Skip to content
Keelstar

Guide

How to Screen Credentialing Vendors for OIG

By Keelstar Team · Updated July 11, 2026

The short answer

Credentialing vendors and credentials verification organizations perform services connected to your provider enrollment and payer contracts — screen them against the OIG LEIE before engagement and on a recurring schedule. A compromised credentialing vendor with excluded personnel could onboard excluded providers into your network. Screen the vendor entity, DBAs, and key personnel who access provider credential files or submit enrollment data. Do not assume credentialing vendors screen themselves adequately — verify with your own dated LEIE search and contractually require exclusion screening of their staff. Re-screen monthly or quarterly given access to sensitive provider data and enrollment workflows. Document screening as part of vendor due diligence alongside SOC reports and BAA review.

Credentialing vendor risk

Credentialing vendors influence who enters your provider network. Excluded individuals within a CVO — or an excluded CVO entity itself — undermine your entire exclusion screening program.

Screen the CVO and its personnel

Entity screening alone may miss excluded individuals processing credential files. Screen the organization and key staff with access to provider data.

  • CVO legal entity and DBAs
  • Staff performing primary source verification
  • Enrollment submission personnel
  • Offshore credential processing teams if applicable

Contract requirements for CVOs

Require CVOs to maintain LEIE screening for their employees, notify you of exclusion events, and permit audit of their screening records.

Due diligence alongside SOC and BAA

Include LEIE screening in CVO vendor due diligence packet alongside SOC 2 reports, BAA, and reference checks. Do not grant credential system access until screening clears.

Re-screening credentialing relationships

Active CVO contracts warrant recurring re-screens on your high-risk schedule. Personnel turnover at the CVO triggers screening of new staff with credential access.

Document for payer credentialing audit

Payers audit whether credentialing functions include exclusion verification. Retain evidence that your CVO vendor itself was screened — not just that the CVO checks your providers.

Frequently asked questions

Do CVOs need OIG screening?
Yes. Credentialing verification organizations touch provider enrollment connected to federal programs. Screen the CVO entity and personnel with credential file access.
If a CVO verifies OIG for us, do we still screen the CVO?
Yes. Verify the CVO itself is not excluded and contractually require them to maintain their own screening program.
Should credentialing software vendors be screened?
Screen vendors whose staff access provider credential data or perform verification services. Pure software licensing without service delivery may be lower tier.
How often should credentialing vendors be re-screened?
Monthly or quarterly for vendors with ongoing access to credential files and enrollment submissions.

Related guides

Put this into a monitored workflow

Exclusion Monitor handles this continuously — with reminders and an audit trail.