Publication

SAM Replaces EPLS: How to Make Sure You Are Compliant

Richard P. Kusserow | June 2026
LinkedIn

Many healthcare compliance leaders are unaware that federal regulators have increased enforcement activity around exclusion screening, with greater use of data analysis and interagency data sharing to identify noncompliant organizations and pursue liability under the False Claims Act. What was once viewed as a routine compliance task is now a high-risk area with direct implications for reimbursement, audits,and potential liability exposure for organizations and, in certain cases, individual leaders.

Today, organizations are expected to demonstrate proactive, documented, and consistently executed exclusion screening practices across their workforce and vendor ecosystem. Failure to do so can result in payment recoupments, civil monetary penalties, Corporate Integrity Agreements, and lasting reputational damage.

Updated Regulatory Expectations 

Current guidance from the Office of Inspector General (OIG) and the Centers for Medicare & Medicaid Services (CMS) reflects a clear expectation: exclusion and sanction screening must be conducted regularly, consistently, and in a manner that is auditable.

Monthly screening against the OIG List of Excluded Individuals and Entities (LEIE) is widely adopted across the healthcare industry. As a best practice, organizations also screen the System for Award Management (SAM), a federal database administered by the General Services Administration (GSA) that consolidates debarment and suspension records for individuals and entities excluded from doing business with the federal government.  CMS enrollment requirements and program integrity activities increasingly emphasize the need for effective, well-documented screening processes, particularly as data transparency and interagency coordination continue to expand.

In addition, regulators are increasingly using data matching and cross-agency data analysis to identify organizations that may be billing for services tied to excluded individuals or entities, often before the organization itself detects the issue.

OIG LEIE vs. SAM: What You Need to Know

Healthcare organizations must screen against both the OIG LEIE and SAM databases to meet compliance expectations.

  • The OIG LEIE remains the primary source for healthcare-related exclusions.
  • SAM includes broader federal debarment and suspension data, which CMS considers during enrollment and oversight.
  • Relying on only one database creates a significant compliance gap.

Both databases play a critical role in identifying individuals or entities that should not participate in federally funded healthcare programs.

How to Use SAM for Exclusion Screening

To access SAM exclusion data, organizations should use the official search tool available here. 

When performing a search:

  • Filter results to display “Exclusions” only
  • Conduct name-based searches and review potential matches carefully
  • Validate potential matches using available identifiers such as address and other entity details
  • Document all search results and determinations

Because SAM does not support searches based on Social Security numbers, organizations must rely on robust matching protocols and documentation to support their screening decisions.

2026 Federal Exclusion Screening Checklist

To align with current regulatory expectations, organizations should implement the following:

  • Screen the OIG LEIE monthly
  • Screen SAM monthly
  • Include employees, contractors, vendors, and referring providers
  • Document all screening results and match determinations
  • Establish clear escalation protocols for potential matches
  • Automate screening processes where appropriate
  • Audit screening processes regularly to ensure effectiveness

This checklist reflects baseline expectations along with leading practices.

Manual vs. Automated Screening: Regulator Expectations in 2026

As enforcement has evolved, so have expectations around how screening is conducted.

Manual screening processes introduce significant risk, including:

  • Human error and inconsistent execution
  • Inability to scale across large or complex organizations
  • Lack of audit-ready documentation

Regulators increasingly expect screening processes to be scalable, consistent, and audit-ready, often leading organizations to leverage automated solutions that:

  • Integrate with HR, credentialing, and vendor management systems
  • Provide real-time or near-real-time monitoring through API connections
  • Maintain detailed audit trails of all screening activity

Importantly, reliance on employee or vendor attestations alone is no longer sufficient and may be viewed as a compliance failure.

Why This Matters: Enforcement Consequences

Failure to implement effective exclusion screening can lead to serious consequences, including:

  • Repayment of claims associated with excluded individuals
  • Civil monetary penalties
  • False Claims Act exposure
  • Corporate Integrity Agreements with ongoing oversight obligations
  • Reputational damage and loss of trust with regulators and partners

In today’s enforcement environment, exclusion screening is not just a compliance checkbox. It is a financial and operational risk control.

Take the Next Step

Proactive organizations are addressing these risks now, before regulators have a chance to. If you are unsure whether your current screening processes meet 2026 expectations, now is the time to act. 

Request a Compliance Risk Assessment today. 

Speak with a consultant about: