What Is the OIG Exclusion List, and Why Should Healthcare Employers Check It?

The OIG exclusion list is not a compliance technicality. It is the mechanism by which the federal government enforces the principle that individuals who have defrauded Medicare, abused patients, or committed serious healthcare-related crimes cannot benefit from federal program dollars — directly or through an employer who looks the other way.

Most healthcare employers know the list exists. Fewer understand precisely how the penalty structure works, why name-only searching is unreliable, or why checking at hire is not enough.

What the LEIE is

The List of Excluded Individuals and Entities — LEIE — is maintained by the Office of Inspector General of the Department of Health and Human Services. It is the authoritative federal database of individuals and entities barred from participation in Medicare, Medicaid, and all other federal healthcare programs funded under the Social Security Act.

CMS created the exclusion authority as part of the Medicare-Medicaid Anti-Fraud and Abuse Amendments of 1977 and expanded it significantly through the Social Security Act. The OIG took over administration of the LEIE in 1977 and has maintained it since. Today the list contains hundreds of thousands of entries — individuals and entities across every healthcare discipline.

Who gets excluded and why

The OIG has two categories of exclusion authority: mandatory and permissive.

Mandatory exclusions apply automatically upon conviction in four categories: healthcare fraud related to Medicare or Medicaid, patient abuse or neglect, felony convictions related to healthcare fraud more broadly, and felony convictions related to controlled substances. The minimum exclusion period for a first mandatory offense is five years. A second mandatory offense carries a minimum of ten years. Some conduct — particularly patient abuse and repeat fraud — results in permanent exclusion.

Permissive exclusions give the OIG discretion to exclude based on a wider range of conduct: misdemeanor fraud convictions, license revocations or surrenders at the state board level, default on health education loans, entities controlled by excluded individuals, and more. These exclusions are assessed case by case and may carry shorter minimum periods.

What the penalty structure actually looks like

The Civil Monetary Penalties Law (42 U.S.C. § 1320a-7a) is explicit. An organization that knowingly employs or contracts with an excluded individual and submits claims to federal programs for items or services furnished during that period is subject to:

• Civil monetary penalties of up to $10,000 for each item or service furnished by the excluded individual
• Assessments of up to three times the amount claimed for each such item or service
• Full repayment of any federal program payments received for those items and services
• Potential exclusion of the employing organization from federal programs

To put this in concrete terms: if an excluded provider works at a practice for six months before the exclusion is discovered, and the practice billed Medicare for 500 encounters during that period at an average of $200 per claim, the exposure is $100,000 in repayment plus up to $5,000,000 in civil monetary penalties. The "we didn't know" defense has a ceiling — the OIG expects employers to check, and failure to check does not eliminate liability.

For a full cost model, see the true cost of employing an excluded provider.

How often to check — and why monthly matters

OIG guidance explicitly recommends checking the LEIE monthly for all employees and contractors in roles that involve federal program billing or services. The reasoning is straightforward: exclusions are added to the LEIE on a rolling basis throughout the year. A provider who passed an onboarding check in January can be added to the list in March. The employer's obligation — and liability — begins from the date the exclusion takes effect, not from the date the employer discovers it.

Annual screening is better than nothing, but it means up to eleven months of undetected exposure after a new exclusion is recorded.

NPI vs. name search — why it matters

The OIG LEIE search tool supports name-based queries. Name searches alone are unreliable for two reasons: name changes (through marriage, legal name change, or deliberate obfuscation) and common names that produce large result sets requiring manual review. Cross-referencing the NPI — the National Provider Identifier registered in NPPES — significantly improves match accuracy. Automated platforms that reconcile both identifiers produce fewer false negatives and fewer false positives than manual name-only searches.

What the LEIE does not cover

The LEIE is not the only exclusion database. SAM.gov covers entities excluded from federal contracts and assistance programs administered outside HHS — and some providers appear there without appearing on the LEIE. Each state Medicaid program also maintains its own exclusion list, independent of the federal database. A complete exclusion screening program checks all three. For the full comparison, see OIG vs SAM.gov vs NPDB.

The LEIE also does not reflect Medicare opt-out elections. An opted-out provider is not excluded and is not on the LEIE — but billing Medicare on their behalf still creates claims problems. The distinction is explained in what Medicare opt-out means for your practice.

For the full picture of what exclusion means across all three major databases, see what is an excluded provider.