Why Healthcare Sanctions Checks Are a Non-Negotiable Compliance Requirement
Navigating the complex landscape of US healthcare regulations requires a proactive approach to workforce credentialing. A healthcare sanctions check is a screening process that searches federal and state exclusion databases to confirm that a healthcare worker, vendor, or contractor is not barred from participating in Medicare, Medicaid, or other federally funded programs.
Compliance Checklist
- Federal Databases: Search OIG LEIE and SAM.gov debarment records.
- State Databases: Query more than 40 state-maintained Medicaid exclusion lists when applicable.
- Disciplinary Actions: Check state licensing board records for board-level sanctions when role scope requires it.
- Frequency: Perform pre-hire checks and transition to monthly ongoing monitoring.
- Audit Trail: Document and store source-version stamped search results.
If you need the short answer fast, here it is:
- Search the OIG List of Excluded Individuals/Entities (LEIE) for federal exclusions
- Search the SAM.gov debarment database
- Search applicable state Medicaid exclusion lists
- Search state licensing board disciplinary records when the role requires comprehensive clinical screening
- Document all results with a full audit trail
A sanctions check is not the same as a standard criminal background check. Standard checks look at criminal history. Sanctions checks look at whether someone has been formally excluded from federal healthcare programs — which can happen for reasons including Medicare fraud, patient abuse, controlled substance violations, or financial misconduct.
The stakes are high. Under the Civil Monetary Penalties Law, employing or contracting with an excluded individual can trigger civil monetary penalties starting at a statutory base of $10,000 per item or service, adjusted annually for inflation, plus assessments of up to three times the amount claimed. And it is not just about fines — organizations that bill Medicare or Medicaid for services provided by an excluded individual risk losing federal program eligibility entirely.
What makes this more urgent than many HR leaders realize: providers with active federal exclusions have repeatedly been found holding valid state licenses due to reporting lags. A clean state license does not mean a provider is cleared to work in a federally funded program.
The OIG recommends checking the LEIE at minimum monthly — not just at hire. That means your screening program needs to be continuous, documented, and defensible.
The five steps below walk you through exactly how to build that program.
What is a Healthcare Sanctions Check and Why Does It Matter?
To protect patient safety and secure federal funding, you must understand the distinction between standard background screening and a healthcare sanctions check.
Standard background checks focus on county, state, and federal criminal records, employment history, and education verification. While crucial, these searches do not access the specialized administrative databases maintained by healthcare regulatory bodies. A candidate could have a clean criminal record but still be actively excluded from participating in federal healthcare programs due to administrative rulings.
Administrative exclusions are governed primarily by the Office of Inspector General (OIG) under the Department of Health and Human Services (HHS). The OIG has the authority to exclude individuals and entities from participating in Medicare, Medicaid, and all other federal healthcare programs. When an individual is placed on an exclusion list, no federal healthcare program payment can be made for any items or services they furnish, order, or prescribe. This restriction covers not only direct patient care but also administrative, clerical, and support roles.
For a comprehensive overview of how these checks fit into your broader credentialing process, read our Healthcare Background Checks: A Complete Guide to Requirements, Compliance, and Best Practices.
The Legal and Financial Risks of Non-Compliance
Operating without a robust healthcare sanctions check policy can expose your organization to civil monetary penalties starting at a statutory base of $10,000 per item or service, adjusted annually for inflation, plus assessments of up to three times the amount claimed, repayment obligations, program-exclusion risk, and reputational harm. For the enforcement-focused version of this topic, read Vetty's OIG exclusion screening guide for employers.
The 5-Step Workflow for a Compliant Healthcare Sanctions Check
Building a compliant screening workflow requires a systematic approach that balances regulatory rigor with operational efficiency. Relying on manual, ad-hoc searches introduces human error and documentation gaps that will not hold up during an audit.
To manage your workforce effectively, you need a structured workflow that spans from pre-hire to post-hire. For a deeper dive into managing this process, see our guide on Healthcare Sanctions Monitoring for HR.
Stage-by-Stage Hiring Breakdown
- Pre-Application: Define role-specific screening requirements and database scopes.
- Pre-Offer Screening: Run the initial multi-list sanctions check before making a final employment decision, alongside the broader pre-hire background screening workflow.
- Pre-Start Verification: Execute a rapid, secondary check immediately before the official start date to catch reporting lags.
- Onboarding: Securely document baseline clearance certificates and establish the audit trail.
- Post-Hire Monitoring: Transition the active employee into automated monthly monitoring.
Below is the step-by-step process to ensure complete compliance.
Step 1: Establish a Clear Screening Policy
The foundation of compliance is a written policy that clearly defines who must be screened, how often, and against which databases.
A common pitfall is over-screening or under-screening due to a lack of clear criteria. Your policy should outline:
- Eligible Roles: Every employee, contractor, vendor, and volunteer must be screened if their duties are funded directly or indirectly by federal healthcare programs.
- Vendor Filtering: Establish criteria to filter out vendors and contractors who do not provide healthcare-related products or services, such as office supply vendors, to prevent unnecessary administrative burden.
- Referring Physicians: Your policy should explicitly state that you do not screen referring physicians who have no formal, contractual, or employment relationship with your organization. Neither the OIG nor the Centers for Medicare & Medicaid Services (CMS) requires checking referring physicians unknown to your facility, and attempting to do so often leads to incomplete data and wasted resources.
Step 2: Conduct Pre-Offer and Pre-Start Screenings
Timing is critical when screening new candidates. You should perform an initial healthcare sanctions check before the final hiring decision, but running a single check at the time of the offer is not enough.
Because of state reporting lag times, several weeks or even months can pass between the date a state licensing board issues a sanction and the date that sanction is officially published in federal databases like the OIG LEIE. To mitigate this risk, conduct a primary screening during the background check phase, and run a second, rapid pre-start check immediately before the candidate’s official start date to catch any newly published exclusions.
Step 3: Resolve False Positives and Verify Matches
Because public exclusion databases like the OIG LEIE do not publish Social Security Numbers (SSNs) or National Provider Identifiers (NPIs) for every entry, name-based searches frequently generate false positives.
When your screening returns a potential match, you must systematically verify the candidate's identity:
- Cross-Reference Identifiers: Compare the candidate's full legal name, date of birth, professional license number, and NPI history against the database record.
- Utilize Primary Sources: Check state licensing board databases to verify active credentials and disciplinary history.
- Categorize the Outcome:
Classify the result into one of three categories:
- Clear: No active sanctions or historical records found.
- Watch: Historical record of a resolved sanction or an active investigation that requires ongoing monitoring.
- Excluded: An active, unresolved exclusion that legally bars the individual from employment.
Step 4: Document Results for Audit Defensibility
If your organization is audited by the OIG, CMS, or state Medicaid authorities, you must prove that you performed the required screenings on the correct dates. Merely claiming that you ran a search is insufficient.
To build an airtight audit trail, ensure your screening process generates and stores:
- Source-Version Stamps: Documentation showing the exact date and time the database was queried, along with the version of the database that was active at that moment.
- Search Parameters: A record of the exact names, aliases, and identifiers used in the search.
- Permanent URLs: Secure, unalterable digital links to the search results and clearance certificates.
- Resolution Notes: Detailed logs explaining how your compliance team resolved any potential false positives.
Step 5: Transition to Monthly Ongoing Monitoring
Compliance is not a one-time event. A candidate who is clear on their start date could be sanctioned or excluded months later due to an ongoing investigation or a new infraction.
The OIG recommends checking the exclusion list at least monthly. To maintain continuous compliance, transition every active employee, contractor, and relevant vendor into a monthly monitoring program. This ensures that any post-hire sanctions are detected and resolved within a 30-day window, reducing the risk of accumulating penalties tied to excluded-person services.
Fair Credit Reporting Act (FCRA) Workflow
When a sanctions check reveals an active exclusion that disqualifies a candidate, you must strictly adhere to the FCRA workflow. First, issue a Pre-Adverse Action notice to the candidate, including a copy of the background report and a summary of their rights under the FCRA. Provide a reasonable period, typically 5 business days, for the candidate to dispute any inaccuracies. If the exclusion is verified and no dispute is raised, issue a final Adverse Action notice to formally conclude the process.
Common Mistakes
- Relying solely on pre-hire checks: Failing to implement monthly ongoing monitoring leaves organizations exposed to post-hire exclusions.
- Ignoring state-level lists: Checking only federal databases like the OIG LEIE while omitting more than 40 state-maintained Medicaid exclusion lists.
- Inadequate documentation: Failing to maintain source-version stamped records and resolution logs for audits.
- Improper identity verification: Disqualifying candidates based on name-match false positives without cross-referencing NPIs or dates of birth.
Good vs. Bad Compliance Practices
- Bad: Running a manual search on the OIG LEIE once at the time of hire, saving no digital audit trail, and assuming the employee remains compliant indefinitely.
- Good: Automating pre-hire and monthly ongoing monitoring across federal and state databases, verifying potential matches using primary sources, and maintaining secure, time-stamped digital records for every search.
Choosing Your Screening Scope
To choose the right healthcare sanctions check, start with the role, the work location, the billing exposure, and whether the person holds a clinical license. A federal-only search may be appropriate for some low-risk administrative roles, but licensed clinical staff and multi-state employers usually need broader coverage.
| Screening Tier | Sources Checked | Recommended Use Case |
|---|---|---|
| Tier 1 — Federal only | OIG LEIE + SAM.gov exclusions | Roles with no state billing exposure. |
| Tier 2 — Federal + state | OIG LEIE, SAM.gov exclusions, and more than 40 state-maintained Medicaid exclusion lists | Multi-state employers and roles with Medicaid billing exposure across multiple jurisdictions. |
| Tier 3 — Comprehensive | Federal exclusions, more than 40 state-maintained Medicaid exclusion lists, and licensing boards across all US states and territories | The standard for licensed clinical professionals, including doctors, nurses, and other credentialed care providers. |
Tier 1 vs. Tier 2 vs. Tier 3: Choosing the Right Scope for Your Healthcare Sanctions Check
Selecting the wrong screening scope can leave major blind spots in your compliance program.
Tier 1 may be enough when the person has no state Medicaid billing exposure and does not hold a clinical license. Tier 2 adds state Medicaid exclusion lists, which is important for healthcare employers operating across more than one state or billing Medicaid in multiple jurisdictions. Tier 3 adds licensing board disciplinary actions, which helps identify license suspensions, probations, reprimands, and other board actions that may not appear in federal exclusion databases right away.
Providers with active federal exclusions have repeatedly been found holding valid state licenses due to reporting lags and differences between exclusion systems and licensing systems. For licensed clinical professionals, comprehensive screening is the safer scope because it checks both payment-program exclusions and professional-license discipline.
To determine how to structure your credentialing packages across different roles, read our guide on Everything You Need to Know About Background Screening for Healthcare.
Streamlining Compliance with Modern Healthcare Sanctions Check Technology
Many organizations still rely on manual database searches, which are slow, error-prone, and difficult to document. Modern screening platforms reduce these inefficiencies by automating searches, documentation, and recurring monitoring.
Below is a comparison of how Vetty compares to other industry options:
| Feature / Capability | Vetty (VettyVerify™ & VettyComply™) | Traditional Screening Competitors |
|---|---|---|
| Continuous Monitoring | Automated monthly re-checks with alerts | Manual batch uploads or periodic requests |
| Mobile-First Experience | Smartphone-based candidate workflows | Desktop-heavy candidate portals |
| Integration Speed | ATS/HRIS API integrations | Custom integration work often required |
| Audit Trail Generation | Source-version stamped digital records and clearance documentation | Manual PDF downloads and spreadsheet tracking |
- API Integrations: Connect your applicant tracking system (ATS) or HRIS to your screening provider, allowing you to trigger a sanctions check during onboarding using VettyOnboard.
- Risk Review Workflows: Centralize potential matches so compliance teams can review identifiers, resolve false positives, and document decisions consistently.
- Continuous Monitoring Dashboards: Centralize monthly screening data into a dashboard that runs background re-checks, tracks compliance activity, and generates audit-ready reports.
- Automated Alerts: Receive notifications when an active employee or contractor matches a newly published exclusion list, allowing your team to pause affected work or billing while the result is reviewed.
Frequently Asked Questions About Healthcare Sanctions Checks
How often should we check the OIG LEIE database?
You should check the OIG LEIE database before hiring an individual and at least monthly thereafter. The OIG updates the LEIE monthly, and monthly checks are the industry standard for maintaining compliance and protecting federal funding.
What is the difference between a mandatory and a permissive exclusion?
A mandatory exclusion is legally required by law. The OIG must exclude individuals convicted of Medicare or Medicaid fraud, patient abuse or neglect, felony convictions related to healthcare fraud, or felony convictions related to controlled substances.
A permissive exclusion is discretionary. The OIG has the authority to exclude individuals for misdemeanor healthcare fraud, misdemeanor controlled substance violations, license suspension or revocation by a state board, or defaulting on health education loans.
Do we need to screen referring physicians who are not on our staff?
No. Neither the OIG nor CMS requires healthcare organizations to screen referring physicians who are not on their staff and with whom they have no direct employment, contractual, or financial relationship. Attempting to screen unknown, out-of-area referring physicians often results in false positives due to a lack of identifiable candidate data, such as dates of birth or SSNs, creating unnecessary administrative burdens.
Conclusion
A robust sanctions screening program is essential for protecting patient safety, maintaining regulatory compliance, and safeguarding your organization's financial health. By implementing a structured five-step workflow — from establishing a clear policy to transitioning to automated monthly monitoring — you can reduce compliance blind spots and build an audit-defensible program.
Managing this manually across employees, contractors, and vendors is an operational burden. That is why Vetty provides tools for each stage of the screening and monitoring lifecycle.
As part of Vetty's hiring acceleration platform, VettyComply™ supports post-hire continuous monitoring for OIG LEIE, SAM.gov, state Medicaid lists, criminal activity, and motor vehicle records. VettyVerify™ supports pre-hire background screening, and VettyOnboard™ supports onboarding, document collection, license verification, and e-signatures. Vetty's PBSA-accredited, SOC 2 Type 2 platform integrates with existing workflows to help teams maintain screening records, monthly monitoring, and alerts.
Ready to streamline your healthcare compliance and background screening? Learn how we can help you scale your compliance program by visiting Vetty.







