What Is an Excluded Provider? OIG, SAM.gov, and Medicaid Exclusions Explained

Ask a billing manager what happens if you employ an excluded provider and bill federal programs for their services. The answer is not pleasant: full repayment of every dollar received, civil monetary penalties of $10,000 per item or service billed, and potential program exclusion for the employing organization itself. The individual provider's status is your problem the moment you hire them.

"Excluded provider" is a legal status, not an informal label. Here is what it means, which databases track it, and why missing even one of them is a compliance failure.

What exclusion means

An excluded provider is an individual or entity that has been formally barred from participating in federal healthcare programs — primarily Medicare, Medicaid, CHIP, and other programs funded by the Department of Health and Human Services. Exclusion is not a license suspension or a fine. It is a prohibition on receiving any federal healthcare reimbursement, directly or indirectly.

That "indirectly" clause is where employers get caught. If an excluded provider works for your organization — even in an administrative role — and federal programs are billed for services rendered during the period of their employment, the employing organization is liable. The excluded provider does not need to be the billing provider. They do not need to be a clinician at all, in some interpretations. Their presence in the organization during a federal billing period creates exposure.

The three main exclusion databases

OIG List of Excluded Individuals and Entities (LEIE)

The Office of Inspector General of HHS maintains the LEIE — the primary federal exclusion database. It covers individuals and entities excluded under the Social Security Act for reasons including healthcare fraud, patient abuse or neglect, felony convictions related to controlled substances, and licensing board actions. The OIG updates the LEIE monthly and provides a downloadable file as well as an online search tool.

OIG guidance recommends that employers check the LEIE monthly for all employees and contractors in covered roles. Checking only at hire is not sufficient — a provider can be added to the LEIE after onboarding, and the employer's obligation continues throughout the employment relationship. See the full breakdown in our article on what the OIG exclusion list is and how penalties work.

SAM.gov (System for Award Management)

SAM.gov is maintained by the General Services Administration and covers entities excluded from federal contracts and assistance programs — including but not limited to healthcare programs. An exclusion in SAM.gov can arise from procurement fraud, contract violations, or actions by federal agencies outside HHS. Some providers and entities appear in SAM.gov but not the OIG LEIE, and vice versa. Both databases need to be checked; they are not duplicates of each other. For a detailed comparison of what each database covers and how they overlap, see OIG vs SAM.gov vs NPDB: what each database covers.

State Medicaid exclusion lists

Every state Medicaid program maintains its own exclusion list, separate from the federal LEIE. A provider can be excluded from a state Medicaid program without appearing on the federal list, and vice versa. For organizations that bill state Medicaid — which is the majority of healthcare providers — checking only the OIG LEIE leaves a gap. The applicable state list depends on where services are rendered and billed, not where the provider is licensed.

Who issues exclusions and why

The OIG has mandatory exclusion authority for certain categories: convictions related to Medicare or Medicaid fraud, patient abuse or neglect convictions, felony convictions related to healthcare fraud, and felony convictions related to controlled substances. These are automatic — no discretion involved. Permissive exclusions cover a broader range of conduct including misdemeanor fraud convictions, license revocations or surrenders, entities controlled by excluded individuals, and failure to repay health education loans.

Minimum exclusion periods for mandatory categories start at five years for a first offense and ten years for repeat offenses. Some categories carry permanent exclusion.

What happens when an employer misses one

The Civil Monetary Penalties Law imposes penalties of up to $10,000 for each item or service furnished by an excluded individual, plus assessments of up to three times the amount billed. The employing organization must also repay any program payments received during the period the excluded individual was employed. In practice, a single excluded employee billing through a practice for six months before discovery can generate liability in the hundreds of thousands of dollars.

Beyond the monetary exposure, repeated or egregious failures to screen for excluded providers can result in the employing organization itself being excluded from federal programs — a potentially business-ending consequence for any practice that depends on Medicare or Medicaid revenue.

For a detailed breakdown of the financial exposure model, see the true cost of employing an excluded provider.

The difference between excluded and opted-out

Exclusion is involuntary and punitive. Medicare opt-out is a voluntary election by a provider to operate outside the Medicare program under private contracts. An opted-out provider is not excluded and has not violated any law — they have simply chosen not to accept Medicare reimbursement. The distinction matters because the two statuses create different compliance problems. See what Medicare opt-out means and when it affects billing.

How often to screen

OIG guidance is explicit: monthly screening is the recommended standard for all employees and contractors in roles that touch federal program billing. Annual screening at hire is not adequate. Exclusions happen throughout the year, and the billing liability accrues from the moment the excluded individual begins working for a covered organization — not from the moment the organization discovers the exclusion.

Automated platforms that run OIG, SAM.gov, and state Medicaid exclusion checks on a monthly schedule — and flag matches for immediate review — are the practical implementation of that guidance. See how license compliance automation handles exclusion screening alongside credential monitoring.