Publication

Advisory Bulletin: General Services Administration’s EPLS/SAM System Failure

Richard P. Kusserow | April 2013

As you may be aware, the General Services Administration’s (GSA) debarment list, previously known as the Excluded Parties List System (EPLS) and more recently as the System for Award Management (SAM) continues to be plagued with problems. The GSA data has never been user-friendly and can create many false hits, resulting in considerable work to resolve.  For most health care organizations, the number of vendors and contractors they must screen runs into many thousands. To compound matters, GSA recently identified a security breach that resulted in the exposure of GSA registered users’ information. In addition, the Compliance Resource Center, made GSA aware of a discrepancy between the searchable exclusion data in SAM and, what should be the same, exclusion data available in a downloadable file. It is important to note that all CRC clients were insulated from these security breaches.

The emergence of the aforementioned problems resulted from GSA’s efforts to consolidate the federal procurement process from a federal government perspective.  Their new system incorporates several databases, including the Central Contractor Registration/Federal Agency Registration (CCR/FedReg), Online Representations and Certifications Application (ORCA), and the EPLS into one online system.  GSA has indicated that future development phases of SAM will include additional data sources screened during the federal procurement process. This may result in additional technical issues emerging.  In short, EPLS is now included within a larger system that incorporates multiple data sources, which, thus far, has resulted in numerous technical problems.

Sanction Screening Made Simple

Get Free Quote & Demo

On January 31, 2013 CRC’s Database Administrator detected data integrity problems and promptly contacted the GSA Federal Service Desk (FSD). Specifically, the Database Administrator identified inconsistencies in the exclusion data between what was available online in SAM and what was contained in the data extract available for download from the GSA SAM website. The original issue identified was that second and subsequent sanctions imposed on an individual did not contain identifying information in the record. Additionally, difficulties were identified that caused certain sanctions to be associated with the wrong party in cases where two individuals have the same first and last names, but different middle names, and at least one of the individuals had more than one sanction imposed. Because of the glitch in the data, it was impossible to correctly assign the second and subsequent sanctions to the correct individual and, therefore, CRC could not ensure that the data loaded correctly into our Sanction Screening Services (S3) sanction and exclusion screening tool.

Examples of the problem encountered when searching the SAM data online included difficulties when searching for an individual’s name.  The results contained multiple records that were inconsistent and / or redundant. In addition, examples of problems encountered with the data extract included missing data elements such as records containing null rows of information either above or below a previously populated record. This prevented the Database Administrator from identifying which individual is associated with the additional record details. In response to CRC’s queries about the discrepancies, the FSD responded by email stating they escalated CRC’s request to the tier two queue for the associated service because the tier one agent is not able to address the problem.  CRC continued daily requests for further information and explanation about the failures.  Phone calls to FSD resulted only in the call being logged and that an agent would be assigned to address the problems as quickly as possible.  After more than two weeks of CRC’s original request, the FSD reported that they had researched the issues reported and were in the process of working on a resolution. It took another week before they reported that the discrepancies in the exclusions extract were corrected. The corrected file is now available. However, GSA and FSD never provided an explanation of what caused the problem or how long the glitch was in its system.

Based upon GSA’s notification of problem resolution, we have to assume that they tested the information in order to advise that the data extract was corrected. However, CRC’s Database Administrator conducted its own evaluation of the data in order to determine that it is indeed accurate and, therefore, cleared to be used to conduct the screenings. Each data load is evaluated to identify any discrepancies and will continue to be evaluated going forward. We determined that the data is complete and are confident that:

  • The data is being provided such that it is now logically possible to load it correctly.
  • Because every row in the data now contains full identity information, we do not have to make assumptions about the rows that contain no identity information.
  • The Database Administrator has verified the data load and the data contained in the downloadable data extract matches the data contained in SAM online.
  • We have tested our S3 sanction and exclusion screening tool with the example provided to the FSD and other examples we found in the exclusion data.

During this whole period, CRC found the GSA process challenging and created confusion for our clients to accurately verify debarred individuals and/or entities in SAM.  As a result, many of our clients have requested that CRC provide suggestions on how to meet the challenge of using the GSA debarment database.  CRC clients may wish to consider the following suggestions to save future headaches:

  1. Screen against the GSA SAM only those vendors and contractors providing healthcare related services and / or products.
  2. Reduce the frequency of GSA screenings.  Monthly screenings can be excessive in cost, time and effort.  Consideration may be given to screening individuals and parties at time of engagement and annually thereafter.  Alternatively, if GSA screening is something you wish to conduct more frequently than annually, quarterly screening would be preferable and is sufficient.
  3. Conduct a “rolling screening” program.  This approach is to have continuous screening of a small portion of the universe of contractors and vendors at a rate whereby all have been checked by the end of the twelve month period.
  4. Outsource the whole screening process to CRC in order to save time and costs, as well as gain the confidence that the verification and resolution are accurate. Outsourcing grants you the peace of mind that you are meeting the sanction screening requirements and that the screenings are conducted each month, regardless. If you would like a quote for upgrading to our full screening service, please contact us.

We trust the information provided in this bulletin is useful and explains what you may have heard about the problems at GSA.  If you would like more details on this, please let us know.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.