AccuSourceHR™ Blog

Medical Background Checks: OIG, FACIS & Screening Guide

Written by Jon Daniel | Jul 8, 2026 6:48:09 AM

Key Takeaways

  • A healthcare background check is a multi-layered compliance program, combining criminal history, exclusion screening (OIG/SAM), FACIS sanctions, license verification, drug testing, and abuse registries.
  • The OIG exclusion list (LEIE) contains 82,229 entries as of 2026 and updates monthly. Penalties for employing an excluded individual now reach $25,595 per item or service billed, plus triple the claim amount.
  • FACIS Level 1 meets the federal minimum. FACIS Level 3 is the industry gold standard, searching over 5,000 sources across all 50 states with historical data back to 1992. Clinical and patient-facing roles need Level 3.
  • Monthly OIG screening has been the OIG's stated expectation since 2013. Annual or quarterly screening is no longer defensible under current guidance.
  • State exclusion lists operate independently from the federal LEIE. A state-level exclusion can take months, sometimes up to two years, to appear on the federal list.
  • Enforcement is accelerating. With billions recovered annually under the False Claims Act, healthcare screening has shifted from a hiring step to an ongoing risk management function.

In June 2025, the U.S. Department of Justice charged 324 defendants across 50 districts in healthcare fraud schemes totaling $14.6 billion in intended losses—the largest takedown on record. Those charged included 96 licensed professionals, from physicians to pharmacists.

Enforcement pressure continues to rise. False Claims Act (FCA) settlements and judgments reached $6.8 billion in fiscal year 2025, with $5.7 billion tied to healthcare. For employers across hospitals, clinics, and staffing firms, compliance is no longer a one-time hiring step—it’s an ongoing obligation.

A medical background check for employment is no longer a simple checkbox at the point of hire. It is a continuous compliance program, and its components carry significantly more regulatory weight than most HR teams realize.

OIG exclusion screening, FACIS sanctions, state mandates, and monthly monitoring all help reduce risk. In this guide, we outline how those pieces fit together and why getting them right is as crucial as ever.

What a Medical Background Check Actually Includes

A background check for healthcare workers differs from a standard employment screening. The regulatory environment is denser, the consequences of a bad hire are more immediate, and the number of databases to search is significantly larger. Each component exists because a specific regulatory body—CMS, OIG, a state licensing board, or the Joint Commission—requires or expects it.

 

The core components of a healthcare background check fall into various categories. Not every role requires all checkboxes to be ticked, but understanding the full scope is the starting point for building a program that holds up under audit.

Criminal History Searches

Criminal background checks in healthcare typically combine national, state, and county-level searches, with federal records reviewed separately. A multi-jurisdictional sex offender registry check is standard for any role involving patient interaction.

Under the Fair Credit Reporting Act (FCRA), most adverse information is reportable for seven years. That limit does not apply to roles with salaries above $75,000, and several states impose their own lookback rules.

County-level searches carry the most weight in practice. National databases aggregate records from thousands of jurisdictions, but they are not always up to date. County courthouse records provide the most current and complete view, especially for recent charges or dispositions that have not yet reached national systems.

OIG and SAM Exclusion Screening

Healthcare screening diverges from standard employment checks at the sanctions level. The Office of Inspector General (OIG) maintains the List of Excluded Individuals and Entities (LEIE), which identifies people and organizations barred from participating in federal healthcare programs.

The General Services Administration maintains a parallel list through the System for Award Management (SAM).

Hiring an excluded individual while billing Medicare or Medicaid creates direct financial liability for the employer, not the employee or the staffing agency. The risk applies even if the exclusion was unintentional, which is why ongoing monitoring, not one-time screening, is the standard in healthcare environments.

FACIS Healthcare Sanctions

The Fraud and Abuse Control Information System (FACIS) is a separate sanctions database that aggregates disciplinary actions, exclusions, and debarments from federal and state sources.

It comes in multiple levels, each searching a different depth of data. Higher levels capture a broader range of records, including state licensing board actions, DEA debarments, and Medicaid fraud findings, items that may not appear on OIG or SAM checks alone.

The difference between Level 1 and Level 3 is significant, and it is covered in detail later in this guide.

License Verification, Drug Testing, and Other Components

Professional license verification confirms that clinical credentials  RN, LPN, MD, NP, PA¹—are current, valid, and free from disciplinary action. State licensing boards serve as the primary source, while the National Practitioner Data Bank (NPDB) adds a federal layer for physicians and other licensed providers.

Drug and alcohol screening is mandatory under the Drug-Free Workplace Act and for roles governed by the Department of Transportation. Many healthcare employers extend testing beyond those requirements due to access to controlled substances and direct patient care responsibilities.

