Background screening sits inside the broader compliance perimeter described in our 42 CFR Part 484 working guide, parallel to the privacy and security obligations described in our HIPAA compliance walkthrough and the assessment workflow described in the OASIS-E documentation guide. The Medicare home health Conditions of Participation at 42 CFR § 484.80 require that home health aide qualifications be documented and that the agency verify the aide's status against the state nurse aide registry; the personnel-records standard at § 484.110 requires that those verifications be retained and produced at survey. State licensure regimes — the California CDPH framework, the New York Article 36 LHCSA rule, the Texas HCSSA rule, the Florida Rule 59A-8, the Ohio ODH framework, and the Pennsylvania 28 Pa. Code Chapter 601 licensure rule — each impose their own background screening obligations that an agency operating in that state must satisfy in addition to the federal screens. The credentialing compliance checklist consolidates the documentation expectations into a single audit-ready file structure.

The reader this article is written for is the HR or staffing manager who owns hiring workflow, the compliance officer who has to answer for screening at survey, and the founder who is configuring the screening stack and the consumer reporting agency relationship before the first hire. Surveyors and licensure investigators do not accept "we use a background check vendor" as evidence of compliance — they want to see, in the personnel file, each of the federal and state screens enumerated below, dated, and resolved before the date of first patient contact.

The Layered Architecture — Federal Floor, State Ceilings

Every home health caregiver in the United States is subject to at least three federal screens that apply regardless of where the agency operates: an OIG List of Excluded Individuals/Entities (LEIE) check, a SAM.gov exclusions check, and a State Nurse Aide Registry verification. State licensure law then layers additional screens on top, and the layering is not uniform — Florida runs a fingerprint-based "Level 2" screen through a centralized clearinghouse, California pairs a DOJ Live Scan against a Department of Social Services Home Care Aide registry, New York layers a Justice Center Vulnerable Persons Central Register check on top of a DOH-administered fingerprint check, and Pennsylvania requires three separate clearances under Act 153 and the Older Adults Protective Services Act. An agency that operates in more than one state cannot rely on the screens it ran in the first state; the state-specific layers do not transfer across borders.

The two organizing distinctions to keep in mind throughout this article are (1) the federal-versus-state distinction (federal screens are uniform and required everywhere; state screens vary) and (2) the role distinction within the workforce. Home health aides, registered nurses, licensed practical nurses, therapists, medical social workers, administrators, and clinical managers are all subject to background screening, but the specific screens that apply differ by role: a CNA is subject to the State Nurse Aide Registry check, a registered nurse is also subject to the state board of nursing's licensure verification and the National Practitioner Data Bank query for adverse actions, a therapist is subject to the state board of physical therapy or occupational therapy's licensure check, and the administrator is subject to all of the above plus, in many states, a separate administrator-level fingerprint screen. The compliance program has to map each role to the specific screens that role requires.

Federal Layer 1 — OIG List of Excluded Individuals/Entities (LEIE)

The OIG exclusion authority is codified at 42 U.S.C. § 1320a-7. Section 1320a-7(a) sets out the four mandatory exclusion categories — conviction of program-related crimes (Medicare or Medicaid fraud), conviction of patient abuse or neglect, felony health-care-fraud convictions, and felony controlled-substance convictions. Section 1320a-7(b) sets out the permissive exclusion categories — license revocations, exclusion from other federal programs, claims for excessive charges, fraud against non-federal health programs, and approximately a dozen additional grounds. The Office of Inspector General publishes the resulting List of Excluded Individuals and Entities (the LEIE) at exclusions.oig.hhs.gov and updates the list monthly. The LEIE is searchable by name and by Social Security Number for fee-based downloadable data.

The civil-money-penalty consequence for employing an excluded person sits at 42 U.S.C. § 1320a-7a(a)(6) and the implementing regulation at 42 CFR Part 1003. An agency that submits claims for items or services furnished by an excluded individual — directly or indirectly — is subject to a CMP currently set at $24,478 per item or service furnished as adjusted under 45 CFR Part 102, plus an assessment of up to three times the amount claimed for each item or service, plus exclusion of the agency itself. The exposure does not require knowledge; "should have known" suffices, and the OIG's longstanding position (most recently reiterated in the May 8, 2013 Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs) is that monthly verification against the LEIE is the screening cadence consistent with the regulation. Agencies that check at hire and never re-check are exposed to the exact failure mode the Special Advisory Bulletin warns about: an employee excluded mid-employment whose continued participation triggers per-item CMP exposure that compounds quickly.

The operational program for OIG screening is straightforward: at hire, run the candidate against the LEIE and document the result in the personnel file with the date and the matching parameters used. Each subsequent month, re-run the entire workforce against the updated LEIE — this is a batch process most consumer reporting agencies and credentialing vendors run as a subscription, and it is standard table stakes for any vendor an agency would consider. The same month-by-month cadence applies to vendors and contractors: the screening obligation extends to any "individual or entity" whose items or services are reimbursed under a federal health care program, which in home health includes the contracted physical or occupational therapist, the per-diem RN, and any vendor billing through the agency's provider number.

State Medicaid agencies maintain their own exclusion lists in addition to the federal LEIE, and many states require providers to check the state list as well. New York, Texas, California, Ohio, and approximately three dozen other states publish state Medicaid exclusion lists that must be checked monthly under state Medicaid program-integrity rules. The 2008 Centers for Medicare and Medicaid Services State Medicaid Director letter required all state Medicaid agencies to terminate excluded providers and to make the state termination list available; the OIG further codified the screening expectation in the 2014 update to the Special Advisory Bulletin. The compliance program in any multi-state agency must include the LEIE and the state Medicaid exclusion lists for every state in which the agency operates.

Federal Layer 2 — SAM.gov Exclusions

The System for Award Management (SAM.gov) consolidated the former Excluded Parties List System (EPLS) and several other federal-contractor systems beginning in 2012. SAM.gov publishes the federal-government-wide exclusion list — individuals and entities debarred, suspended, proposed for debarment, or otherwise excluded from receiving federal contracts or federally approved subcontracts. The authority sits in the Federal Acquisition Regulation Subpart 9.4 and Executive Order 12549. While SAM.gov was originally a federal-procurement tool, the OIG's 2013 Special Advisory Bulletin makes clear that providers should check both the LEIE and SAM.gov as part of their pre-employment and ongoing screening — an individual excluded from SAM.gov is excluded from "any federally funded health care program," which includes Medicare and Medicaid.

The practical screening pattern is to bundle the LEIE check and the SAM.gov check into a single monthly run. The data sets overlap meaningfully — most LEIE entries also appear on SAM.gov — but neither list is a perfect superset of the other, and providers that check only one of the two have a documented compliance gap that surfaces on the OIG's voluntary-disclosure protocols and in self-disclosure cases.

Federal Layer 3 — State Nurse Aide Registry Verification (42 CFR § 483.156)

The State Nurse Aide Registry framework originated in the Omnibus Budget Reconciliation Act of 1987 (the federal Nursing Home Reform Act) and is codified at 42 U.S.C. § 1396r(e)(2) and 42 CFR § 483.156. Each state must maintain a registry of every individual who has satisfactorily completed a state-approved nurse aide training and competency evaluation program (NATCEP), together with findings from the state survey agency of resident neglect, resident abuse, or misappropriation of resident property. The registry is the federally mandated mechanism by which long-term care providers verify that an individual is a qualified nurse aide and is not subject to a substantiated finding that would make the individual ineligible for nurse aide work.

The Medicare home health CoPs incorporate the registry by reference. Section 484.80 — the home health aide services standard — requires that an individual providing home health aide services be qualified through one of the routes set out at § 484.80(b), and § 484.80(h) requires the agency to maintain documentation of the aide's qualifications. State licensure regimes layer their own registry verification language on top of the federal CoP. The operational expectation is that, before a home health aide makes first patient contact, the agency has searched the state's nurse aide registry, documented the search and the outcome, and retained the documentation in the aide's personnel file. The search is repeated when the aide moves between states (each state's registry is independent — there is no national aggregator), at the cadence the state requires for re-verification (annual, biennial, or at recertification, depending on state rule), and any time the agency receives notice of a potential adverse finding.

A nurse aide registry "finding" — substantiated abuse, neglect, or misappropriation — is a permanent disqualifier for nurse aide work in the state that recorded the finding, and most states recognize findings recorded by other states as well. The registry is the single most operationally important state-specific screen for home health aides; an aide with a substantiated finding cannot be put into service regardless of any other screening result.

State Layer — Criminal History Record Checks (CHRC)

State criminal history record checks fall into two categories: state police name-based checks (a search of the state criminal history repository against the candidate's name and date of birth, sometimes augmented by Social Security Number) and fingerprint-based checks (a submission of the candidate's fingerprints to the state police repository and, optionally, to the FBI Criminal Justice Information Services Division for a national check against the Interstate Identification Index). The two checks return different results — a name-based state check is faster and cheaper but misses out-of-state convictions and is vulnerable to identity-mismatch errors; a fingerprint-based FBI check is slower (typically two to six weeks) and more expensive but returns a national criminal history that the name-based check cannot.

Federal authority for FBI national criminal history checks of long-term-care employees comes through several pathways. The Adam Walsh Child Protection and Safety Act of 2006 amended the FBI's authority at 28 U.S.C. § 534 to permit fingerprint-based checks for many caregiver populations. Section 6201 of the Patient Protection and Affordable Care Act (codified at 42 U.S.C. § 1320a-7l) authorized the Long-Term Care Background Check Program, under which CMS funded grants to states to develop comprehensive background check programs for direct-patient-access employees of long-term-care facilities and providers — including, in many state plans, home health and home care agencies. As of May 2026, more than 30 states have used or continue to operate under § 6201 program structures, and the FBI fingerprint check is functionally a baseline expectation for caregiver hiring in those states.

The "disqualifying offenses" list — the conviction categories that bar an individual from caregiver work — is a state-level construct. There is no single federal disqualifying-offenses list applicable to home health (the OIG mandatory exclusion categories at 42 U.S.C. § 1320a-7(a) function as a federal floor, but the state lists are typically broader). Agencies operating in multiple states must understand the disqualifying-offense list for each state separately. Some states (Florida, Pennsylvania, California, New York, Ohio) publish detailed disqualifying-offenses lists by statutory citation; others incorporate by reference broader categories ("crimes involving moral turpitude," "felonies against persons," "drug-related felonies within seven years"). The compliance program needs the operational rule for each state in which it hires.

State Layer — Abuse and Vulnerable Persons Registries

Above and beyond the federally mandated nurse aide registry at 42 CFR § 483.156, many states operate additional registries that capture findings of abuse, neglect, financial exploitation, or other disqualifying conduct against vulnerable adults or children. The most operationally important of these for home health are the New York Vulnerable Persons Central Register (administered by the Justice Center for the Protection of People with Special Needs), the Pennsylvania Child Abuse History Clearance (administered by the Department of Human Services through Childline), the Florida Care Provider Background Screening Clearinghouse (administered by AHCA in coordination with the Department of Children and Families), and analogous state-level registries in Massachusetts, New Jersey, Illinois, and approximately twenty other states.

The screening expectation in each state with an abuse registry is that the agency will check the registry at hire, document the result, and re-check at the state-required cadence. Some states (Pennsylvania, New York) require the candidate to obtain the clearance directly and provide it to the agency; others (Florida) operate an employer-portal model in which the agency requests the screen and receives the result electronically. The personnel file expectation is the same: the screen is documented, dated, and resolved before patient contact.

Florida — AHCA Background Screening Clearinghouse and Level 2 Screening

The Florida Care Provider Background Screening Clearinghouse is the most fully integrated state background screening system in the country and is the canonical example of a "Level 2" fingerprint-based screen. The statutory framework sits at Section 408.809, Florida Statutes (background screening for employees of facilities licensed by AHCA), and Chapter 435, Florida Statutes (Employment Screening), with the Clearinghouse codified at Section 435.12, Florida Statutes. The screening rule applies to AHCA-licensed home health agencies and nurse registries under Chapter 400, Florida Statutes, and to a long list of other care-provider categories.

The "Level 2" terminology distinguishes a fingerprint-based check submitted to the Florida Department of Law Enforcement (FDLE) and the FBI from a "Level 1" name-based state-only check. Level 2 covers state and federal criminal history, sex offender registry, and the disqualifying-offenses list at Section 435.04, Florida Statutes — a roughly 50-offense list including capital felonies, sexual offenses, abuse and neglect of vulnerable adults, and several drug felonies. A finding of any disqualifying offense bars the individual from employment in a covered position unless the individual has obtained an exemption from disqualification under Section 435.07, Florida Statutes.

The Clearinghouse operational model is what makes the Florida regime distinctive: once an individual is fingerprinted and screened for any covered employer, the screening result is retained in the Clearinghouse and shared with subsequent covered employers (with the individual's consent), eliminating duplicate fingerprinting across agencies. The retention period is five years; if the individual has a 90-day-or-greater break in employment within a covered category, a new screen is required. Agencies access the system through the AHCA Background Screening portal, manage the agency's employee roster within the Clearinghouse, and document each screen in the Clearinghouse and in the agency's own personnel file.

Florida's screening regime is also tightly tied to the agency's licensure renewal — the AHCA OnLine Licensing system flags any covered employee whose Clearinghouse status is not current, and the agency cannot renew its license under Rule 59A-8 with non-compliant employees on the roster. The operational discipline an AHCA-licensed home health agency has to maintain is therefore continuous: every covered employee is on the roster, every roster entry is current, and every entry that ages out of the five-year window is re-fingerprinted before the deadline.

