-by-provider. Several states have no consolidated public list, requiring coordination with the state Medicaid agency directly.

Medicare Opt-Out Registry

Administrator: Centers for Medicare & Medicaid Services

What it tracks: Providers who have voluntarily opted out of Medicare. Opted-out providers cannot bill Medicare for any service, and patients who receive services from opted-out providers cannot receive Medicare reimbursement even with a claim. This is distinct from exclusion — opted-out providers have not committed fraud; they have elected to operate entirely outside the Medicare system.

Legal requirement to check: No statutory mandate for employers, but billing Medicare under an opted-out provider's NPI creates claims liability. Practices and hospitals should verify opt-out status as part of credentialing. See what Medicare opt-out means for billing compliance.

Data format: Monthly updated file available from CMS. The data is publicly accessible.

Which databases apply to which organization types

Hospital system: OIG LEIE (monthly, all staff), NPDB (required at appointment and reappointment), SAM.gov (if federal contracts or grants), state Medicaid list, Medicare opt-out registry.

Physician group practice: OIG LEIE (monthly), state Medicaid list, Medicare opt-out registry, NPDB (not required but strongly recommended for credentialing decisions), SAM.gov if applicable.

Ambulatory surgery center: OIG LEIE (monthly), state Medicaid list, NPDB for credentialing of clinical staff, Medicare opt-out registry.

Federally Qualified Health Center or grant recipient: All of the above, with SAM.gov as a mandatory requirement for grant compliance.

No single database covers everything. A provider clean on the OIG LEIE can be excluded by a state Medicaid agency, subject to an NPDB report for malpractice payments, and opted out of Medicare — none of which shows up in an OIG-only check.

The practical requirement is a multi-database monitoring program that checks all applicable sources on a schedule that matches the update frequency of each database. Manual programs rarely accomplish this consistently. For the complete picture on what exclusion means and how to structure your screening process, see what is an excluded provider and what is the OIG exclusion list.