Additional components include education and employment verification, abuse registry checks, and state-specific screenings tied to patient safety.

The core decision is not whether to screen, but how to structure it. Each role carries different regulatory exposure, which determines the mix of checks and how frequently they should run beyond the initial hire.

¹ RN: Registered Nurse | LPN: Licensed Practical Nurse | MD: Doctor of Medicine | NP: Nurse Practitioner | PA: Physician Assistant

OIG Exclusion Screening — What It Is and Why the Penalties Have Gotten Steeper

An OIG background check is the single highest-stakes component of healthcare sanctions screening. The OIG has the authority to exclude individuals and entities from all federally funded healthcare programs under Section 1128 of the Social Security Act. Once excluded, that person cannot furnish, order, or prescribe any item or service payable by Medicare, Medicaid, TRICARE, or any other federal health program.

As of 2026, the LEIE contains 82,229 entries. Between January and August 2025 alone, 1,726 individuals and vendors were added. The list updates monthly, a detail that shapes the entire screening cadence discussion later in this guide.

Exclusions fall into two categories:

  • Mandatory exclusions are required by law for convictions related to Medicare or Medicaid fraud, patient abuse or neglect, felony healthcare fraud, and felony controlled substance offenses. The minimum mandatory exclusion period is five years.
  • Permissive exclusions are imposed at the OIG's discretion for misdemeanor healthcare fraud, license revocation, false claims, kickback arrangements, and student loan defaults.

Who Must Be Screened (It Is Not Just Clinical Staff)

The OIG's 2013 Special Advisory Bulletin expanded the expected screening universe far beyond physicians and nurses. The guidance states that employers should review every job category and contractual relationship to determine whether the work involves items or services payable by a federal healthcare program. If the answer is yes, everyone in that category should be screened.

In practice, this includes billing and coding staff, IT personnel with access to patient systems, food service workers in a Medicare-certified facility, transportation staff, and administrative assistants who handle claims documentation. Vendors, Contractors, and even Volunteers fall under the same framework.

Corporate Integrity Agreements imposed after FCA settlements have reinforced this scope by explicitly naming management, administration, surgical support, claims processing, and equipment handling as exclusion-sensitive activities.

A screening program that focuses only on clinical staff leaves significant gaps. The legal standard is not whether an employer actually knew about an exclusion; it is whether they knew or should have known. That distinction is what turns incomplete screening into direct liability.

The Real Cost of Hiring an Excluded Individual

The penalty math is where this moves from a compliance best practice to a financial imperative. As of January 2026, civil monetary penalties for employing an excluded individual range up to $25,595 per item or service claimed per violation. On top of that, the employer faces an assessment of up to three times the amount claimed per item. Medicare Advantage and Part D penalties increase further, up to $47,596 per violation.

The math escalates fast. A single excluded employee's billing routine services can trigger multiple violations per claim, per day. When multiplied over weeks or months, exposure can reach six or seven figures before legal costs are factored in.

Recent enforcement trends reinforce the risk. In 2025, 35 healthcare organizations paid more than $26 million in CMP settlements tied to exclusion violations.

The takeaway is straightforward. Exclusion screening is not a procedural step; it is a direct control against compounding financial liability.

 

FACIS Level 1 vs. Level 3 — Which Healthcare Screening Do You Actually Need?

A FACIS (Fraud and Abuse Control Information System) background check searches for exclusions, sanctions, debarments, and disciplinary actions against healthcare professionals and entities.

It complements OIG/SAM screening by aggregating data from sources that the LEIE alone does not cover, including state licensing boards, DEA registrations, and FDA debarments.

FACIS screening comes in distinct levels. The difference between them is not a matter of premium versus budget. It is a matter of how many blind spots your compliance program can afford.

FACIS Level Comparison


 

When Level 1 Is Enough — and When It Is Not

Level 1 satisfies the baseline federal requirement outlined in the OIG Compliance Program Guidance. For a back-office administrative role at a practice that does not bill federal programs, Level 1 may be sufficient.

For any role involving direct patient care, access to controlled substances, claims processing, or financial decision-making in a Medicare or Medicaid environment, Level 1 leaves significant gaps.

The critical difference is state-level coverage. Level 1 does not search state licensing boards or state Medicaid exclusion lists. A nurse whose license was revoked in one state and who relocated to another could pass a Level 1 screen without triggering a flag.

FACIS Level 3 catches that action because it searches disciplinary records across all 50 states and U.S. territories.

Several states have healthcare compliance screening requirements that exceed the federal minimums. In those jurisdictions, Level 1 screening does not satisfy the state obligation. FACIS Level 3 is the only level that reliably covers both federal and state requirements in a single search.

