DSCSA authorized trading partners Archives - rfxcel.com

EPCIS DSCSA Exceptions Handling: What Is It and Why Is Everyone Talking About It?

Just a little over four months into the FDA’s DSCSA extended stabilization period and with the clock ticking down to the November 27, 2024, compliance deadline, EPCIS DSCSA exceptions handling is top-of-mind in the pharma industry.

But why? Let’s take a look at EPCIS DSCSA exceptions handling and how we can deal with it to ensure DSCSA compliance.

EPCIS DSCSA Exceptions Handling Keeps Your Products Flowing

The DSCSA requires the interoperable, electronic exchange of serialized product data. Specifically, trading partners must exchange Transaction Information (TI) and Transaction Statement (TS) data every time a regulated drug changes hands.

Exceptions are errors that may occur when partners exchange this data using EPCIS. If there’s an exception, the product cannot move forward in the supply chain, which means it won’t reach patients and consumers in a timely manner. Furthermore, if exceptions aren’t resolved quickly, a product could be considered suspect or illegitimate.

This is why EPCIS DSCSA exceptions handling is top-of-mind for the pharmaceutical industry.

Given the complex nature of securely exchanging serialized product data, it’s logical to expect exceptions, especially in the early days of enforcement. The Healthcare Distribution Alliance (HDA) has identified six categories of EPCIS DSCSA exceptions:

      1. Data Issues
      2. Damaged Products
      3. Product, No Data
      4. Data, No Product
      5. Packaging
      6. Product Hold

Exceptions have been on the HDA’s radar for years. At its Traceability Online Seminar in November 2021, for example, industry leaders discussed establishing standards for dealing with exceptions. They also discussed example scenarios, such as overages as a “Product, No Data” exception. In this scenario, a downstream trading partner might have 16 cases arrive at its facility but receive EPCIS data for only 15 of those cases. How does it notify the manufacturer? How does the manufacturer correct the TI so the case can be removed from quarantine and be on its way?

The message is clear: Trading partners must focus on building a system that quickly communicates and resolves data issues so products can keep moving.

Note: Also remember that the DSCSA requires all partners to be authorized trading partners (ATPs). This isn’t necessarily relevant to our discussion today, but it’s a critical part of compliance.

EPCIS DSCSA Exceptions Handling Solutions: Communication and Collaboration

The most important thing to remember about dealing with exceptions is that trading partners must communicate and collaborate. You are not working in a vacuum, and there is not a “lone wolf” solution for exceptions handling.

Herein lies the challenge. The communication infrastructure in the pharma supply chain — emails, online portals, phone calls, and so on — wasn’t designed with DSCSA compliance in mind, let alone dealing with exceptions handling in an interoperable, electronic data-exchange system.

So, in order for an EPCIS DSCSA exceptions handling solution to be effective, it must be built on a foundation of fast, targeted, and precise communication between/among the right people. In the overages example above, this would mean the trading partner that received the extra case would know exactly who to contact at the manufacturer, what information to share with that person, and how long it would take to fix the data error.

Are You Ready for EPCIS DSCSA Exceptions Handling?

The FDA’s extended stabilization period has given the pharmaceutical industry an additional year to prepare for the full serialization of the U.S. drug supply chain, including being able to deal with EPCIS DSCSA exceptions handling.

This is good news for everyone. But you have to use this time to ask yourself the tough questions:

      • Do you have systems up and running?
      • Are you testing your systems?
      • Are you communicating and collaborating with all of your trading partners?
      • Are you complying with the DSCSA requirements that are enforceable right now?
      • Are you working with a solution provider that fully understands your role in the supply chain, your product(s), your business, and your DSCSA compliance needs?
      • Are you going to be ready for November 27, 2024?

We are here to help. We have led on the DSCSA since rollout began in 2014. Today, we’re working with the industry to develop a collaborative approach to exceptions handling using GS1-based error correction.

Don’t let bad data disrupt your business. Contact us today to learn more. We’ll ensure you receive compliant data from your trading partners, quickly resolve data quality issues, and keep your products moving.

Spherity and Antares Vision Group further partnership to ensure life sciences customers will comply with upcoming DSCSA regulations

Antares Vision Group, through rfxcel technology, has integrated Spherity’s Credentialing Service into its DSCSA solutions to verify authorized trading partners’ identities and licensing in all regulated interactions.

Reno, Nevada, April 25, 2023 — Spherity, a German leading provider of digital wallet and credentialing solutions, and Antares Vision Group, an Italian multinational and a leading provider of track and trace and quality control systems, are continuing a partnership that helps ensure life sciences customers comply with this year’s U.S. Drug Supply Chain Security Act (DSCSA) regulations.

By November 27, 2023, manufacturers, distributors, dispensers, and other actors in the life sciences supply chain must prove that they are legitimate organizations, or authorized trading partners (ATPs), as defined by the DSCSA.

The two companies first partnered in 2021, when Spherity’s Credentialing Solution, CARO, was integrated into the Group’s Verification Router Service (VRS) solution, enabled by rfxcel technologies, to allow life science customers to confirm their ATPs status. The combined solution also allows customers to exchange DSCSA-compliant electronic Product Identifier (PI) messages, trace products, and create an audit trail of their VRS business interactions.

CARO uses Self-Sovereign Identity (SSI) technology to establish a secure, verifiable digital enterprise identity for every ATP. By integrating the service into its VRS solution, rfxcel customers can ensure secure, authenticated data exchange with other ATPs and verify they have the credentials required by the DSCSA, including state licenses and U.S. Food and Drug Administration Entity Identifiers (FEIs).

“We partnered with Spherity to enable our customers to comply with this year’s DSCSA authorized trading partner (ATP) requirements,” said rfxcel Senior Vice President of Product and Strategy Herb Wong. “With Spherity’s CARO, our VRS solution automatically confirms whether a company is an ATP. Now, every customer can add ATP credentialing to our entire product portfolio and secure their VRS interactions.”

“Spherity will ensure that Antares Vision Group’s customers can securely exchange data with previously unknown entities,” said Georg Jürgens, Spherity’s Manager for Industry Solutions. “The concept of exchanging and verifying credentials using Digital Wallets supports company and product compliance use cases that require communication between regulators, existing supply chain partners, and new trading partners.”

Spherity and Antares Vision Group are members of the Open Credentialing Initiative (OCI), and both contribute to the standardization and industry-wide interoperability of credentialing technology.

For more information about the Spherity-Antares Vision Group partnership, their solutions for DSCSA compliance with ATP requirements, and the Open Credentialing Initiative, contact Spherity’s Manager for Industry Solutions Georg Jürgens at georg.juergens@spherity.com and visit caro.vc, and rfxcel Senior Vice President of Product and Strategy Herb Wong at hwong@rfxcel.com.

ABOUT ANTARES VISION GROUP

Antares Vision Group is an outstanding technology partner in digitalization and innovation for companies and institutions, guaranteeing the safety of products and people, business competitiveness, and environmental protection. The Group provides a unique and comprehensive ecosystem of technologies to guarantee product quality (inspection systems and equipment) and end-to-end product traceability (from raw materials to production, from distribution to the consumer) through integrated data management, applying artificial intelligence and blockchain technology. Antares Vision Group is active in life science (pharmaceutical, biomedical devices and hospitals) and Fast-Moving Consumer Goods (FMCG), including food, beverage, cosmetics, and glass and metal containers. As a world leader in track and trace solutions for pharmaceutical products, the Group provides major global manufacturers (over 50% of the top 20 multinationals) and numerous government authorities with solutions, monitoring their supply chains and validating product authenticity. Listed since April 2019 on the Italian Stock Exchange in the Alternative Investment Market (AIM) segment and from 14 May 2021 in the STAR segment of Euronext; furthermore, from July 2022 included in the Euronext Tech Leaders index, dedicated to leading tech companies with high growth potential. In 2022, Antares Vision Group recorded a turnover of €223.5 million. The Group operates in 60 countries, employs more than 1,100 people, and has a consolidated network of over 40 international partners. To learn more, please visit www.antaresvision.com and www.antaresvisiongroup.com.

ABOUT SPHERITY

Spherity is a German software provider bringing secure and decentralized identity management solutions to enterprises, machines, products, data and even algorithms. Spherity provides the enabling technology to digitalize and automate compliance processes in highly regulated technical sectors. Spherity’s products empower cybersecurity, efficiency and data interoperability among digital value chains. Spherity is certified according to the information security standard ISO 27001.

Join Antares Vision Group at the HDA 2022 Traceability Seminar in October

Antares Vision Group will be at the HDA 2022 Traceability Seminar October 12-14 at the Marriott Marquis in Washington, D.C. We’re an official sponsor, and our team will be there with our latest technologies and solutions. Stop by to meet us!

The HDA 2022 Traceability Seminar brings together healthcare supply chain leaders to learn more about implementation milestones of the DSCSA as distributors, manufacturers, and dispensers implement serialization and traceability technologies.

Attendees also discuss innovative approaches and lessons learned from the first 9 years of the DSCSA rollout and what to expect during the “last mile” of implementation until the November 2023 deadline.

Get the latest DSCSA intel from our experts at the HDA 2022 Traceability Seminar

If you’re reading this, chances are you know that we’ve been leading on the DSCSA since Day 1 and have collaborated with the pharma industry to test key systems, work out kinks, and help all stakeholders prepare. Here are just a few examples:

And it should come as no surprise that Herb Wong, our SVP of product and strategy, will be at the Seminar. He’ll be at our booth, of course, but he’s also doing the “EPCIS Onboarding Across the Supply Chain” panel discussion on Thursday, Oct. 13, from 1:30 to 2:30 p.m.

Herb will also host a Friday morning roundtable about DSCSA readiness. Antares Vision Group is sponsoring the day’s Roundtable Discussions (9:35-10:50 a.m.), where you can discuss operational issues associated with traceability implementation. Choose a topic that interests you and rotate through the tables with your peers. Highlights from the discussions will be shared at the end of the session.

With this experience and knowledge, our team wants to answer your questions and show you our solutions while you’re at the Seminar. No matter how far along you are in your DSCSA preparations, time with our team will be time well spent — informative, interesting, and maybe even game-changing.

Final thoughts

We’re just a year away from the final DSCSA deadline and the full serialization of the U.S. pharmaceutical supply chain. The HDA 2022 Traceability Seminar is really the place to be when it comes to the “right now” of the DSCSA for product identification, product tracing, product verification, and requirements for authorized trading partners.

So bring your DSCSA questions for our team and let us know how things are going. Visit our booth. Sit in on Herb’s Thursday EPCIS panel discussion and his Friday roundtable. If you have 3 minutes, take our DSCSA Readiness Survey. You can also check out our DSCSA Compliance Library for all of our resources about the law.

We hope to see you in October!

DSCSA Compliance Update with Herb Wong: What’s Happening Right Now?

Herb Wong’s a busy guy. We said that the last time we did a DSCSA compliance update with him, and it’s still true today Just last week, for instance, he participated in two Healthcare Distribution Alliance (HDA) webinars, “DSCSA 2023: How a Service Provider Can Help You Prepare” and “All About the VRS.” These were part of the HDA’s 2022 Traceability Webinar Series, which Antares Vision Group is sponsoring.

That’s why it was such a treat to get some one-on-one time with Herb for a real-time DSCSA compliance update — what’s happening right now with industry readiness.

We asked Herb to talk about what he calls “the four cornerstones” of DSCSA compliance: product identification (EPCIS and serialization), product tracing, authorized trading partners (ATPs), and verification (the Verification Router Service, or VRS). Here’s what he had to say.

DSCSA compliance update #1: product identification (EPCIS and serialization)

All solution providers’ systems are ready to send and receive serialization data in the EPCIS format, but we still need to help the industry get data flowing. To use an analogy, even though the pipes have been laid and connected, we’re just not getting enough water through to test for “leaks” in the system — errors in send/receive processing. Just as important, we need time to “flush the pipes” to ensure that we have “clean water.” By that I mean ensuring that the data is correct.

We’re trying to do everything we can. We’ve actually developed a standard process for onboarding customers and getting data exchanged with other solution partners. We’re going to be piloting this so we can refine the onboarding process. [Herb’s talking about the EPCIS Onboarding Guide Workgroup and its draft “Guide for Accelerated EPCIS Onboarding.”]

What’s the key takeaway, Herb?

The key takeaway is, “Let’s connect, let’s get the serialized data out.” Time is running out. That’s the biggest message. People who think they have time to wait until next year, you really don’t. Because what’s going to happen is similar to what happened when the lot-based laws went live: The people who waited couldn’t find help. All the solution providers were busy; everyone was busy. And everyone who waited was trying to get through the same door to meet the deadline.

