25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

What are the HHS OIG Background Check Requirements?

Posted By on Mar 8, 2024

The HHS OIG background check requirements are that healthcare providers should check the HHS OIG Exclusions List before engaging a new member of the workforce or contracting a service from a third party vendor to ensure they have not been excluded from Federally funded healthcare programs. The Exclusions List should also be checked periodically against existing supplier and workforce databases.

Strictly speaking, the HHS OIG background check requirements are recommendations rather than requirements; but as HHS OIG can impose civil monetary penalties against healthcare providers that claim payments from a Federally funded healthcare programs in respect of goods or services acquired from excluded entities, background checks should be on every provider’s to-do list.

What is an HHS OIG Background Check?

In 1977, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) was given the authority to exclude physicians that submit false, fraudulent, or otherwise improper claims from Medicare and Medicaid. The authority has been extended several times since, and HHS OIG can now exclude any individual or organization from all Federally funded healthcare programs if they are found in breach of a qualifying law or regulation.

Due to the extended authority of the HHS OIG, there are now many thousands of individuals and organizations on the HHS OIG Exclusions List. Some exclusions are temporary, but once an individual or organization is excluded from Federally funded healthcare programs, they typically go out of business – unless they indirectly participate in a Federally funded healthcare program by providing items or services to a third party healthcare provider.

HHS OIG Exclusions List
What You Need To Know

Get The 6 Essentials Checklist For Compliance Officers

A link to your download will be sent to your email address

Your Privacy Respected

HIPAA Journal Privacy Policy

To prevent individuals and organizations circumnavigating the exclusion penalty, Congress gave HHS OIG the authority in 1997 to impose a civil monetary penalty on any healthcare provider that acquires goods or services from an excluded entity and subsequently claims payment from a Federally funded healthcare program. Healthcare providers can be fined up to $20,000 for each good or service claimed plus three times the amount claimed.

For this reason, it is recommended that healthcare providers conduct an HHS OIG background check against the Exclusions List before contracting a new vendor or engaging a new member of the workforce. It is important for healthcare providers to be aware that the recommendations to conduct an HHS OIG background check not only apply to vendors of medical supplies but – since September 2023 – software vendors and SaaS service providers as well.

What is HHS OIG Verification?

The term HHS OIG verification is often used interchangeably with HHS OIG background check. However, the difference between the two terms is that an HHS OIG background check implies checking the exclusions database prior to a healthcare provider contracting a new vendor or engaging a new member of the workforce, whereas an HHS OIG verification check implies a subsequent or periodic check of the exclusion database.

The reason why healthcare providers should conduct subsequent and periodic checks of the exclusion database is to ensure that a vendor or member of the workforce has not been added to the  database since the initial background check. In some cases it can take years for violations to be investigated and penalties imposed, so it is quite possible that a background check clears a vendor or workforce member who is subsequently excluded.

If a healthcare provider identifies an excluded individual or organization during an HHS OIG verification check, it is important to follow the guidelines in the HHS OIG Self-Disclosure Protocol. As you will see from the Protocol, HHS OIG can still impose civil monetary penalties and recover previously paid claims when a violation is self-disclosed. Therefore it is important to conduct comprehensive HHS OIG verification checks frequently.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist