99MGMT Blog

Guide to OIG Exclusion Lists - What Physician Owners Need to Know

Posted by 99 MGMT on

physician clipboard oig exclusion lists

In July 2017, the federal OIG exclusions list contained almost 68,000 individuals and entities who are excluded from federal reimbursement for goods and services. State sanctions lists often have more - some providers on state lists are not included on the federal lists.

If you work with Medicare/Medicaid, you will only receive reimbursement for legitimate services - i.e. NOT services provided by excluded entities. If you knowingly or unknowingly make a claim for services from an excluded provider, your clinic will face compliance issues and fines.

These goods and services include:

  • Salaries
  • Benefits
  • Items claimed/billed by licensed healthcare providers or administrative personnel

What are exclusion lists? How many different lists are there?

Exclusion lists are lists of people or entities who have been officially excluded or sanctioned from providing healthcare services.

The full OIG exclusion list is called the List of Excluded Persons or Entities - this list applies to all healthcare services, and is maintained by the OIG. There are multiple databases for federal and state Medicaid exclusion lists. Excluded providers can be found on either federal or state lists.

There are other lists and regulations that only apply in certain situations:

  • FDA debarment list - applies to providers involved in research or clinical trials
  • OFAC’s Specially Designated Individuals list - applies to foreign-born physicians or employees
  • State Medicaid Fraud Control Units (MFCU) have Medicaid exclusion lists
  • Texas, among a few other states, has laws that say if you are excluded in another state, you are excluded in this state

You can view the Texas Exclusions Database here and the Federal Exclusions Database here.

How does a provider become excluded?

For a provider to be on the OIG exclusion list, they will have committed Mandatory or Permissive breaches:

  1. Mandatory
    1. Felony conviction for substance abuse or alcohol
    2. Felony conviction for patient abuse
    3. Felony conviction for fraud and abuse
    4. Felony conviction for sexual assault
    5. License revocation due to any of the above
  2. Permissive
    1. Misdemeanor convictions for substance abuse or alcohol
    2. Misdemeanor convictions for patient abuse
    3. Misdemeanor convictions for fraud and abuse
    4. Misdemeanor convictions for sexual assault
    5. License revocation due to any of the above
    6. Default on a federal student loan

How long do providers stay on the OIG exclusion list?

Mandatory exclusions last for 5 years, but can be indefinite depending on the circumstances. Permissive exclusions last UP TO 5 years, but typically only last 1-3 years.

Once the exclusion period is up, providers must apply for reinstatement at the federal and state level. Reinstatement is not automatic.

What happens if one of my providers is on an exclusion list?

Consequences will depend on whether you’ve been reimbursed through Medicare or Medicaid.


Based on the Civil Monetary Penalty (CMP) law, you will be fined if you receive reimbursement by an excluded provider.

While this law does require screening exclusion lists each month, you WILL be subjected to fines if you discover you have hired, contracted, or accepted a referral from an excluded provider. If you discover you’ve worked with an excluded provider, you should report them to the OIG via the provider self-disclosure protocol.


The CMS State Operations Manual requires you to screen on a monthly basis. (Some states will also have separate state laws or regulations requiring this.)

If you receive reimbursement for improper services, you must refund that money to Medicare/Medicaid within 60 days of discovery (starting when the services became improper).

What do I need to do to make sure my clinic is compliant with OIG exclusion lists?

It is HIGHLY recommended that you run sanctions monthly to prevent major compliance issues and fines. While unlikely, excluded providers do slip through the cracks. Handing over a month’s worth of Medicare/Medicaid funds is much more manageable than a year’s worth.

  1. All federal and state exclusion lists MUST be individually cross-checked and monitored on a monthly basis to remain compliant. All lists may not share the same data with OIG on a timely basis, and they may not share data with each other.
  2. Check both prospective AND current employees against these lists each month.
    1. Screen at time of hire or contracting
    2. Screen monthly
    3. Screen against ALL federal and state lists, even if not “required”
  3. All workforce members MUST have HIPAA training, including House Bill 300 in Texas.
  4. Also check your business associates against the exclusion lists.
  5. Make sure you have a compliance program - see the OIG Compliance Program Guidelines

Not sure if all of your providers are compliant, or how to start auditing? Contact us for direct assistance.

free practice analysis with 99mgmt

Leave a Comment


  • There are no suggestions because the search field is empty.

Recent Posts