Cures Act Provides World of Opportunity for Healthcare Innovation but Requires Providers to Read the Fine Print

February 2017

By Venson Wallin    
Update: Since the passage of the Cures Act in December 2016, the FDA has undergone an unprecedented rate of change, led in large part by FDA Commissioner Dr. Scott Gottlieb who has pushed for changes that include more competition among biosimilars and a faster clearance process for medical devices. And in 2019, we predict R&D momentum will continue, with academic medical centers even balancing their books with significant revenue from new discovery royalties. Continuing to innovate patient care is important to achieving shared value across the health and life sciences ecosystem. But the November 2018 International Consortium of Investigative Journalists’ ‘Implant Files’ series on the medical device industry highlights just how important it is to manage risk in tandem. Learn more about balancing innovation with risk management in our latest BDO Health & Life Sciences blog.

On Dec. 13, President Obama signed the 21st Century Cures Act (the Cures Act) into law, boosting healthcare research dollars, streamlining the Food and Drug Administration (FDA)’s drug and medical device approvals processes, and advancing mental health and addiction treatments.

The move followed a bipartisan congressional sweep in which the Senate approved the bill 94 to 5 and the House 344 to 77.


First, incorporating input from providers, patients and researchers, the Cures Act provides the National Institutes for Health (NIH) with $4.8 billion in funding over 10 years. This includes $1.5 billion earmarked for research into genetic, lifestyle and environmental diseases, $1.8 billion earmarked to accelerate cancer research through Vice President Joe Biden’s Cancer Moonshot initiative, and $1.5 billion earmarked to combat brain diseases like Alzheimer’s and epilepsy. The $4.8 million also includes funds for the Precision Medicine Initiative, an effort to use big data in collaboration with physicians to create more efficient, personalized treatments.

Second, the law provides the FDA with $500 million to streamline regulations to move drugs and medical devices through approvals more quickly. It also contains provisions to allow the department to:
  • Modernize clinical trials and the ways safety and efficacy data is analyzed;
  • Streamline regulations so the process for securing approvals on medical devices, technologies, vaccines and regenerative medicine therapies is more efficient;
  • Create incentives to develop both drugs for pediatric diseases and medical countermeasures; and
  • Provide the FDA with greater flexibility in reviewing and approving medical devices if they provide first-of-a-kind technologies.

Third, the law provides resources aimed at improving the interoperability of electronic health record (EHR) systems, and improving providers’ education on the latest medical technologies.

Next, the law includes $1 billion in grants to help states combat the growing opioid crisis and improve mental health treatment. Based on the Helping Families in Mental Health Crisis Act, this provision also:
  • Creates a new assistant secretary for mental health and substance abuse at the Substance Abuse and Mental Health Services Administration (SAMHSA) to coordinate mental health programs at the federal level;
  • Instructs the secretary of Health and Human Services (HHS) to clarify when communication is allowed under HIPAA so that communication between providers, patients and families is coordinated to boost mental health treatment; and
  • Expands Assisted Outpatient Treatment, a court-supervised treatment for children or adults with a history of repeated hospitalizations.

Finally, the law requires the HHS to create and maintain a centralized database of terminated Medicaid providers in any state—a component aimed at combating fraud, a risk increasingly on the minds of providers as the transition to value-based reimbursement continues.

Previously, providers entered agreements directly with the respective states as there was no centralized, federal database. Under the new law, by July 2018, states will be required to submit information about providers terminated from their Medicaid programs, whether for fraud or other criminal offenses.


The law underlines the government’s focus on expediting the development of cures for serious diseases that are not only devastating to patients, but also add up to a significant share of the total cost of healthcare nationally. (In 2016, Alzheimer’s and other dementias alone are forecast to cost the country $236 billion.)

It also warrants special attention where compliance is concerned, and providers should closely monitor and address certain components more than others. These include:

The centralized database of providers terminated by Medicaid. The transition to value-based care, which encourages the collaboration of providers across the care continuum to boost care efficiencies, creates an increased risk for Medicaid fraud. Providers, particularly those that work with post-acute care and home health providers, should pay special attention to this component and use the database to ensure their provider partners have not previously been convicted of fraud. While many organizations have procedures in place to check state databases for excluded providers within their state of operations, the ability to identify those excluded providers from other states who have recently moved into their state of operations has always been a challenge. The new law addresses that by creating the national database; however, organizations must challenge their existing procedures to ensure any additional steps related to the national database are incorporated into their routine credentialing process, including acknowledgment that the national database has been consulted for any new providers. Additionally, once the database is active, organizations should implement the best practice of reviewing existing providers to ensure Medicaid has not excluded them in another state, which would expose the organization to potential liability or reimbursement denial.

Providers should also ensure their internal controls to mitigate fraud are up-to-date, improving them where necessary and disclosing any discrepancies before the database comes into effect. Those who don’t may do so at their own peril as information about Medicaid fraud becomes more widely available.

Expedited FDA approvals. While this opens new (and quicker) avenues to secure drug and medical device approvals, and knocks down the regulatory obstacle to quicker medical innovation, it also presents greater risk for product discrepancies to slip through the cracks.

With new types of risk to medical devices stemming from cybersecurity and greater regulatory scrutiny under the False Claims Act, providers should put internal controls in place to adequately assess the quality of drugs and devices before prescribing them to patients. Because the law requires the FDA to consider real-world evidence in making approval decisions, providers should incorporate this data into their internal controls and choose their partners accordingly. The new law promotes innovation in the medical device area, and thus, the industry will see a significant increase in new vendors. While organizations should continue to pursue partnerships with vendors who can provide innovative ways to enhance patient treatment and satisfaction, they should do so with a healthy dose of cautious optimism. With a proliferation of new opportunities to expedite innovation, not all vendors will have appropriate policies, procedures and internal controls in place to ensure compliance with the CMS and state regulations, and, most importantly, patient safety. As organizations identify new innovative techniques and devices to pursue, a critical step in partnering with vendors should be to conduct due diligence around their approval processes for new products, their quality control management and their process for securing FDA approvals.

Goals that were once lofty could now be seemingly reachable under the Cures Act. While it provides opportunity for increased innovation and more cost-effective healthcare, providers should also take a closer look at their internal compliance controls—and address new risks because of this legislation.

By doing so providers can break new ground in innovation, while doing so in an orderly fashion.

Read Next Article, "IoT in Healthcare Presents Opportunity but Also Prompts Higher Guardrails Around Cybersecurity, False Claims Act"

Return to BDO Knows Healthcare Newsletter - Winter 2017