What You Need to Know about the Drug Supply Chain Security Act

As the pharmaceutical industry barrels towards November 27, 2023, more and more pharma companies are asking for help understanding the requirements to comply with the Drug Supply Chain Security Act (DSCSA). On that date, all trading partners within the pharmaceutical supply chain must allow for:

• The interoperable exchange of Transactional Information and Transactional Statements in a secure, electronic manner 

• The interoperable verification of the Product Identifier, which includes the GTIN/NDC, serial number, lot number, and expiration date 

• The interoperable tracing of Transactional Information and Transactional Statements back to the manufacturer for each saleable unit

The keyword in all three requirements is “interoperable.”  Data must be passed amongst multiple trading partners within the supply chain in a secure, confidential manner. 

DSCSA has presented tremendous challenges for the pharmaceutical industry to meet, considering that some of the technology was barely in its infancy when the law was passed.  Fortunately, great strides have been made in the last few years, so new or existing manufacturers can rely on assistance from a variety of companies up and down the supply chain.  

It’s important to understand how we got where we are today by reviewing the history of DSCSA, the relevant statutes contained within, and the innovation and collaboration amongst all parties to create the “interoperability” necessary for a secure and efficient supply chain.

DSCSA history

The Drug Quality and Security Act (DQSA) was signed into law by President Obama on November 27, 2013.  This law amended the Food, Drug and Cosmetic Act giving the FDA more authority to regulate and monitor the manufacturing of compounded drugs and to make it easier to trace drugs throughout the pharmaceutical supply chain.  The legislation had two parts:  

• Title I of DQSA, the Compounding Quality Act, was written in response to the New England Compounding Center meningitis outbreak that killed 64 people in 2012.  

• Title II of DQSA is the Drug Supply Chain Security Act, which is the focus of this article.  DSCSA had several legislative goals.  First, it set out to establish standards for the exchange of transactional documentation in the form of Transactional Information, Transactional History, and Transactional Statements (definitions below).  Next, it sought to provide requirements for manufacturers, re-packagers, wholesalers, and dispensers (collectively, trading partners) to provide Transactional Information at each change of ownership and provides requirements for trading partners in the event of a recall, or knowledge of illegitimate or counterfeit drugs.

DSCSA also requires the manufacturer or re-packager to affix proper Product Information, to each package or homogenous case, in digital and human-readable form, including:

• Product NDC number (in form of Global Trade Item Number)

• Product Lot number

• Product Expiration Date

• Product Serialized Numerical Identifier (serial number)

Manufacturers and re-packagers can only sell to authorized trading partners, and the law establishes national license standards for wholesalers and third-party logistics providers. Trading partners must also verify returns before redistribution, and the law added requirements to provide for full tracing of products at the package level ten years after the law was enacted, which is set to be 11/27/2023.

The statutory components of DSCSA are being implemented in two phases.  Phase I required that all supply chain participants must work with authorized trading partners and these trading partners must provide a Transactional History back to the manufacturer, have processes and procedures to respond to requests from federal and state agencies, and systems to verify illegitimate or counterfeit products.

The traceability requirements of Phase II commenced in 2015 and were based on the passing and maintaining of three types of Information:

§  Transactional Information - includes the name of the product, its strength and dosage form, its National Drug Code, the container size, the number of containers, the lot number, the transaction date, the shipment date, and the name and address of the businesses from which and to which ownership is transferred.

§  Transactional History - paper or electronic statement that includes tracing the transaction information for each prior transaction back to the product’s manufacturer

§  Transactional Statement - paper or electronic statement by the business transferring ownership of the product and attesting that it has complied with the DQSA.

Prior to DSCSA, trading partners faced multiple licensing, regulatory, and recordkeeping requirements from both the states and federal government.  The “preemption” statute, which went into effect on November 27, 2013, was intended to create a single, uniform set of requirements applicable across all states related to the tracing of pharmaceutical products and the licensure of wholesale distributors and 3PLs.  The statute expressly defines product tracing system requirements, verification, investigation, disposition, notification, or recordkeeping relating to those systems, and paper or electronic pedigree systems for tracking and tracing drugs throughout the distribution system. 

Additionally, any state pedigree requirement related to product tracing or state licensing is necessarily “inconsistent with, more stringent than, or in addition to” the requirements in the DSCSA and thus, is preempted under the DSCSA.  This created a win for wholesalers and 3PLs who were already asked to shoulder a significant financial and regulatory burden created by DSCSA.  The DSCSA preempts any state licensure requirements for manufacturers that are related to the manufacturers’ distribution activities under section 585(b).

Below is a timeline of Phase II of the DSCSA with major milestones highlighted (click to enlarge):

Status check

So how is the industry progressing towards the goals set forth in the legislation?  According to an article written by GS1 Healthcare US Group (New serialization assessment finds better DSCSA readiness, updated 11/10/19), the ability for the industry to apply valid, readable barcodes to pharma containers, in accordance with DSCSA, has reached 70% compliance or more.  This may not sound impressive given DSCSA mandated 100% serialization by November 2018, but there were additional provisions afforded manufacturers, grandfathering in existing inventory produced prior to November 2018.  Since the approximate remaining expiration dating for this inventory is about 1.6 years, and the fact that pharmaceutical companies and their contract packagers have invested billions since the inception of DSCSA, the percentage of serialized inventory in the supply chain will continue to grow.

A small number of labels continue to be unreadable by scan or vision.  Wholesalers have been working with suppliers to improve the accuracy of these scans since compliance with DSCSA on the massive scale seen within the wholesaler segment can only be achieved by cooperation, better labeling, and technology.

Blockchain

With the full implementation of DSCSA looming in 2023, the interoperable exchange of Transactional Information and Transactional Statements in a secure, electronic manner has required new technology to manage the massive amounts of data created by serialization.  Research and development into the ability to blockchain data sets have been seen as a favorable way to achieve these interoperability goals.

Blockchain fundamentally stores “blocks” of Information in a way that is permanent and unalterable. With each transaction, a new “block” of data is added to the blockchain. Blockchain decentralizes data storage by connecting and duplicating digital Information across a network where it is available to anyone with access. The Information contained is then continually reconciled across the network. And because the data is not stored in any one single location, it cannot be manipulated or corrupted. 

The pharmaceutical industry continues to invest heavily to comply with DSCSA and secure the supply chain through the identification and tracking of medications that move through it. Blockchain is much more accurate and secure than existing technologies and can be applied throughout the healthcare ecosystem.
 

The clock is ticking

It is vital for all manufacturers to understand their responsibilities, especially those who will be launching new drugs during this critical time without any prior assistance with track-and-trace. The good news is that there is plenty of help for emerging pharmaceutical companies.  There are several organizations that specialize in serialization technology, and third-party logistic companies have also invested in serialization technology and are an increasingly important resource to explore. 

Fortunately, the pharmaceutical industry has collaborated in historic ways to provide for a safe and secure supply chain that will benefit all Americans.  Please remember that November 27, 2020, presents the next major milestone. As of that date, FDA will enforce wholesalers to only accept and sell serialized products, wholesalers to verify the serialized number on all saleable returns, and dispensers to only accept serialized product. 

It is vital to begin asking questions about your company’s DSCSA readiness and compliance, as well as that of your strategic partners, if you have not already. Consulting partners, like Archbow Consulting, can provide guidance and lend expertise while identifying the best resources available to reach full compliance.

Rob Besse is Vice President of Archbow Consulting. (This article was authored with collaborative support and shared expertise provided by Matt Sample and Heather Zenk at AmerisourceBergen.)