For most healthcare employers operating in regulated environments, Level 3 is the defensible standard.

State-Specific Mandates That Change the Screening Equation

Federal requirements set the floor for healthcare screening. States build on top of it, and the additions vary significantly by jurisdiction.

A healthcare employer operating across state lines cannot apply a single screening template to every location. Each state has its own combination of required databases, lookback periods, fingerprinting rules, and role-specific mandates.

Florida, California, Texas, and New Jersey: Four States, Four Different Rules

Florida

Florida expanded its healthcare background screening requirements through House Bill 975, signed in April 2024. The law broadened Level 2 fingerprint-based screening requirements to additional healthcare professionals, including pharmacists, dentists, optometrists, physical therapists, and psychologists.

Professionals licensed before July 1, 2024, had until July 1, 2025, to complete the new requirements. Florida's Level 2 screening runs through both state repositories and the FBI, a higher bar than many states impose.

California

California requires Live Scan fingerprinting through the California Department of Justice and the FBI for home care aides registered with the Home Care Services Bureau.

The state's regulations around healthcare worker screening are among the most prescriptive in the country, with detailed rules governing submission procedures and permissible uses of background check results.

Texas

Texas mandates background checks for employees of licensed home health agencies and nursing facilities through the Health and Human Services Commission.

The state maintains its own employee misconduct registry, which must be checked in addition to federal databases. Employers who skip this step face state-level enforcement independent of any federal OIG action.

New Jersey

New Jersey requires healthcare employers to confirm that no employee, vendor, or contractor has ever been the subject of any suspension, debarment, disqualification, or recovery action involving Medicaid, Medicare, or any other federally or state-funded healthcare program.

The attestation requirement is explicit and documented.

These four states illustrate a broader pattern. Healthcare compliance screening is not a uniform federal standard that employers can set once and forget. Each state where a healthcare organization operates, or places staff into, carries its own additional layer. A compliance leader managing a multi-state provider network needs a screening partner that tracks these variations and adjusts programs accordingly.

Monthly Monitoring vs. Annual Checks — Why the OIG Stopped Accepting "Periodic"

This is the gap most healthcare employers still have not closed. Many organizations run OIG and sanctions screening at the point of hire, document the result, and consider the obligation met. Some are re-screened annually during performance reviews or quarterly. The OIG has been clear since 2013 that none of these cadences are sufficient.

The 2013 Turning Point Compliance Teams Still Miss

Before 2013, the OIG generally suggested annual screening against the LEIE. There was no formal self-disclosure pathway for exclusion violations, and enforcement was comparatively infrequent. The 2013 Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs changed the landscape.

Monthly screening became the stated expectation. The self-disclosure protocol was rewritten. The screening universe expanded to cover employees, vendors, contractors, owners, officers, directors, managing employees, active medical staff, and referral sources.

Annual screening leaves up to eleven months of exposure between checks. Quarterly screening still leaves up to 90 days. Continuous monitoring for healthcare organizations closes the gap to near real-time and reduces the manual effort that makes monthly batch screening operationally painful for under-resourced compliance teams.

Why Screening Only the Federal List Is Not Enough

The Office of Inspector General exclusion list (LEIE) is the most widely used database, but it is not comprehensive. States maintain their own Medicaid exclusion lists, and those updates do not flow to the federal level in real time. In some cases, state exclusions can take months, or longer, to appear on the LEIE.

This latency creates a real compliance blind spot. An individual excluded at the state level can remain employable and billable if an employer relies only on federal screening.

Cross-state mobility compounds the problem. Excluded individuals frequently relocate and seek employment in states where they have no disciplinary record. They will not volunteer the prior exclusion during the hiring process.

Affordable Care Act (ACA) Section 6501 requires states to report cause-based terminations and requires other states to evaluate whether the conduct warrants termination in their jurisdiction. The mechanism exists, but the speed of data transfer between state and federal systems remains a bottleneck.

A defensible screening program checks the LEIE, SAM, and every applicable state exclusion list monthly, at a minimum.

Building a Screening Program That Holds Up to Auditors

Each component discussed above- OIG screening, FACIS depth, state mandates, and monitoring cadence- answers what to check and how often. The remaining question is execution: how to structure these elements into a single program that withstands audit, accreditation, or litigation.

What a defensible program looks like

A program that meets scrutiny from the Centers for Medicare & Medicaid Services, The Joint Commission, or a negligent-hiring claim follows a consistent pattern:

  • Screening at hire, with no exceptions
  • Monthly re-screening or continuous monitoring across all applicable databases
  • Complete documentation of every search, result, and adjudication decision
  • Standardized adjudication criteria applied across locations and hiring managers
  • Coverage that extends beyond clinicians to the full workforce, including contractors and vendors

In practice, the difference between a basic program and a defensible one is consistency. Policies must translate into repeatable workflows, with clear audit trails and no reliance on manual follow-ups.

