USE CASE · EXCLUSION & SANCTIONS SCREENING
Catch an excluded provider before they bill a federal claim.
Screen your workforce and vendor roster against OIG LEIE and the federal and state exclusion lists — and return a dated, source-cited record of every check. Built for compliance teams who get audited and developers who need an API, not a CSV.
LEIE exclusion recordsFederal + state listsNPI-keyedRefreshed within 24h
✓ No PHI✓ Monthly re-screen✓ Dated audit record✓ JSON + attestation
The compliance exposure
One missed exclusion is a false-claims problem.
Billing a federal program for items or services furnished by an excluded individual is an overpayment, and can carry civil monetary penalties under 42 U.S.C. §1320a-7a. OIG guidance expects screening before hire and on a recurring basis. A spreadsheet checked once at onboarding does not meet that bar — and it cannot show when a check ran.
Per Fonteum's screening of every order- and referral-eligible NPI, currently match an active exclusion across federal and state lists — and most have been standing for over a year. Oversight gaps, not lag.
The developer pain
Stale CSVs and hand-rolled NPI matching.
The raw exclusion files ship as fixed-width and CSV with inconsistent name fields, no NPI on every row, and no record of when you last pulled them. Teams end up writing brittle fuzzy-matchers and cron jobs to re-download a file that changes monthly — and still have nothing dated to hand an auditor.
A single GET by NPI returns the match decision and the full source citation inline. The freshness of each list is a first-class field, so a behind-SLA source is a flag in the response, not a silent gap.
How it works
The lists screened, and how a match is decided.
5+
Exclusion lists
OIG LEIE, SAM.gov federal debarment, and state Medicaid exclusion lists — consulted together in one screen, not one at a time.
NPI
Match key
Deterministic NPI match where the source carries one; name + identifier corroboration where it does not. Every match names its source list.
24h
Refresh window
Each list refreshes within 24 hours of its release. The snapshot date rides on every response so a result is never ambiguously old.
2
Screening layers
Excluded-anywhere (a hard exclusion in force) and compromised-anywhere (a sanction or monitoring flag short of exclusion) are returned separately.
Integration & workflow
One screen. Two ways in.
Developers screen by NPI over REST. Compliance teams run a roster and export the evidence. Same data, same provenance, same source snapshot.
GET /api/v1/exclusions/{npi}
curl https://fonteum.com/api/v1/exclusions/1356482946 \
-H "Accept: application/json"Response
{
"npi": "1356482946",
"checked_at": "2026-06-17",
"excluded": true,
"excluded_by": ["oig-leie"],
"record_count": 1,
"exclusions": [
{
"authority": "OIG LEIE",
"exclusion_type": "1128(a)(1)",
"excl_date": "2019-03-20",
"reinstated": false
}
],
"compromised_anywhere": true,
"sources": {
"oig-leie": {
"provenance": {
"_source": "OIG LEIE",
"_source_url": "https://oig.hhs.gov/exclusions/",
"_snapshot": "2026-06-01",
"_last_checked": "2026-06-17",
"_methodology": "exclusions/v1",
"_confidence": 1.0
}
}
},
"disclaimer": "Screening aid — re-confirm any match against the primary source list before acting."
}Anonymous screening is rate-limited to 100 requests/hour; authenticate for higher limits and batch roster runs. The exclusions endpoint mirrors the auth and freshness contract of every /api/v1 route.
- 01Submit your workforce and vendor roster as a list of NPIs (or query one NPI at a time).
- 02Each NPI is screened against OIG LEIE, SAM.gov, and the state Medicaid exclusion lists in one pass.
- 03Matches return the list, exclusion type, and date; review and re-confirm against the primary source.
- 04Export the dated, source-cited result — the record your compliance officer attaches to an audit response.
- 05Schedule a recurring monthly re-screen so a new exclusion is caught before the next billing cycle.
Sample audit-evidence artifact
EXCLUSION SCREENING — AUDIT RECORD
NPI ................. 1356482946
Checked (UTC) ....... 2026-06-17T14:02:11Z
Result .............. MATCH (excluded)
Matched list ........ OIG LEIE
Exclusion type ...... 1128(a)(1)
Exclusion date ...... 2019-03-20
Source URL .......... https://oig.hhs.gov/exclusions/
Source snapshot ..... 2026-06-01
Methodology ......... exclusions/v1
Attestation ......... /api/v1/exclusions/1356482946/attestationThe attestation endpoint returns the same result as a signed artifact (JSON or PDF) — the timestamped, source-cited record an OCR or CMS audit asks for.
Proof — not logos
Every result traces to a public source row.
LEIE records
The full OIG LEIE export, NPI-joined. Mandatory (§1320a-7(a)) and permissive (§1320a-7(b)) categories enumerated.
oig.hhs.gov
Named source
Every match cites its originating federal or state list by name and deep-links to the source record. No black box.
exclusions/v1
Pinned methodology
The methodology version is stamped at screen time and retrievable months later — the same version reproduces the same result.
Signed
Attestation
Each check is exportable as a signed attestation tied to Fonteum's Ed25519 witness chain, so the record's integrity is provable after the fact.
“A screening aid is only as good as the date it was run. The date, the source, and the snapshot are the product.”
EXCLUSION & SANCTIONS
Run a roster scan against the federal and state lists.
Questions
Before the security questionnaire.
Why not just run the OIG LEIE myself?
You can download the monthly LEIE file. What that does not give you is NPI-joined matching across the federal and state lists at once, a dated record of when each check ran, and the source snapshot it ran against. An auditor asks for that record, not the raw CSV.
How often is the exclusion data refreshed?
Within 24 hours of each source release. OIG LEIE publishes monthly; SAM.gov and the state Medicaid lists vary. Every response carries the snapshot date and last-checked timestamp for the specific list it was screened against, so you never have to guess how current a result is.
Do you screen against state Medicaid exclusion lists too?
Yes. Beyond OIG LEIE we consult SAM.gov, state Medicaid exclusion lists, and federal debarment registries. A match on any of them flags the NPI, and the response names exactly which list produced the match and on what date.
What does each screening result return for an audit?
An NPI, the check date, whether a match was found, the matching list, the exclusion type and date, and a full source citation: source name, source URL, snapshot date, and methodology version. Exportable as JSON or a signed attestation artifact.
Do you store any patient data?
No. Screening runs against public federal and state records keyed by NPI. There is no PHI in the pipeline and none is required to run a roster scan or a single-provider check.
Go deeper
The data and research behind the screen.
Solutions
All solutions — by use case & buyer →
Data catalog
OIG LEIE exclusion dataset →
Data catalog
State Medicaid exclusion lists →
Brand hub
The /sanctions exclusion hub →
Research
OIG exclusion patterns →
Risk signals
OIG exclusion risk signal →
Use case
Build a defensible audit-evidence program →
Use case
Credentialing & provider-data enrichment →
For compliance
Fonteum for compliance & risk teams →
FONTEUM · EXCLUSION SCREENING
Screen your roster on public data only. No PHI.