5 Sanction Screening Mistakes That Put Healthcare Organizations at Risk

5 Sanction Screening Mistakes That Put Healthcare Organizations at Risk

Healthcare is an industry where bad actors can trigger fatal consequences. With life and death decisions made every day, providers are putting reimbursement, reputation, and their patients at risk if sanction screening mistakes fail to catch excluded individuals.

Thanks to increased transparency in this digital age, organizations are better positioned to identify dangerous individuals and prevent the damage they can cause.

That’s not to say healthcare organizations should become complacent and blindly assume their current screening process gets the job done. Serious mistakes are still likely if the right steps in your exclusion review process are not put in place.

When entities become informed about these exclusion monitoring shortcomings, risk mitigation becomes more accurate and more efficient. That means you can save money, focus your time, and keep people safer all at the same time when you’re more informed. Below, ComplianceLine reviews 5 of the most common sanction screening mistakes made by healthcare organizations.

Is your organization excluding a step that puts your patients in danger?

The Dangers of Too Few or Too Many Exclusion Lists

What happens when I have too few lists?

Limiting your search only to states where you operate exposes your organization to risk. You need assurance that employees and candidates have no sanctions from any state. Missing a sanction puts your company in violation of federal guidelines. Mistakes could cost hundreds of thousands of dollars in fines and reimbursement clawbacks.

Get advice from an expert who knows the regulations, the lists available, and how those lists should be chosen. As with most risk management, trying to guard against every possible threat takes too many resources. You need to demonstrate that you’re checking all the likely and reasonable sources. Adjust your process based on risk tolerance, exposure, operations, and budget.

What Happens When I Have Too Many Lists?

The flip side is when organizations have too many lists at their disposal. This tends to cause the dreaded ‘information overload.’

When time and resources get tied up in unnecessary areas, the organization will suffer. To avoid overload, it’s important to keep in mind that your exclusion search is about balancing quality with quantity.Doing extra work is not just a waste of your team’s effort and budget, it may lead to you missing other more damaging risks without providing any meaningful risk reduction. Don’t mistakenly assume that ‘the more exclusions I review the better.’

Even if the organization thinks they are obfuscating risk by using an excessive number of lists, they might be opening themselves up to new risks in other areas. One example is reviewer burnout. Burnout is real. If your team is spreading themselves too thinly, trying to pull from too many lists, their resources will be limited in other areas. Additionally, their focus on reviewing those lists will be drained, since they are likely to review too many irrelevant potential matches to your employee roster.

When picking and assessing lists, a balanced approach is key. A risk management analysis should be a large factor in the equation. It’s critical to take an intelligent, balanced, and contextualized look at which lists are going to hit that sweet spot of having a high potential (not just some vague remote chance) of identifying a sanctioned party that is likely to put your company at risk.


For more information on decision challenges from list analysis, watch the webinar,
Five Sanction Screening Mistakes That Can Cost You Big Time.

Watch Now


How Many Lists Should You Check?

Any organization should research the Big 4 lists as part of their standard operating procedure: OFAC, SAM, OIG, SDN/US Treasury. But there are over 100 lists to search through (and more if someone wants to impress you with a long, irrelevant list). Most states (but not all) have a publicly-listed Medicaid sanctions list. Many also have additional lists managed by other agencies, and there are other national and international ones to consider. So how do you decide which ones make sense for you?

Decide which lists are most valuable in your organization’s compliance screening process and cut out the less important lists. It’s smarter to spend time reviewing a focused set of your best matches instead of an excess of mediocre candidates. An expert can help you make a risk-balanced choice, and we’re glad to help.

Never Completely Rely on the Data from a Sanction Database

sanction database

Many new vendors who get into the sanction screening space (and the customers who get drawn to them) think the sanction screening process is easy. They assume all it takes is the ability to download databases automatically, run a search for matches, and hand the information over to a healthcare organization. What they don’t realize is that automation threatens to obscure critical information. Automation and technology are key pillars in the process, unless you want to go cross eyed reviewing screens all day. But it’s simply not thorough or precise enough to provide full protection.

ComplianceLine has been in the sanction screening game longer than any company in the industry and knows what goes into an effective screening process. We’ve processed millions of searches for some of the most exacting providers and payors in the world. Part of this involves knowing the limitations of relying on automated databases, an inserting an intelligent human review at the right points.

For example, many agencies don’t list their information publicly, which makes those data impossible to download and automate. In these cases, the vendor has to send the agency an email or call them on the phone for access to this information (P.S. many vendors won’t pick up the phone and do this!)

Inexperienced vendors prevent healthcare organizations from getting the necessary information for a more complete vetting process. This leaves the organization in the dark about their higher risk and allows dangerous employees, physicians, and vendors to enter or remain their organization – wasting precious budgetary resources.

The ability to accumulate all the necessary information about an individual can lower the potential for many awkward conversations with job candidates or current employees.

Which ‘Type’ Error Should You Focus On?

Avoid Type 1 Screening Errors

In statistics and data analysis it’s common to talk about two types of errors. Type 1 errors are false negatives and type 2 errors are false positives.

Type 1 errors are the real danger to your organization. A Type 1 error in sanction screening is when a physician has been excluded from providing care to Medicare and Medicaid patients, but you improperly think she is cleared. You review a potential match and determine that an existing sanction is not referring to her. For example, a false negative could mean that a physician is not qualified to care for Medicare patients.

When hiring or screening professionals erroneously determine that an existing sanction is a nonmatch, they leave a physician in place and put their patients at great risk. If your organization keeps the physician contracted, they could be risking an action that warrants a lawsuit, reimbursement clawback, or adverse patient event.

Your process should be built primarily to screen, identify, and potentially review all likely matches so you can carefully identify positive matches and remove those entities. Only then can they stop putting your patients at risk. Of course it’s impossible to thread the needle perfectly all the time, so your process and protocols should build a buffer around the obvious matches so you are reviewing only the sanctions that might be causing a risk to you.

Embrace Type 2 Screening Errors

If your system is going to allow one type of error over the other, Type 2 errors are much less damaging. This would happen if you think an employee was sanctioned, discuss the concern with the employee, then get clear confirmation they are not related to the sanction in question. You falsely inferred a positive sanction match, then cleared it up. Some people call this being cautious. If you carefully and selectively identify positive matches, you can remove those entities before any greater risk is incurred.

Focus on building a process that screens, identifies, and reviews each of the likely matches. Identify positive matches and begin removing those individuals ASAP.

There is minimal damage done when you err on the side of a false positive (Type 2). All that happens is a quick, ultimately uneventful conversation. It’s better than retaining someone who is harmful and putting the whole organization at risk.

Don’t Ignore The Death Master File

death master file

Identify employees who may be forging a false identity with the wrong social security number.

Screening against the Death Master File allows organizations to compare every social security number in their roster of employees and physicians against the government’s full list of people who have passed away.

You might have a contracted physician who submitted a fake social security number prior to working with patients. If they used a number that has never been sanctioned, they could get off squeaky clean and you might not know until it’s too late. SSN is treated as such a unique and reliable unique identifier that you might confidently rule out the actual sanction for that physician just based on the false SSN!

The social security death master file makes the process easier and more accurate for organizations. They can assess whether employees have submitted a forged number from a deceased individual without having to get this high-security access themselves.

With the correct data in place, organizations can feel confident knowing that they are identifying the right people against the sanction list.

Of course this level of access is hard to come by for most vendors, but ComplianceLine offers it as a crucial part of the sanction screen process. It is quickly becoming a standard best practice that more and more organizations are asking for.


For more information on the Death Master File, watch the webinar:
Five Sanction Screening Mistakes That Can Cost You Big Time

Watch Now


The Dangers of Mishandled Interactions

The Dreaded Employee Follow-Up

Let’s say you’ve found a sanction that’s a cause for concern, and you need to follow-up with that employee to have them confirm or deny the information. Some organizations will mishandle the interaction by simply not having any interaction in the first place.

If you just go ahead and terminate the employee without any clarity, you’ll likely make critical errors, at times let go of a good and innocent person, and potentially earn yourself a lawsuit.

Sure, you don’t want bad individuals to remain onboard, but is it worth terminating honest physicians by mistake? The best advice is to implement a waiver process before making a final determination.

It’s all about putting a process in place that you can trust. If your organization has picked the right databases, gone through and vetted each individual, then gone the extra step of checking the social security Death Master File, your final step is a one-on-one sit down with the employee. Here, you can present your evidence and give an innocent employee a chance to clear up any confusion.

No matter which way your final decision goes, always treat your employees with respect. Give them an acceptable amount of time to address the situation.

Keep an audit of each conversation in order to protect your organization and the employee in question.

Try The #1 Sanction Screening Solution Available

End-to-End Screening Made Simple

ComplianceLine offers the most trusted end-to-end sanction screening solution in the industry. Fast turnaround times, responsive service, and record low error rates make SanctionCheck the perfect solution for your organization.

It’s another way to help you and your patients remain safe and secure.