California — DOJ Live Scan and DSS Home Care Services Bureau

California operates two parallel screening regimes that affect home health and home care agencies, depending on which licensure category applies. Medicare-certified home health agencies are licensed by the California Department of Public Health (CDPH) under Health & Safety Code §§ 1725–1742 and screen direct-care employees through the California Department of Justice Live Scan fingerprint system under Health & Safety Code § 1338.5. Home Care Organizations (non-medical home care under the 2013 Home Care Services Consumer Protection Act, codified at Health & Safety Code §§ 1796.10–1796.65) are licensed by the California Department of Social Services (DSS) Home Care Services Bureau and screen Registered Home Care Aides through the DSS-administered Home Care Aide registry plus DOJ Live Scan.

Live Scan is California's electronic fingerprint capture and submission infrastructure, operated by certified Live Scan vendors who capture fingerprints electronically and submit them to the DOJ for state checks and the FBI for national checks. The statutory authority for Live Scan submission of caregiver fingerprints sits at California Penal Code § 11105 (state criminal history) and § 11077.1 (FBI national criminal history); the operational rules sit at Title 22 California Code of Regulations for the relevant licensure category. The DOJ returns a state criminal history report and, where requested, an FBI Identification Record; the agency reviews against the disqualifying-offenses list applicable to the role and the licensure category.

The "subsequent arrest notification" enrollment is the California analog to FBI Rap Back. When a caregiver's fingerprints are submitted to the DOJ with the appropriate authority code, the DOJ enrolls the print in its Subsequent Arrest Notification Service, and any future California arrest of that individual triggers a notification to the requesting agency. The notification is the operating mechanism that lets an agency catch an adverse arrest mid-employment without re-fingerprinting the entire workforce on a periodic schedule. Subsequent arrest notification is the California implementation of continuous monitoring; the FBI Next Generation Identification Rap Back service (described below) is the federal implementation.

For Home Care Organizations under DSS, the screening process is layered on top of the DSS-administered Home Care Aide registry. A Home Care Aide is registered with DSS — fingerprinted, criminally cleared, and listed in the DSS public registry — independently of any specific employer. The HCO verifies the aide's registry status before employment, the registration travels with the aide between HCOs, and the DSS revokes the registration if a disqualifying event occurs. The model is structurally similar to the Florida Clearinghouse but is limited to non-medical home care.

New York — Justice Center VPCR and DOH Background Check Authorization Unit

New York operates two parallel adult-protective screening regimes that home health and home care providers must navigate. The Justice Center for the Protection of People with Special Needs, established by the Protection of People with Special Needs Act of 2013, administers the Vulnerable Persons' Central Register (VPCR) under New York Social Services Law § 495. The VPCR records substantiated reports of abuse, neglect, and significant incidents involving vulnerable persons in covered settings; certain home and community based services providers are required by Mental Hygiene Law § 16.34 and Social Services Law § 488 to check the VPCR before hiring direct-support staff.

For Article 36 LHCSAs, Article 40 CHHAs, and other Department of Health-licensed home care providers, criminal history record check obligations sit at 10 NYCRR Part 402 and are administered by the DOH Background Check Authorization Unit (BCAU). Part 402 implements the Section 6201 long-term care background check program and requires fingerprint-based criminal history checks against the New York State Division of Criminal Justice Services and the FBI for unlicensed direct-care personnel. The DOH BCAU receives the fingerprint result, applies the disqualifying-offenses analysis under Public Health Law § 2899-a, and issues a determination — eligible for hire, ineligible, or eligible pending — that the agency operates against.

Part 402 also imposes the operational discipline of the "pre-determination employment" provision: a candidate may begin work in a non-direct-care role pending the BCAU determination, but cannot have unsupervised contact with patients until cleared. The agency's hiring workflow has to enforce the supervision constraint, document the date of fingerprint submission, document the date of clearance, and gate first patient contact on the clearance date. New York's Justice Center VPCR check is layered on top of the BCAU criminal history check for OPWDD-funded and certain other vulnerable-population services; the agency's screening matrix has to identify which of the two checks (or both) applies to each role and each funding source.

Pennsylvania — The Three-Clearance Stack Under Act 153 and OAPSA

Pennsylvania's screening regime for caregivers is the most fragmented of the major states, requiring three separate clearances for most direct-care positions. The statutory framework sits at the Older Adults Protective Services Act (OAPSA) at 35 P.S. §§ 10225.101–10225.5102 (for caregiver positions serving older adults), the Child Protective Services Law at 23 Pa.C.S. Chapter 63 (for positions involving contact with children), and Act 153 of 2014, which consolidated and amended the screening requirements across both child- and adult-facing programs. Together, the three clearances most home health agencies have to obtain for a caregiver are:

  • Pennsylvania State Police criminal history record check — name-based check of the Pennsylvania criminal history repository, obtained through the PA State Police PATCH (Pennsylvania Access to Criminal History) system.
  • Pennsylvania Child Abuse History Clearance — the "Childline" clearance from the Pennsylvania Department of Human Services, required for any position serving older adults under OAPSA as of the 2014 amendments and for any position involving routine contact with children under the CPSL.
  • FBI fingerprint criminal background check — required for any caregiver who has not been a Pennsylvania resident for the preceding two years, and for several covered position categories regardless of residency. Submitted through the Pennsylvania-approved fingerprint vendor with the Department of Aging or Department of Human Services service code, depending on the position category.

The OAPSA disqualifying-offenses list at 35 P.S. § 10225.503 includes a long list of crimes against persons, sexual offenses, neglect of a care-dependent person, and serious drug felonies. A conviction for a § 10225.503 offense is a permanent bar to direct contact with older adults in a covered home health, home care, or older-adult-services position. Pennsylvania also operates a provisional employment provision similar to New York's: a candidate whose clearances are pending can be employed for up to 30 days (sometimes extended to 90) under specified supervision conditions, but cannot be the sole caregiver for an older adult during the pendency window.

The Pennsylvania 28 Pa. Code Chapter 601 licensure rule for home health agencies and the Chapter 611 home care agency rule each require the agency to maintain documentation of all three clearances in the personnel file and to refresh the clearances at the cadence Act 153 requires (currently, every five years for renewal of OAPSA clearances; more frequently for certain CPSL-covered positions). An agency that has the State Police clearance but not the Childline clearance is non-compliant; an agency that has both Pennsylvania-issued clearances but not the FBI fingerprint check for a candidate who lived out of state in the prior two years is non-compliant. The three clearances are independent and all three must be in the file for direct-care eligibility.

Continuous Monitoring — FBI NGI Rap Back, State Subsequent Arrest, Monthly Re-checks

A background screen run at hire becomes stale the moment it is run. The compliance question that follows is the cadence and mechanism for catching an adverse event mid-employment. The market has converged on three layers of continuous monitoring, with implementation varying by state:

FBI Next Generation Identification (NGI) Rap Back Service. The FBI Rap Back service, operational since 2014, allows authorized agencies to enroll fingerprinted individuals in an ongoing-monitoring database. When the enrolled individual is subsequently arrested or convicted anywhere in the United States, the FBI sends a "rap back" notification to the enrolling agency. As of May 2026, more than 35 states have adopted Rap Back for one or more healthcare workforce categories, and several states (Florida, Texas, Pennsylvania, North Carolina) have integrated Rap Back enrollment directly into the state's caregiver screening process. Rap Back replaces the periodic re-fingerprinting cycle for enrolled individuals — once enrolled, the agency receives passive notification of any new criminal-history event without re-running the print.

State Subsequent Arrest Notification. Most states with their own criminal history infrastructure operate a state-level analog to Rap Back — the California DOJ Subsequent Arrest Notification Service, the New York DCJS notification service, and several others. State subsequent-arrest notification covers in-state arrests only; the FBI Rap Back covers out-of-state arrests. Agencies operating in a state with both services should enroll fingerprinted individuals in both.

Monthly LEIE and SAM Re-checks. The OIG LEIE and SAM.gov exclusion lists update monthly; the screening obligation is correspondingly monthly. Most consumer reporting agencies and credentialing vendors offer a monthly batch service; the agency uploads the active workforce roster and the vendor returns the matches. The match-resolution workflow is critical — an LEIE hit is not always a true positive (name and date-of-birth matches without SSN can be false positives), and the agency needs a documented adjudication procedure that resolves matches against the personnel file's Social Security Number and additional identifiers.

Periodic Re-screening. Many states require periodic re-screening at fixed intervals — every five years in Pennsylvania, every two years in some Texas categories, annually for certain New York vulnerable-population services. The compliance calendar has to track each employee's re-screening due date by state and role. The standard market practice for multi-state operators is a centralized credentialing tracker (HRIS module, dedicated credentialing platform like Symplr or HealthStream, or a customized spreadsheet) that surfaces upcoming re-screens 60 to 90 days in advance and assigns owner-and-deadline accountability.

The Fair Credit Reporting Act Wrapper — Disclosure, Authorization, Adverse Action

Every background check obtained from a third-party consumer reporting agency (CRA) is subject to the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq., regardless of the underlying federal or state screening obligation. The FCRA imposes three operational requirements on the employer: a written disclosure to the candidate that a consumer report will be obtained, a written authorization from the candidate, and the pre-adverse-action and adverse-action workflow if the agency takes adverse employment action based on information in the report.

The disclosure-and-authorization requirements at 15 U.S.C. § 1681b(b)(2)(A) are exacting. The disclosure must be (1) in writing, (2) clear and conspicuous, and (3) "in a document that consists solely of the disclosure" — case law (most prominently Syed v. M-I, LLC, 853 F.3d 492 (9th Cir. 2017)) has interpreted the standalone-document requirement strictly, meaning that bundling the disclosure into the employment application or including a liability waiver alongside the disclosure can render the entire screening process FCRA-non-compliant. The authorization can be on the same form as the disclosure but must be a separate, affirmative consent. Most CRAs provide a compliant disclosure-and-authorization template; the agency should not modify the template without legal review.

The pre-adverse-action workflow at 15 U.S.C. § 1681b(b)(3) requires that, before the agency takes adverse action (rescinding the offer, declining to hire, terminating employment) based on a consumer report, the agency must provide the candidate (1) a copy of the consumer report and (2) a copy of the FTC's Summary of Your Rights Under the Fair Credit Reporting Act. The candidate must then have a "reasonable opportunity" to dispute the accuracy of the report — the FTC and the courts have generally treated five business days as the floor for the dispute window. After the dispute window, if the agency proceeds with adverse action, the agency must provide a final adverse-action notice with the CRA's name and contact information, a statement that the CRA did not make the adverse decision, and notice of the candidate's right to obtain a free copy of the report and to dispute the accuracy directly with the CRA.

The FCRA penalty exposure is meaningful. Statutory damages for willful violations run from $100 to $1,000 per violation, plus actual damages, plus punitive damages, plus attorneys' fees — and class-action settlements in FCRA disclosure-and-authorization cases have run into the tens of millions of dollars. The FCRA wrapper is the single most-litigated piece of the background screening process and is where most non-compliance shows up.

EEOC Title VII — Individualized Assessment and the Green Factors

Title VII of the Civil Rights Act of 1964 prohibits employment practices that have a disparate impact on protected classes (race, color, religion, sex, national origin) and are not job-related and consistent with business necessity. The EEOC's April 2012 Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions Under Title VII applies the disparate-impact framework to the use of criminal-history information and identifies three "Green factors" — drawn from Green v. Missouri Pacific Railroad Company, 549 F.2d 1158 (8th Cir. 1977) — that an employer's individualized assessment of a criminal record should consider:

  • The nature and gravity of the offense or conduct.
  • The time that has passed since the offense, conduct, or completion of the sentence.
  • The nature of the job held or sought.

The EEOC Guidance does not preempt state-law disqualifying-offenses lists — when a state statute (Florida § 435.04, Pennsylvania § 10225.503, New York Public Health Law § 2899-a) categorically disqualifies an individual from a caregiver role, the agency cannot hire that individual regardless of the Green factors. Where state law gives the agency discretion (no categorical bar but a "consider for fitness" provision, or a "rebuttable presumption" provision), the EEOC Guidance requires the agency to apply the Green factors and to give the candidate an opportunity to provide additional information before adverse action. The interaction with the FCRA pre-adverse-action workflow is direct: the FCRA dispute window is the candidate's opportunity to provide the EEOC-required additional information, and a documented individualized assessment in the personnel file is the defensive record against a Title VII disparate-impact claim.

State and city "ban-the-box" and "fair chance" laws layer additional procedural requirements — many jurisdictions now prohibit asking about criminal history on the initial employment application, require the conditional offer to precede the criminal-history inquiry, and impose state-law adverse-action workflows that exceed the FCRA floor. California (the Fair Chance Act, Government Code § 12952), New York City (the NYC Fair Chance Act), and dozens of additional jurisdictions have specific procedural requirements that the agency's hiring workflow has to honor in addition to the federal FCRA and EEOC framework.

Consumer Reporting Agencies — Vendor Selection and HRIS Integration

The market for healthcare-workforce consumer reporting agencies has consolidated meaningfully in the last decade. The vendor selection criteria that matter for a home health agency are accreditation (Professional Background Screening Association/PBSA — formerly NAPBS — accreditation is the recognized industry standard), healthcare-specific package coverage (LEIE and SAM monthly subscription, state Medicaid exclusion lists, state nurse aide registry verification, professional license verification through the National Practitioner Data Bank and the state boards), state-coverage breadth (the vendor must support every state in which the agency operates), and turnaround time (FBI fingerprint results vary by state submission infrastructure but the vendor's median turnaround should be measured in days, not weeks).

HRIS and applicant-tracking-system integration is the operational discipline that turns a screening vendor into an in-workflow tool. The standard pattern is that the ATS triggers the background screen at the conditional-offer stage, the CRA returns the result to the ATS, the personnel-file system records the documented screen, and a separate compliance dashboard surfaces re-screening due dates. The integration eliminates the manual hand-offs that produce the most common compliance failure — the candidate hired before the screen comes back. A defensible workflow gates first patient contact on a system-enforced "cleared" status that the ATS will not allow the agency to bypass.

