EXCLUSION LISTS DEMYSTIFIED

Federal and state exclusion lists abound. There are two primary federal lists, which are addressed in this article, but to there are many other lists that should be considered when screening employees, contractors and potential hires. However, a solid grounding in the basics about exclusion lists will go a long way toward mastery of the topic.

The first two questions that most people ask about exclusion lists are:

1. What are Exclusion Lists?
   In simplest terms, a government exclusion list is a roster of individuals and organizations that are not eligible to participate in federal or state contracts due to criminal behavior or misconduct. These lists are maintained by state or federal agencies and updated regularly.
   1. The List of Excluded Individuals/Entities (LEIE), maintained by the HHS-OIG (Office of Inspector General), is the primary federal exclusion list for the health care industry.   It lists exclusion actions taken the by HHS-OIG. States are required to inform the HHS-OIG of actions taken at the state level due to criminal behavior or misconduct. Upon OIG review, the state actions can then also result in federal exclusion.
   2. A second list, the SAM database maintained by the General Service Administration (GSA), is a composite list of actions taken by multiple federal agencies. The SAM is not as industry-specific as the LEIE but must also be checked routinely for hiring and retention purposes for federal contractors.
2. How many exclusion lists are there?
   • There are two primary federal exclusion lists – the OIG’s LEIE and the GSA’s SAM database. These are discussed in some detail below.
   • However, it is important to know that most states and jurisdictions in the US also maintain their own sanction/exclusion lists. These lists are compiled from actions taken by state agencies such as Medicaid Fraud Control Units (MFCUs) and state law enforcement. Currently, there are 43 states and jurisdictions that maintain state lists that include individuals who are ineligible to participate in state health care programs like Medicaid. The states that do not maintain separate lists still exclude individuals and entities from Medicaid participation but then forward information to the OIG for inclusion on the LEIE.

INTRODUCING THE OIG LEIE & the GSA’s SAM Database

It is the government’s responsibility to protect its health and human services programs from fraud and abuse, as well as to safeguard the welfare of those who benefit from those programs.  The Office of Inspector General OIG exclusion list maintains a comprehensive exclusion database called the List of Excluded Individuals/Entities (“LEIE”), for this express purpose. The General Services Administration (“GSA”) similarly maintains several exclusion lists, managed through the System for Award Management (“SAM”).

 A significant distinction between the LEIE and the SAM databases is scope – the LEIE database contains only exclusion actions taken by HHS OIG, SAM Exclusion database on the otherhand includes debarment actions taken by a number of federal agencies in addition to HHS OIG. Therefore, these databases are related, but there are differences.

UNDERSTANDING THE OIG LEIE

OIG has been implementing exclusions since about 1981, but the Department of Health & Human Services first began imposing them in 1977.

The OIG LEIE database is a complete listing of all individuals and entities currently excluded by the OIG pursuant to sections 1128 and 1156 of the Social Security Act (“the Act”). The effect of an exclusion under either section is that no payment will be made by the subject programs for any items or services furnished, ordered or prescribed by an excluded individual or entity. The LEIE is updated each month. Upon reinstatement, a previously excluded individual or entity may petition to be removed from the LEIE.

The scope of the exclusions under Section 1128 of the Act is from all federal health care programs including Medicare, Medicaid, and other Federal health care programs that provide health benefits funded directly or indirectly by the United States.  The scope of an exclusion under section 1156 of the Act is from Medicare and all state health care programs as defined by 1128 of the Act.   

The LEIE is publicly available on the OIG website in two formats:

> The Online Searchable Database enables users to search by individual or entity name to determine exclusion status. If a match is made on an individual, the database can verify with the individual’s Social Security Number that the match is unique. Employer Identification Numbers (EINs) are available for verification of excluded entities.

> The Downloadable Database of the entire LEIE is available as well for download to a personal computer. This version of the LEIE is comprehensive, including the name of the excluded individual or entity, provider type and specialty, National Provider Identifier (issued by CMS), date of birth, address and exclusion type.

Individuals and entities end up on the LEIE exclusion list due to either a mandatory or permissive exclusion by the OIG. 

