2 Compliance Takeaways from the 21st Century Cures Act

On Dec. 13, President Obama signed the 21st Century Cures Act (the Cures Act) into law, boosting healthcare research dollars, streamlining the Food and Drug Administration (FDA)’s drug and medical device approvals processes, and advancing mental health and addiction treatments.

The bipartisan legislation will make five key changes in the healthcare industry:
  • $4.8 billion in funding for the National Institutes for Health, including $1.8 billion for Vice President Biden’s Cancer Moonshot initiative.
  • $500 million to help the FDA streamline regulations and approvals for drugs and medical devices.
  • $1 billion in grants to help states combat the growing opioid crisis and improve mental health treatment.
  • Resources to improve the interoperability of electronic health record systems and provider education on the latest medical technologies.
  • Requires the HHS to create and maintain a centralized database of terminated Medicaid providers across states.
Goals that were once lofty could now be reachable under the Cures Act, but providers should also take a closer look at their internal compliance controls and understand their emerging compliance risks.

Centralized database of terminated Medicaid providers. The transition to value-based care, which encourages the collaboration of providers across the care continuum to boost care efficiencies, creates an increased risk for Medicaid fraud. Providers, particularly those that work with post-acute care and home health providers, should pay special attention to this component and use the database to ensure their provider partners have not previously been convicted of fraud in their state or others. Organizations must challenge their existing procedures to ensure any additional steps related to the national database are incorporated into their routine credentialing process, including acknowledgment that the national database has been reviewed for existing partners and consulted for any new providers. 

Providers should also ensure their internal controls to mitigate fraud are up-to-date, improving them where necessary and disclosing any discrepancies before the database comes into effect. Those who don’t may do so at their own peril as information about Medicaid fraud becomes more widely available.

Expedited FDA approvals. While this opens new (and quicker) avenues to innovation and drug and medical device approvals, it also presents greater risk for product discrepancies to slip through the cracks.

With new types of risk to medical devices stemming from cybersecurity and greater regulatory scrutiny under the False Claims Act, providers should put internal controls in place to adequately assess the quality of drugs and devices before prescribing them to patients. Because the law requires the FDA to consider real-world evidence in making approval decisions, providers should incorporate this data into their internal controls and choose their partners accordingly. The new law promotes innovation in the medical device area, and thus, the industry will see a significant increase in new vendors. Organizations will need to pursue partnerships with a healthy dose of cautious optimism.

Not all new vendors will have appropriate policies, procedures and internal controls in place to ensure compliance with the CMS and state regulations, and, most importantly, patient safety. As organizations identify new innovative techniques and devices, a critical step in partnering with vendors will be conducting due diligence around their approval processes for new products, their quality control management and their process for securing FDA approvals.

The Cures Act makes clear that the government is focused on expediting the development of cures for serious and costly diseases, but providers must address their compliance needs as they move to capitalize on the law’s key benefits.