Visitor, vendor, and workforce screening
LEIE & SAM visitor checks
A practical playbook for compliance managers and public sector teams who must screen visitors, vendors, and workforce against LEIE and SAM while keeping audit-ready records.
At a glance
Why it matters
- Protect federal program eligibility
- Prevent debarred vendors from access
- Keep visitor screening audit-ready
Use this guide to
- Know when to run LEIE & SAM
- Capture evidence and reviewer decisions
- Export redacted logs for audits/FOIA
What are LEIE and SAM?
The LEIE (List of Excluded Individuals/Entities) is maintained by the HHS Office of Inspector General and is used to prevent excluded parties from participating in federal healthcare programs. The SAM (System for Award Management) exclusion list is used for federal contracts and awards to identify suspended or debarred entities. This article is informational only and is not legal advice.
When should you run LEIE & SAM checks?
- Onboarding a new vendor, contractor, or long-term visitor before granting access.
- Before access to sensitive programs, controlled areas, or systems is approved.
- Periodic re-checks for recurring contractors or extended engagements.
- Whenever key identity details change (legal name changes, new corporate ownership, updated EIN/DUNS).
What to capture in each check
- Identity data: full name; date of birth or corporate identifiers when available.
- Evidence: screenshot or result ID, source URL, timestamp, and who reviewed it.
- Decision: no match, potential match (escalate), or confirmed match with notes.
- Audit link: record the check inside your audit log with traceable IDs for later export.
- Retention posture: store only what you need; redact extraneous PII in exports.
Quick LEIE & SAM visitor checklist
- Confirm identity inputs (name + DOB/identifier); avoid initials only.
- Capture proof of search (screenshot or transaction ID) with timestamp.
- Document reviewer, decision, and rationale; flag potential matches for escalation.
- Store results in an exportable, immutable log with organization context.
- Schedule re-checks for recurring vendors/contractors.
Audit, FOIA, and documentation expectations
Public sector teams and healthcare partners need exports that stand up to audits and FOIA requests. Keep results tied to a clear request ID, reviewer, timestamp, and a redacted payload. Exports should be scoped by organization and avoid storing unnecessary PII while still proving that checks were performed.
Operational playbook for LEIE & SAM visitor checks
- Capture visitor/vendor identity with supporting identifiers.
- Run LEIE and SAM checks; keep source links or IDs.
- Resolve potential matches with a reviewer; escalate unclear cases.
- Log decision, evidence, reviewer, and timestamp.
- Export logs for audits/FOIA as needed with redactions.
Ready-to-use capture fields
- Identity: name, DOB (if available), org/site
- Evidence: screenshot or result ID + timestamp
- Reviewer: who ran the check and decision
- Outcome: no match / potential match / match
- Notes: escalation path and follow-up date
How SecurePoint USA supports this
SecurePoint USA helps teams embed LEIE and SAM checks inside visitor, vendor, and workforce screening workflows. Unlimited screenings mean teams do not skip checks for cost reasons. Immutable audit logs and exportable evidence packs give you the artifacts you need for reviews without over-sharing PII. This is support for your own policies—not a guarantee of compliance.
For deeper screening contexts, see our coverage of sanctions and visitor screening and the Compliance Hub.
