Screen 500 Providers in 10 Minutes
Paste your NPI list. Get a full compliance report across 130+ federal, state, and enforcement databases. No compliance team required - Medistill is your compliance team.
What manual credentialing actually looks like
In 2013, a Dallas hospital credentialed a neurosurgeon named Christopher Duntsch. Over the next two years, he injured 33 of his 37 patients, leaving two dead and several paralyzed. His previous hospital had let him resign quietly - structuring his departure to avoid the NPDB reporting trigger under 45 CFR Part 60. The next hospital called for a reference and heard nothing concerning. Duntsch was eventually sentenced to life in prison.
In Kadlec Medical Center v. Lakeview Anesthesia Associates, an anesthesiologist caught using narcotics on duty was given clean reference letters by former colleagues. He obtained locum tenens privileges in Washington State and caused catastrophic brain damage during a routine procedure. Kadlec settled for $7.5 million. In both cases, the information existed in databases the credentialing team wasn't checking.
These aren't outliers. This is what happens when credentialing teams check two or three databases and call it done. You know the routine: open a browser tab for OIG LEIE, type the name, check the result. Open SAM.gov, type it again, wait for it to load (it's always slow). Maybe check your own state board. For a single provider, that's 15 to 25 minutes if nothing goes wrong.
When you're credentialing 500 providers a month, that's 125 to 200 hours of staff time. That's a full-time employee doing nothing but copying names between browser tabs. And that's only checking 2 to 5 of the 130+ sources that contain actionable information.
Regulators are catching up. The Joint Commission consolidated its credentialing standards for 2026. NCQA, effective July 2025, shortened primary source verification timeframes from 180 to 120 days and now requires monthly exclusion screening with hits escalated to a peer-review body. The organizations that understand the full source landscape now will be ahead of the ones scrambling to catch up.
Nearly 500,000 healthcare providers hold licenses in two or more states. A disciplinary action in one jurisdiction may never surface in another unless someone actively looks. The Interstate Medical Licensure Compact covers roughly 40 states, but it explicitly excludes physicians with disciplinary history, solving nothing for the providers you most need to catch.
The databases beyond OIG and SAM.gov
OIG LEIE and SAM.gov are the CMS minimum. “Not excluded by OIG” is a low bar. A thorough screening covers:
Federal exclusions and sanctions
7 sourcesOIG LEIE, SAM.gov, CMS revoked Medicare billing privileges, CMS Special Focus Facilities, Medicare opt-out list, NPI deactivation, TRICARE sanctions
FDA enforcement
5 sourcesDebarment list (156 individuals), Clinical Investigator Disqualification List (232 investigators), drug enforcement actions, device enforcement actions, warning letters
State medical and professional boards
60 checksAll 50 states + DC. Several states require multiple board checks (CA Medical Board + 20 DCA boards, FL DOH + Nursing + Pharmacy + specialty boards, separate MD/DO boards in multiple states)
State Medicaid exclusions
5 sourcesNY OMIG, CA Medi-Cal, TX OIG, IL HFS, FL AHCA. These are independent from the federal OIG list, a provider excluded from state Medicaid isn't automatically on LEIE
Court and enforcement records
5 sourcesOIG enforcement actions (10,800+ convictions and settlements not on LEIE), federal court FCA/qui tam cases, DEA registration revocations, OFAC SDN Treasury sanctions, federal docket records
Financial conflicts
3 sourcesCMS Open Payments general payments, ownership/investment interests, and OIG Corporate Integrity Agreements + Civil Monetary Penalties
OIG oversight and CMS penalties
3 sourcesCorporate Integrity Agreements, Civil Monetary Penalties, and nursing home penalty data (17,400+ documented penalties)
That's 130+ checks total. Nobody runs all of them by hand. The teams that try burn days per provider. The teams that don't are sitting on risk they can't see.
A provider can clear OIG and SAM.gov and still have a state board suspension you didn't check, an FDA debarment, or half a million in Open Payments from one device company.
What asking Medistill looks like
Medistill plugs into Claude as a data source. You ask a question in plain English, it queries the databases directly. No SQL, no API work, no data team.
For compliance screening, one query checks all 130+ sources and returns a structured report with a risk score.
A real screening looks like this:
You type
“Screen Dr. Sarah Martinez, NPI 1528394716, against all enforcement and exclusion databases.”
Medistill returns
Checked 130+ enforcement, exclusion, and licensing databases across federal and state sources. 0 adverse actions found. Open Payments records are informational only (meals and educational items, below reporting thresholds for most compliance policies).
The whole check took seconds. All 130+ sources, not just OIG and SAM.
Risk score runs 0-100, graded A through F. You can drill into anything that flags:
You type
“What are the Open Payments details for this provider?”
Medistill returns
3 General Payments in 2024-2025: (1) Pfizer, $1,200, consulting fee. (2) Medtronic, $847, food and beverage at educational event. (3) AbbVie, $800, speaker compensation. All reported under the Sunshine Act. No ownership or investment interests found.
Follow-ups work in the same conversation. Drill into any flag, switch providers, ask for more detail. Context carries over.
Batch screening: 500 providers, one query
You don't need a compliance team. You don't need to screen one provider at a time. You paste your NPI list - or provide a spreadsheet - and Medistill screens every provider against all 130+ sources in a single request. 500 providers takes about 10 minutes to generate a full report.
Paste the NPIs, wait 10 minutes, get back a structured report with individual risk scores, flagged findings, and a summary of who needs attention. Run it monthly. Run it before every credentialing committee meeting. Run it when the staffing agency sends over 40 new travelers who all need to be cleared by Monday.
You type
“Screen all 500 providers in the attached spreadsheet against all compliance databases.”
Medistill returns
500
Providers screened
115
Sources per provider
471
Clear (Grade A)
29
Flagged for review
Flagged providers:
NPI 1923847561, State board action (FL), license on probation
NPI 1647382910, SAM.gov exclusion, active, effective 2024-08-12
NPI 1382947165, Open Payments, $47,200 in consulting fees from single manufacturer
NPI 1756483920, State board action (NY OPMC), reprimand, 2023
NPI 1493827156, CMS revoked Medicare billing, effective 2025-01-15
NPI 1284937561, DEA enforcement action, registration suspended
471 providers passed all 130+ checks. 29 require review. 6 have disqualifying findings (SAM.gov exclusions, CMS revocations, state board suspensions). Full detailed reports available for each provider. Generated in ~10 minutes.
500 providers, 130+ sources each, one query. That's 44,000 individual database checks in about 10 minutes. Manually, at 15 minutes per provider checking just OIG and SAM.gov, the same list would take 125 hours, and that still only covers 2 of the 130+ sources.
You don't need a 3-person compliance team. You need a Medistill subscription and 10 minutes. The only human work left is investigating the flagged ones. That's the part of the job that actually requires human judgment.
What a real compliance report looks like
This is from an actual batch screening of 220 providers at a community hospital. Names and NPIs have been changed. The findings are real.
SAMPLE COMMUNITY HOSPITAL
Provider Compliance Report · Prepared April 5, 2026
Executive Summary
220
Screened
35
Flagged
9
Critical (F)
1
High Risk (D)
185
Clean (A)
Screened across 130+ enforcement sources: OIG LEIE, SAM.gov, OFAC SDN, CMS exclusion and revocation, FDA enforcement, recall, warning letter, and investigator databases, CMS nursing home penalties, CMS Open Payments, and 50 states + DC medical board disciplinary databases.
Of 220 providers, 9 came back as critical - requiring immediate administrative action. Here's what those findings actually look like:
LEGAL REVIEW REQUIRED - OFAC SDN MATCH (SDGT / TERROR FINANCING)
Findings:
- OFAC SDN Match - name matches AL-SHAHARE, Ahmed Khaled (SDGT sanctions program, linked to Guangzhou Alshahari United Corporation Limited, Yemen-national terrorist financing network). Also holds a NY license.
- Payments to or employment of this provider may violate OFAC regulations until identity is verified and cleared.
Required Actions:
- Immediately suspend all payments and notify legal counsel and Chief Compliance Officer
- Conduct enhanced identity verification: DOB, photo ID, passport number, address
- File SAR with FinCEN if match is confirmed as a true positive
- Do not resume payments or employment until OFAC clearance is obtained
CREDENTIALING REVIEW REQUIRED - ACTIVE AZ MEDICAL BOARD DISCIPLINARY ACTION
Findings:
- Arizona Medical Board Disciplinary Action - license #73596 (status: Active), Interventional Radiology, Mesa AZ. A board action has been recorded while the license remains active.
- Cross-State Alert - disciplined in AZ but licensed and practicing in CA, FL, and GA. Cross-check of all state boards recommended.
- Open Payments - $5,210 from Inari Medical (speaking + travel, 2024 - active) and Medtronic grant ($1,057, 2022). COI disclosure required.
Required Actions:
- Obtain full AZ Medical Board disciplinary order and review terms and restrictions
- Verify CA, FL, and GA license status for any reciprocal discipline
- Update credentialing file; flag for Medical Staff Office peer review
- Require updated COI disclosure for Inari Medical relationship
CREDENTIALING REVIEW REQUIRED - NY MEDICAL BOARD DISCIPLINARY ACTION
Findings:
- New York OPMC Disciplinary Action - license #288385 (MD), effective May 19, 2021. Provider also holds CA and PA licenses.
- Cross-State Alert - disciplined in NY while also licensed in CA (active) and PA. CA Medical Board cross-check recommended.
Required Actions:
- Obtain full NY OPMC disciplinary order and review terms and practice restrictions
- Verify CA Medical Board license status for any reciprocal action
- Verify PA license status for any reciprocal action
- Update credentialing file and flag for Medical Staff Office and peer review committee
This is what 130-source screening catches that OIG + SAM.gov misses: OFAC sanctions, state board discipline with cross-state alerts, FDA recall associations, financial conflicts needing COI disclosure. None of this shows up in a two-database check.
The full report also includes Section 3 (high industry payments requiring COI review), Section 4 (notable payments requiring disclosure), and a complete 220-provider roster with individual grades and scores. The entire report was generated from a single query in about 10 minutes.
What actually changes
Here's the comparison for screening 500 providers per month:
Before
With Medistill
The time savings matter, but the bigger deal is coverage. Going from 2-5 sources to 130+ catches things manual screening never would: state board actions in states nobody thought to check, FDA debarments, DEA enforcement, financial conflicts through Open Payments.
The other change is re-verification. Most teams do quarterly exclusion checks because the manual process is too time-consuming to do more often. With batch screening, monthly re-verification of your entire roster is practical. Some teams run it continuously, screening every active provider on the first of each month.
That matters because exclusions and board actions happen between credentialing cycles. A provider who was clean in January could have a state board suspension in March. If your next check isn't until June, that's three months of exposure.
Try it with your own provider list
Medistill offers a 50 free credits with full access. Connect it to Claude, submit a list of NPIs, and see the screening results against all 130+ databases in your first session. Cancel anytime before day 8.
If your team is spending hours on manual exclusion checks or paying for a credentialing tool that only covers a fraction of the databases that matter, it's worth seeing what 130-source screening looks like on your actual roster.