The structure below breaks down how that program typically applies across different role types.

Healthcare Screening Checklist by Role Type

 

Uniform adjudication is the piece that most programs underestimate. Without a codified framework, one that applies the same evaluation criteria across every site, recruiter, and hiring manager, adjudication standards drift.

Two candidates with identical criminal histories get different outcomes depending on who reviews the report. That inconsistency creates both legal exposure and audit risk.

AccuSourceHR's DecisionSource adjudication matrix exists specifically for this problem. It codifies the employer's policy into a consistent decisioning framework with traceable decision logs.

Documentation completes the picture. Every screening result, every adjudication decision, every adverse action notice, and every monthly monitoring cycle should produce a record that an auditor can follow. The record does not need to be complex. It needs to be consistent and complete.

AccuSourceHR consolidates OIG, FACIS, and criminal screening into a single healthcare report, supported by SanctionSource for continuous monitoring and an attorney-led compliance team. See what is included →

Please Note: Compliance Is Not a One-Time Event

The healthcare enforcement environment in 2026 looks very different from what it was even five years ago. The DOJ’s record-setting $6.8 billion in FCA recoveries, the 324-defendant takedown, and the sixfold increase in OIG exclusion settlements are not anomalies. They signal direction.

Screening programs have not kept pace. Many organizations still rely on annual checks, even though the Office of Inspector General (OIG) has recommended monthly exclusion screening for over a decade. Federal-only checks miss state-level exclusions and baseline approaches like FACIS Level 1 leave gaps regulators increasingly scrutinize.

The risk sits in the gap between point-in-time screening and ongoing monitoring. That is where violations accumulate and penalties compound.

A defensible approach consolidates OIG, FACIS, criminal screening, state mandates, and monthly monitoring into a single workflow. It reduces fragmentation, closes visibility gaps, and creates the audit trail needed to withstand audits and enforcement.

Get a quote for AccuSourceHR's healthcare screening bundle: OIG + FACIS + criminal screening in one report, backed by U.S.-based account management and an attorney-led compliance team. Request a quote →

Frequently Asked Questions

What does a medical background check include?

A medical background check for healthcare employment typically combines multiple layers of screening. These include criminal history searches (national, state, and county); exclusion checks against the Office of Inspector General (LEIE) and the System for Award Management; FACIS healthcare sanctions screening; professional license verification; and drug and alcohol testing.

Additional components often include education and employment verification, sex offender registry checks, and abuse registry searches for roles involving patient contact.

The exact mix depends on the role, the employer’s regulatory exposure, and state-specific requirements.

What is the OIG exclusion list, and why does it matter?

The OIG exclusion list, formally the List of Excluded Individuals and Entities (LEIE), is a database maintained by the HHS Office of Inspector General. It contains individuals and organizations barred from participating in federal healthcare programs.

As of 2026, the list contains 82,229 entries and is updated monthly. Employers who hire excluded individuals while billing Medicare or Medicaid face civil monetary penalties of up to $25,595 per item or service claimed, plus triple the claim amount.

How often should healthcare employers screen the OIG list?

Monthly, at a minimum. The OIG has stated this expectation since the 2013 Special Advisory Bulletin. The LEIE updates monthly. CMS, JCAHO, and Medicare Advantage plan sponsors all expect or require monthly screening attestation. Annual or quarterly screening leaves weeks to months of unmonitored exposure and is no longer considered defensible under current guidance.

What is a FACIS Level 3 background check?

FACIS Level 3 is the most comprehensive healthcare sanctions screening available. It searches over 5,000 federal and state data sources, including all 50 state licensing boards, Medicaid exclusion lists, DEA debarments, and disciplinary records dating back to 1992.

It is considered the gold standard for clinical and patient-facing roles because it catches state-level sanctions that a federal-only search would miss.

What happens if you hire an excluded individual?

The employer, not the employee, bears the liability.

Penalties include civil monetary fines of up to $25,595 per item or service claimed during the period the excluded individual was employed, an assessment of up to three times the amount claimed, potential False Claims Act exposure, and possible exclusion of the employer organization from federal healthcare programs. The legal standard is "knew or should have known," meaning failure to screen is treated the same as knowingly hiring an excluded person.

Does exclusion liability apply to staffing agencies?

OIG exclusion liability rests with the facility where services are performed, not the staffing agency. Any individual working in a Medicare or Medicaid-participating environment must be screened against the OIG list regardless of employment arrangement.

Staffing firms that place unscreened candidates into healthcare facilities risk losing those contracts when a compliance failure surfaces at the client site.