A mandatory exclusion by the OIG occurs when an individual or entity is convicted of a felony offense. This may include conviction for fraud related to Medicare or Medicaid or other state or federal health care programs, patient neglect or abuse or a felony offense related to controlled substances. The OIG has no discretion in the case of a mandatory exclusion. On the other hand, in the case of a misdemeanor by an individual or entity, the OIG has discretion issue a permissive exclusion based on the facts of the matter.

To ensure that both federal and state criminal actions taken against health care providers are captured, state Medicaid Fraud Control Units (“MFCU”) are obligated to notify the OIG of any terminations or exclusions, which are then included on the LEIE.  The OIG can levy monetary penalties against those who have incurred them, and even civil fines, to a significant degree.

For more information about the LEIE, the OIG has posted a bulletin on its website which offers comprehensive guidance on the effect of exclusion from federal health care programs.

The MED – Medicare Exclusion Database for Use by States

In addition to the two databases publicly available, there is another version the OIG LEIE – The Medicare Exclusion Database (MED).

The Affordable Care Act of 2010, in response to concerns about widespread patient abuse and neglect in long term care (LTC) settings, created a framework for a nationwide program to conduct background checks on a statewide basis on all prospective direct patient access employees of LTC facilities and providers. The program, known as the National Background Check Program (NBCP) is administered by CMS in consultation with the DOJ and FBI.

The 28 states which applied for grants to participate in this program are required to implement a statewide program that includes a fingerprint-based state and federal criminal history check as well as search of the required federal databases and registries, including the OIG LEIE, that contain the information necessary to identify providers and facilities which are excluded from participation in a federal health care program.

To automate the process, CMS and the NBCP Technical Assistance team developed the MED includes the monthly LEIE from the OIG, with the inclusion of personal identifying information (PII) such as SSNs and dates of birth, as well as NPIs from the NPPES when possible. It is distributed monthly to state Medicaid agencies.

While the LEIE requires manual intervention, the Medicare Exclusion Database is automated and can produce an exact match and ultimately make an automatic “CLEAR” or “NOT CLEAR” determination in seconds. Also, the accuracy of the MED file outcomes is higher than the OIG LEIE because the SSN, rather than the name, of a prospective LTC employee is used in the search engine. These factors greatly reduce the response time and data entry errors and the number of false matches.

UNDERSTANDING THE GSA’S SAM EXCLUSION Database

The GSA maintains centralized database for government contracting known as SAM. The database is a procurement repository and includes all contractors approved to do business with the federal government as well as those who are excluded from participation in federal procurement. SAM incorporates data from multiple decommissioned federal databases – the Central Contractor Registry (CCR), the Federal Agency Registration (FedReg), Online Representations and Certifications Application (ORCA), and the Excluded Parties List System (EPLS) – as well as the OIG’s LEIE (List of Excluded Individuals and Entities). SAM OIG, implemented in 2012, serves as a comprehensive resource for procurement information.

A major difference between the GSA and OIG is that while the GSA maintains SAM as a database of federal procurement systems, the GSA is not an agency with authority to levy fines and penalties. In contrast, SAM OIG, specifically the Office of Inspector General within the System for Award Management, possesses the authority to investigate and penalize individuals or entities engaged in fraudulent or non-compliant activities, unlike the GSA.

Other differences include the categories employed by SAM, classifying excluded entities according to the following four categories:

> Ineligible with proceedings incomplete

> Ineligible with proceedings done

> Prohibition/Restriction

> Voluntary Exclusion

Another difference between the LEIE and SAM is the basis for exclusion. The OIG’s exclusions, as described above, are relatively straightforward.  However, a contractor may be excluded from participation in a federal contract under SAM for a variety of reasons. For example, foreign nationals barred from entering the US are prohibited from bidding on federal contracts, and individuals who have violated national security protocol are excluded. A conviction for tax fraud or default on a student loan debt can also result in exclusion. Essentially, when a federal agency has concerns about unethical behavior, the agency may seek to exclude an individual or entity from participation in future federal procurement opportunities.

As a practical matter, the SAM.gov database is less user-friendly than the LEIE database. For example, GSA exclusions require the Dun & Bradstreet number of an institutional entity on the exclusion list, and the database does not include provider license or NPI data. Searching for individuals via SAM OIG exclusion check is more complicated than via the LEIE. Additionally, LEIE includes more details about persons or entities excluded by the OIG than the details found in SAM.

Data accuracy has been a concern as well. A 2022 review of the SAM.gov database by Streamline Verify revealed some possible data discrepancies when compared against the Treasury/OFAC list of sanctioned individuals and entities (known as Specially Designated Nationals and Blocked Persons List (SDNs)), which is included in the SAM.gov database.

Recent SAM.gov Changes

The General Services Administration (“GSA”) officially changed their interface system on SAM.gov for the U.S. federal contractor registration process on April 4, 2022. The GSA managed federal acquisition and awards previously processed through ten online websites, which have now been consolidated into one. According to SAM.gov, the updates were intended to “incorporate customer-focused functionality changes, to improve the overall experience for site visitors.” The changes to the search functionality include a streamlined search capabilities and improved filters on search results.

The prior GSA contract for SAM validation was with Dun & Bradstreet (“D&B”), requiring companies to have a DUNS number associated with their registration. GSA replaced the DUNS number validation with the issuance of a 12-character alphanumeric ID assigned to an entity by the GSA called the Unique Entity Identifier number (“UEI”).  As part of the new business validation process, upon submission of a  SAM registration or renewal, the GSA pulls  data from different industry sources to match the company’s registered administrator, legal business name, and address before validation can be completed. If the validation does not automatically match records submitted in SAM, the business must provide a notarized letter and a customer service ticket to the GSA Federal Services Desk (“FSD”), as well as provide corresponding documents showing the correct business information to allow for proper registration validation.  Once the customer service ticket is submitted to the FSD, the processing can take from weeks up to months to be validated before registration can be completed. Because of these changes, as well as staffing and training issues, the GSA remains backlogged. It is highly recommended that contractors start the SAM renewal process at least 90 days before their expiration date.

As summarized in a recent Streamline Verify article, the transition away from using Dun & Bradstreet has not been smooth for contractors or federal agencies.   As reported on the Federal News Network site on September 13, 2022, “The delays have gotten so bad with the transition to the new unique entity identifier (UEI) on SAM.gov that the Defense Department isn’t requiring contractors to have a new number to do business with them for the next six weeks.” Also, the federal  Defense Pricing and Contracting office issued a deviation to the Federal Acquisition Regulation (FAR) on Sept. 8 that allows the services and defense agencies to do business with companies who aren’t fully registered in the governmentwide acquisition system. This deviation was  issued to mitigate delays in SAM registration currently being experienced by entities due to changes in entity validation processes and a significant increase in entities requesting a unique entity identifier at SAM.

The GSA continues its work to improve customer experience using the site. As recently as December 2022, the GSA asked for users to participate in usability testing which involves walking through a specific feature that is being improved to show understand how actual users   respond to the site. Test results and comments are provided directly to the teams developing and designing the SAM.gov feature you tested.

Conclusion

In addition to OIG, SAM and LEIE, 43 states and jurisdictions maintain their own Medicaid exclusion lists. These lists include violations of state law that do not necessarily violate federal law – and may not be reported to the federal databases. This is despite the fact that the federal Affordable Care Act (“ACA”) now mandates that if a provider or entity is excluded under any state Medicaid database, that provider should be excluded from participating in all states.

Checking all of the above noted databases creates significant administrative burdens for entities required to do so. While there is overlap between these exclusion lists, best practice is to search all of them in order to obtain the most comprehensive information on excluded, sanctioned and debarred individuals and entities.

Therefore, healthcare businesses should perform an LEIE check, screen against SAM, OIG and state exclusion lists, ensuring a thorough assessment to prevent any involvement of excluded individuals or entities in providing care or services on behalf of the business.

Please refer to this resource for more helpful information on EPLS.