The contract terms with the CRA matter. The agreement should specify the CRA's FCRA compliance obligations, indemnification for screening errors, the data-retention period, the data-deletion-on-termination obligation, the agency's audit rights, and the Business Associate Agreement provisions if the CRA receives any protected health information (most CRAs do not, but some healthcare-specific packages include reference checks that touch PHI). The OIG-style monthly exclusion-screening package should be priced as a subscription, not per-employee — per-employee pricing on a monthly recurring screen produces the wrong economic incentive on workforce expansion.

The Pre-Hire Workflow — From Conditional Offer to First Patient Contact

The end-to-end workflow that satisfies every layer of the stack and survives both an OCR audit and an FCRA class-action looks like this:

  • Conditional offer. The agency extends a conditional offer of employment, contingent on satisfactory completion of all federal and state screens applicable to the role. The conditional offer precedes the criminal-history inquiry in ban-the-box jurisdictions.
  • Disclosure and authorization. The candidate signs the FCRA-compliant disclosure (standalone document) and the written authorization for the consumer report. The agency retains the signed forms for the duration of employment plus the state-required retention period (typically five years).
  • Federal screens. The agency runs the OIG LEIE check, the SAM.gov exclusions check, and the State Nurse Aide Registry verification (for nurse aide roles). Results dated and filed.
  • State criminal history. The agency runs the state-required criminal history check — name-based, fingerprint-based, or both — through the state-approved channel. Disqualifying offenses are evaluated against the state list.
  • State abuse and registry checks. Where the state operates an abuse registry or vulnerable-persons register, the agency runs the check and resolves the result.
  • FBI fingerprint check. Where required (Section 6201 program states, Florida Level 2, Pennsylvania for non-resident candidates, California Live Scan with FBI submission, New York DOH BCAU, and others), the FBI fingerprint check is submitted and the result documented.
  • License verification. For licensed professionals (RN, LPN, PT, OT, MSW), the agency verifies the active state license against the state board's primary source, queries the National Practitioner Data Bank for adverse licensure actions, and documents both.
  • Adjudication and adverse-action. If the screen returns a record, the agency conducts the FCRA pre-adverse-action workflow (copy of report plus Summary of Rights to candidate, dispute window) and the EEOC Title VII individualized assessment. The personnel file documents the assessment.
  • Clearance and gate. First patient contact is system-gated on the "cleared" status. The HRIS or ATS does not allow the candidate to be assigned to a patient until every applicable screen returns clear or, where the state permits provisional employment with supervision, the supervision constraint is enforced.
  • Continuous monitoring. The candidate is enrolled in FBI Rap Back and state subsequent-arrest notification where applicable, and the active workforce roster is run against LEIE and SAM monthly.
  • Periodic re-screening. The compliance calendar tracks the candidate's re-screening due dates by state and role and surfaces the upcoming dates 60 to 90 days in advance.

Common Failure Modes and Survey Findings

The patterns that recur in survey deficiencies, AHCA inspection notes, OIG voluntary disclosures, and FCRA class actions cluster into a small set of operational failure modes:

  • Hire before clearance. The candidate is assigned to a patient before the FBI fingerprint result returns. The personnel file reads "cleared" because the state-only check returned clean, but the FBI result that arrives two weeks later shows an out-of-state felony. The agency's gate failed.
  • Skipped monthly LEIE/SAM checks. The agency runs the federal exclusion screen at hire and then does not re-run. An employee added to the LEIE mid-employment continues to bill against the agency's provider number, and the per-item CMP exposure compounds for months before the agency discovers the exclusion.
  • Skipped state Medicaid exclusion lists. The OIG LEIE check is current but the New York OMIG, Texas HHSC, or California DHCS state Medicaid exclusion list is not checked. State Medicaid program-integrity audits surface the gap.
  • FCRA disclosure bundled with the application. The CRA's standalone-document template is replaced with an in-house form that includes the disclosure as one of several pages in the employment application. The class-action plaintiff's bar identifies this in pre-litigation review.
  • Out-of-state hire without FBI check. A candidate moves to Pennsylvania from another state and the agency runs the PA State Police and Childline clearances but skips the FBI fingerprint check required for non-residents. Department of Aging audit catches the gap.
  • Skipped re-screening on the five-year cycle. The Pennsylvania Act 153 five-year re-clearance comes due, the compliance calendar does not surface the date, and the employee continues working past the renewal deadline. The state survey finds the lapsed clearance in the personnel file.
  • Single-state vendor in a multi-state agency. The agency's CRA covers New York and New Jersey but not the Florida AHCA Clearinghouse interface, and the Florida hires are screened on a parallel manual track that drifts out of sync. The Clearinghouse roster shows non-current employees and AHCA flags the renewal.
  • No documented EEOC individualized assessment. A candidate is rejected based on a 12-year-old felony unrelated to caregiving. The candidate files an EEOC charge alleging disparate impact. The agency's personnel file has no individualized assessment record and no documented business-necessity rationale.

Multi-State Operators — The Compliance Matrix

An agency operating in two or more states cannot run a single uniform screening package. The compliance officer's operating tool is a screening matrix — a table that maps each state of operation to the federal screens (uniform), the state criminal history check (variable), the state abuse registries (variable), the disqualifying offenses list (state-specific), the re-screening cadence (state-specific), and the continuous-monitoring enrollment (Rap Back + state subsequent arrest). The matrix is the document the compliance officer hands to the CRA at vendor onboarding and the document the surveyor or auditor wants to see at survey.

The matrix grows in complexity with each new state. An agency expanding from a single state into a second jurisdiction will find that the screen package, the disqualifying-offenses list, the registry-check mechanism, the FBI-check trigger, and the re-screening cadence are all different in the new state, and the HRIS/ATS workflow has to be configurable per-state rather than uniform across the workforce. Multi-state operators converge on a matrix-driven workflow within their first year of expansion; agencies that do not converge produce uneven personnel files and ultimately fail surveys in the weakest-coverage state.

Authoritative Sources and Where to Verify

The federal and state regimes described above are codified across a dozen separate regulatory bodies. The primary sources to anchor an agency's screening program against are:

Each of these primary sources is updated independently; an agency's screening policy and procedure document should cite specific statutory and regulatory paragraphs by section number, and the policy review cycle should re-verify the citations annually because state rules in particular shift on a multi-year cadence (Pennsylvania Act 153 was amended in 2014 and again with technical corrections in 2017 and 2020; Florida Chapter 435 was amended in 2012 to create the Clearinghouse and again in subsequent legislative sessions; California Health & Safety Code Chapter 13 was created in 2013 and has been amended several times).

The Bottom Line

Background check compliance for home health is a stack, not a single screen. The federal floor — OIG LEIE, SAM.gov, State Nurse Aide Registry — applies in every state and is the easiest layer to overlook because it sits parallel to the criminal-history check that vendors emphasize. The state layer — criminal history, abuse registries, fingerprint checks — varies sharply between jurisdictions and adds operational complexity proportional to the number of states the agency serves. The continuous-monitoring layer — FBI Rap Back, state subsequent-arrest, monthly LEIE and SAM re-checks — is the discipline that catches mid-employment adverse events before they compound into per-item CMP exposure. The FCRA wrapper and the EEOC Title VII individualized-assessment overlay sit around all of the above and are where the most expensive single failure modes appear.

Operators who run a defensible screening program treat the program as a matrix rather than a checklist. Each state of operation gets a row; each role within the workforce gets a column; each cell identifies the specific federal and state screens, the disqualifying-offenses list, the re-screening cadence, and the continuous-monitoring enrollment. The matrix lives inside the HRIS or ATS, drives a system-enforced "cleared" gate before first patient contact, surfaces re-screening dates 60 to 90 days in advance, and runs monthly LEIE and SAM batch jobs as a subscription rather than as ad-hoc per-employee charges. The personnel file shows every screen by date and by source, the FCRA standalone-disclosure document is on file with the candidate's signature, the EEOC individualized-assessment record is documented for any adverse action, and the matrix is the document the agency produces at survey, at AHCA inspection, at OIG voluntary disclosure, and at FCRA pre-litigation review.

If you want a structured way to assess your background screening program against the same logic a state surveyor or an OIG investigator would apply, start with our compliance readiness assessment. It walks the screening stack alongside the rest of the federal and state compliance perimeter and produces an action list ordered by exposure. For the federal CoP layer that the screening program sits inside, the 42 CFR Part 484 working guide describes the survey instrument that pairs with the screening file; for the hiring process the screening program feeds into, the compliance-first hiring process for the first five caregivers walks the § 484.80 training and competency evaluation rule, the personnel file checklist before first patient contact, and the supervision and in-service requirements that begin Day 1; for the privacy-and-security perimeter that surrounds the personnel file, the HIPAA compliance walkthrough describes the BAA and access-control framework; and for the state-specific overlays, the California CDPH, New York Article 36, Texas HCSSA, Florida Rule 59A-8, Ohio ODH, Pennsylvania 28 Pa. Code Chapter 601, and Pennsylvania Chapter 611 deep dives describe the licensure-specific screening rules that sit on top of the federal floor.