So, if you’re a manufacturer, you have to start sending data early. If you’re serializing and not sending data downstream, start now. Don’t wait till the November 2023 deadline. You have to “turn on the switch.” Send your data downstream now.

At this point, we decided to ask Herb about aggregation.

DSCSA doesn’t say anything about aggregation. But wholesalers are asking for aggregation to support their business processes. When you send electronic data, wholesalers need to know what serial numbers are in the cases they just received.

Aggregation is a business requirement for operational efficiency. For example, if you get 10 cases with a hundred items in each case, you don’t want to open the cases and scan every item to see what you received and will ultimately ship. Aggregation makes things faster and more efficient. It’s similar to how VRS had both a legal and a business requirement: The legal requirement mandated a response within 24 hours for saleable returns verification. But given the potential volume of saleable returns, 24 hours was too slow for wholesalers; it would cause the receiving docs to fill up with products pending verification. For this reason, wholesalers mandated a business requirement of sub-second response times.

DSCSA compliance update #2: product tracing

A centralized solution or standard has not been defined for product tracing. A lot of different approaches have been discussed, but there’ve been no specs, no firm requirements, that solution providers can implement at this time.

Right now, we’re supporting the industry’s manual process for product tracing. The HDA, NABP, and PDG have done a really good job of outlining what’s required for tracing. [That’s the Healthcare Distribution Alliance, the National Association of Boards of Pharmacy, and the Partnership for DSCSA Governance.]

They’ve walked through a series of scenarios that can be executed manually and have helped the industry to better understand the complexity and nuances of tracing a product through the system. In parallel to this effort, the PDG is working on a data format to communicate traceability requests and responses. PDG is putting that information into a JSON format to communicate the need. [JSON is the JavaScript Object Notation data interchange format. Its advantages are that it uses human-readable text and is a more compact means of communicating data.]

What’s the key takeaway, Herb?

Pay attention to the traceability scenarios that are coming out of the HDA, NABP, and PDG. They’re doing a really good job of trying to show how tracing workflows will happen. They’ll be publishing more results and helping the industry understand. Watch for these, because it will enlighten you about what’s coming in 2023.

DSCSA compliance update #3 and #4: ATPs and VRS

From a solution provider standpoint, the ATP and VRS initiatives have become one and the same. Right now, ATPs have only been applied against the VRS, so the timing for us to get that done has become one implementation effort.

When you make a VRS request, you have to prove you’re an ATP. ATP is there to confirm two things: you are who you say you are and you are authorized to transact business. Proof that you are an ATP is especially important in the VRS network since trading partners may not have direct relationships with other VRS participants.

For VRS, there’s a new version 1.3 that will be deployed before the DSCSA 2023 deadline. The current version we have is based on the 1.2 standards interface. The 1.3 version “opens up” VRS beyond what it was intended to do, which is the verification of saleable returns.

What people should know is that VRS 1.3 is not backwards-compatible. This means VRS providers have to upgrade at once. To ensure that the upgrade occurs on time, solution providers have agreed to “decouple” the 1.3 interface from the 1.3 functionality.

What this means is that everyone on the VRS network will remain connected since we will all support the new 1.3 connections. However, solution providers (or customers) who are not ready to upgrade to the new 1.3 functionality can continue to use VRS as needed. That’s going to be important because it allows us to change the interface so we can at least keep talking to each other. We can be interoperable. But not everyone has to support the features of 1.3 at the same time.

As for timing of the update, we’re talking about doing the testing of the interoperability of 1.3 in Q1 [of 2023]. So we’ll have to push this into a production environment after Q1, but we haven’t agreed on a production date.

What’s the key takeaway, Herb?

There is going to be an upgrade required soon and the industry and solution providers are working to make sure it’s easy to implement. We realize that is not as simple as a software upgrade but we need to carefully consider the revalidation requirements of our customers.

Final thoughts

And there you have it: A DSCSA compliance update about what’s happening right now with industry readiness for product identification (EPCIS and serialization), product tracing, and ATPs and VRS. Thanks, Herb!

Contact us if you have questions about what Herb talked about or the DSCSA in general. We can explain the requirements and how our solutions will help ensure you’re ready for November 2023 and the full serialization of the U.S. pharmaceutical supply chain.

If you like, we can probably arrange a meeting with Herb. But remember, he’s busy. In the coming weeks, he’ll travel to the Antares Vision Group global HQ in Italy, visit the Group’s brand-new North America HQ in New Jersey, and join a panel discussion at the HDA Traceability Seminar in Washington, D.C. (Antares Vision Group is also a sponsor of that annual event.) So reach out today and let’s see what we can work out.

Also take a look at our DSCSA Compliance Library. It’s a clearinghouse of information with links to our blog posts, white papers, webinars — everything — about the law, including the “four cornerstones” Herb talked about in today’s DSCSA compliance update.

Understanding FDA DSCSA Guidance for the Pharmaceutical Industry

The Drug Supply Chain Security Act (DSCSA) was passed 10 years ago in November 2013. Congress created the legislation to secure the U.S. pharmaceutical supply chain through unit-level product identification (serialization) and electronic exchange of product information.

Over the years, the FDA has issued updates and revised DSCSA guidance for manufacturers, dispensers, wholesale distributors, and other pharma stakeholders. If your products and/or operations are regulated by the law, it is vital to remain aware of requirements, changes, and deadlines.

Let’s explore the DSCSA guidance and requirements and what the FDA has done in recent years.

What Is the DSCSA?

Created as Title II of the Drug Quality and Security Act (DQSA), passed by Congress in November 2013, the DSCSA is an initiative to prevent the introduction and distribution of counterfeit, stolen, contaminated, or otherwise harmful drugs in the United States. It outlines steps to build an interoperable electronic system to identify and trace prescription drugs as they are distributed throughout the country.

Who Must Comply with the DSCSA?

Manufacturers, wholesale distributors, repackagers, dispensers (i.e., pharmacies, healthcare systems), and third-party logistics providers (3PLs) all have requirements with which they must comply.

Recent DSCSA Guidance Updates

Recently, the most notable action from the FDA was its announcement in August 2023 that it was delaying by one year enforcement of key DSCSA requirements. This “extended stabilization period” moves the enforcement date to November 27, 2024.

This DSCSA guidance primarily affects manufacturers, wholesale distributors, dispensers, and repackagers; delayed enforcement pertains to product identifiers (PIs) at the package level; saleable returns; interoperable, electronic product tracing; and investigating suspect and illegitimate products.

Though this gives the industry more time to comply, the Agency has made it clear that the postponement doesn’t amount to a grace period. It said the stabilization period was “not intended to provide, and should not be viewed as providing, a justification for delaying efforts by trading partners to implement the enhanced drug distribution security requirements.”

You can read the FDA’s official document about the stabilization period here.

Other Noteworthy DSCSA Guidance Updates

July 25, 2022: The FDA published a proposed rule, “Revising the National Drug Code Format and Drug Label Barcode Requirements.” The National Drug Code, or NDC, is the Agency’s “standard for uniquely identifying drugs marketed in the United States.” The codes are usually found on product labeling and might be part of the universal product code (UPC). Read more about the NDC and what the FDA said here.

October 23, 2021: In a policy document, the FDA announced it was delaying enforcement of key requirements to verify saleable returns. It also included guidance for wholesale distributors concerning transaction statements under the Federal Food, Drug, and Cosmetic Act (FD&C Act).

The timeline below provides an at-a-glance view of DSCSA guidance as the law has been rolled out over the last decade.

A timeline showing key dates of the U.S. Drug Supply Chain Security Act (DSCSA) from 2013 to 2024

DSCSA Guidance in Context, Today

The stabilization period announced in August 2023 did not, in fact, change the original compliance deadline of November 27, 2023; it is up to individual states to decide if they’re going to enforce the requirements before November 2024.

However, the FDA said extending enforcement will give supply chain stakeholders the extra time that may be necessary “to continue to develop and refine appropriate systems and processes to conduct interoperable, electronic tracing at the package level, to achieve robust supply chain security under the DSCSA while helping ensure continued patient access to prescription drugs.”

What DSCSA Requirements Are in Effect Right Now?

It follows from what we just said that there is DSCSA guidance in effect right now. Some digressions are prohibited per the FD&C Act and can be enforced — with consequences ranging from product seizure to fines to imprisonment. Both federal and state authorities may take action against DSCSA violations.

What Was Enforceable Before Nov. 27, 2023?

Here are a few regulations that can be enforced now. For a full list, see the National Association of Boards of Pharmacy’s (NABP’s) excellent article here. (And also be sure to read about how we were the first DSCSA solution provider to join NABP’s Pulse Interoperable Partner Program. Learn more here!)

  • All trading partners must be authorized trading partners (ATPs) and can only buy, sell, or trade with other ATPs.
  • ATPs must be able to identify and manage suspect and illegitimate products.
  • A product identifier (PI) must be placed on all regulated drug packages and homogenous cases — except for grandfathered products or products with an FDA waiver, exception, or exemption.
  • ATPs must provide certain information about a drug and who handled it each time it’s sold: transaction information (TI), transaction statement (TS), and transaction history (TH).

What Went into Effect on Nov. 27, 2023?

The November 2023 deadline was when enhanced security requirements went into effect. We’ve written extensively about this for years (in our recently updated DSCSA white paper, for example), but here’s a summary of what companies must do to comply:

  • Exchange TI and TS securely, electronically, and interoperably. TI must include each package’s unique identifier.
  • Verify PIs at the package level.
  • Respond to appropriate tracing requests and trace products at the package level (serialization).
  • Associate saleable returns with the TI and TS associated with its initial sale.

Final Thoughts About DSCSA Guidance

So what’s the upshot of all this information? It’s simple: Don’t stop preparing.

Use your extra time during the stabilization period to evaluate your systems, communicate and coordinate with your trading partners, and — importantly — ensure you’re working with a solution provider that knows the DSCSA guidance inside and out.

If you have questions about the DSCSA or are concerned that your current provider may not have the tools you need to comply, we encourage you to contact us today to speak with one of our DSCSA experts. We are committed to meeting DSCSA compliance for all our customers in a timely manner.

DSCSA EPCIS Update: 3 Questions for rfxcel SVP of Product and Strategy Herb Wong

Herb Wong’s a busy guy. As senior vice president of product and strategy at rfxcel, he’s always on the go, advising and conferring with customers, talking and brainstorming with industry leaders, dashing off to speak at conferences, and thinking of new ways to improve … everything. So we were happy that he found time to talk with us about what’s happening with DSCSA EPCIS.

Our chat comes as Herb is fresh off an appearance at the Healthcare Distribution Alliance (HDA) Distribution Management Conference in Austin, Texas, where he participated in the “EPCIS Standards and Implementation Process” panel discussion. HDA also recently published a DSCSA EPCIS Implementation Benchmarking Survey about the progress of adoption and trading partner plans for sending data.

Here’s the scoop:

Herb, what has the EPCIS Center of Excellence learned about industry readiness for the DSCSA EPCIS requirements?

Well, the EPCIS COE, which we introduced at the HDA Quarterly Update in September last year, has discovered a number of things through our studies and meetings. Here are takeaways in the key areas of education, consistency, and standards.

As we get closer to the November 2023 deadline, new participants are less knowledgeable about EPCIS and DSCSA. Their integrations take more time and they have more questions and need more education. This was a recurring theme we started hearing during our EPCIS COE interviews. Because of this, the HDA and GS1 are looking to see how they can offer/repackage training to get the industry up to speed.

In terms of consistency, we are looking into developing a common, consistent process for all solution providers to begin an EPCIS exchange. This can improve the efficiency across all supply chain partners.

And for standards, we have been discussing a process or tool to have all participants verify that their EPCIS data is formatted correctly before they begin exchanging it with others. GS1 developed an offering for this and everyone agrees that it’s a good idea; but determining who pays for this testing has been challenging.

How has the industry reacted to the EPCIS COE’s efforts?

Overall, everyone has been receptive. But this is a huge undertaking. It reminds me of the question, “How do you eat an elephant?” Answer: “One spoonful at a time.” Accelerating EPCIS data exchange is like that. It’s so big that people don’t know exactly where to start.

The answer is to just start somewhere and then learn and improve. The hardest part is getting started. Once we decide on a few areas where we can make an impact, momentum will keep us moving forward. We are in the process of agreeing on what we can do, so stay tuned!

What are your thoughts about industry readiness?

A number of supply chain partners asked me this question at the HDA Distribution Management Conference in Austin earlier this month. The industry is becoming more focused on the deadline. Everyone is realizing that the time for open-ended discussion is coming to a close and decisions must be made. We have 19 months to be ready for DSCSA 2023 and a lot of different efforts must be aligned.

Final thoughts

Herb Wong, everyone!

We hope Herb’s answers were helpful and shed light on the industry’s efforts to be ready for the DSCSA EPCIS requirements. As he said, it’s an elephant-sized undertaking with a lot of moving parts that need coordination and consensus. The EPCIS COE is “the spoon” that’s helping the pharmaceutical industry digest the requirements, address the challenges, and get everyone compliant by November 27, 2023.

If you still have questions, your first step should be to contact us. One of our supply chain experts can explain the requirements and how our solutions will get your house in order. If you like, we can probably arrange a meeting with Herb. So reach out today and let’s talk.

We also encourage you to browse our DSCSA Compliance Library. It’s a clearinghouse of information with links to our blog posts, white papers, webinars — everything — about the law, including EPCIS requirements.

Last, we want to let you know that in June Herb will head to San Diego to speak at the GS1 Connect 2022 conference. On Thursday, June 9, he’ll present “Supply Chain Traceability: Can Your Business Survive Without It?” Herb will discuss why traceability is foundational to business success and how companies in any industry can leverage traceability in a digital supply chain to ensure they comply with regulations and much more. Check back for updates as we get closer to June!

DSCSA Compliance Library: Comprehensive DSCSA Information in One Location

Welcome to the rfxcel DSCSA Compliance Library. It’s a collection of our key DSCSA resources (as of September 2023) and is a convenient place to get information as the industry navigates the “extended stabilization period” until FDA enforcement begins on November 27, 2024.

We will, of course, continue writing about the DSCSA and providing the best supply chain solutions to ensure manufacturers, wholesalers, dispensers, repackagers, third-party logistics providers — all pharmaceutical stakeholders — meet the requirements and remain compliant forever.

So bookmark this page and our blog. You can also subscribe to our newsletter to make sure you don’t miss anything about the DSCSA and other important developments in the pharma industry. Just fill out the short form at the bottom of any page on our website.

And of course, contact us today with your questions about the DSCSA or anything else about the pharma supply chain. Our experts are here to help.

A note about the rfxcel DSCSA Compliance Library

Please note that that we haven’t included everything we’ve written or presented about the DSCSA. Deadlines and requirements have changed since the law was enacted in November 2013, so some of our earlier pieces are, logically, outdated.

The DSCSA in our blog

DSCSA compliance white papers

Our top DSCSA news items

­­Our top DSCSA webinars

The DSCSA timeline

A timeline showing key dates of the U.S. Drug Supply Chain Security Act (DSCSA) from 2013 to 2024

What is the Drug Supply Chain Security Act (DSCSA)?

Today’s question: What is the Drug Supply Chain Security Act (DSCSA)?

The Drug Supply Chain Security Act (DSCSA) was passed on November 27, 2013. Envisioning a 10-year journey leading to the complete serialization of the U.S. pharma supply chain and electronic, interoperable exchange of product information, the law is scheduled to take effect on November 27, 2023.

We’ve written extensively about the legislation, but with the deadline for full compliance quickly approaching, we thought an overview was in order.

So let’s take a look at the DSCSA from top to bottom — milestones, requirements, highlights, expectations, and challenges — and answer the question, What is the Drug Supply Chain Security Act?

The Most Recent DSCSA Developments

As the timeline below shows, the FDA has adjusted DSCSA compliance deadlines during the rollout. The most recent — and arguably most significant — happened in August 2023, when the Agency announced that it was delaying by one year enforcement of key DSCSA requirements. This “extended stabilization period” moves the enforcement date to November 27, 2024.

However, it’s vital that all supply chain actors understand that the original compliance deadline of November 27, 2023, still stands. The Agency has made it clear that the stabilization period is not a delay of the 2023 requirements: It expects companies to have implemented the mandated systems and work to ensure they are operating correctly, smoothly, etc.

In Enhanced Drug Distribution Security Requirements Under Section 582(g)(1) of the Federal Food, Drug, and Cosmetic Act — Compliance Policies, the FDA states:

This guidance is not intended to provide, and should not be viewed as providing, a justification for delaying efforts by trading partners to implement the enhanced drug distribution security requirements under section 582(g)(1) of the FD&C Act. FDA strongly urges trading partners to continue their efforts to implement necessary measures to satisfy these enhanced drug distribution security requirements.

So what’s the key takeaway: Don’t stop preparing for the DSCSA. If you have questions about the DSCSA stabilization period or are concerned that your current provider isn’t doing everything it can to set you up for success, we encourage you to contact us today to speak with one of our DSCSA experts. We are 100 percent committed to ensuring all of our customers meet DSCSA compliance.

DSCSA Timeline

A timeline showing key dates of the U.S. Drug Supply Chain Security Act (DSCSA) from 2013 to 2024

DSCSA at a Glance

Created as Title II of the Drug Quality and Security Act (DQSA), passed by Congress in November 2013, the DSCSA is an initiative to prevent the introduction and distribution of counterfeit, stolen, contaminated, or otherwise harmful drugs in the United States. It outlines steps to build an interoperable electronic system to identify and trace prescription drugs as they are distributed throughout the country. By providing comprehensive FDA guidance, the act facilitates the accurate tracing of products from the point of production to distribution to dispensation and beyond.

Understanding the Drug Supply Chain Security Act

If you’re a pharmaceutical company — a manufacturer, wholesaler, dispenser, repackager, or third-party logistics provider — you must comply with the Drug Supply Chain Security Act (DSCSA) if you want to do business in the United States.

The U.S. Food and Drug Administration (FDA) says the goal of the DSCSA is “to build an electronic, interoperable system to identify and trace certain prescription drugs as they are distributed in the United States.” The Act “will enhance [the] FDA’s ability to help protect consumers from exposure to drugs that may be counterfeit, stolen, contaminated, or otherwise harmful” and “improve detection and removal of potentially dangerous drugs from the drug supply chain to protect U.S. consumers.”

As we said above, the law has been rolled out in phases since it was passed nearly 10 years ago. Even though enforcement was delayed until November 2024, the FDA expects all supply chain stakeholders to keep preparing.

Key Requirements of the Drug Supply Chain Security Act

The DSCSA requirements can be divided into several categories that apply to manufacturers, repackagers, wholesale distributors, dispensers, and 3PLs. Each is important, but four are particularly vital to being ready for November 2023 because they require these stakeholders to have specific systems in place to be fully compliant. These are the “four cornerstones” of DSCSA compliance:

Product identification (serialization)

Manufacturers and repackagers must put a unique product identifier (PI), such as a bar code, on certain prescription drug packages. This must be able to be read electronically.

Product tracing

Manufacturers, wholesale distributors, repackagers, and many dispensers (primarily pharmacies) must provide certain information about the drug and who handled it each time it’s sold:

      • Transaction information (TI) includes the product name; its strength and dosage form; its National Drug Code (NDC); container size and number of containers; lot number; transaction date; shipment date; and the name and address of the businesses from which and to which ownership is being transferred.
      • The transaction statement (TS) is a paper or electronic attestation by the business transferring ownership of the product that it has complied with the DSCSA.
      • A third type of information, Transaction history (TH), is an electronic statement with the TI for every transaction going back to the manufacturer. It is required before the November 27, 2023, deadline; it is not required after that date.

Verification

Manufacturers, wholesale distributors, repackagers, and dispensers must establish systems and processes to verify PIs for certain prescription drug packages. For saleable returns, manufacturers and wholesale distributors must use the Verification Router Service (VRS). Like everything else in the DSCSA, we’ve written extensively about the VRS. Our “DSCSA Saleable Returns Verification Requirement: Just the Facts” article is a good place to start.

Authorized trading partners (ATPs)

All manufacturers, wholesale distributors, repackagers, 3PLs, and dispensers must be ATPs and be able to electronically verify that their trading partners are ATPs.

In broad terms, to be an ATP you must meet certain registration, licensing, and licensure reporting requirements under the Federal Food, Drug, and Cosmetic Act (FD&C Act) and comply with state licensing requirements. The definitions of ATP also include language about accepting or transferring direct ownership or possession of products.

There are “four cornerstones” of DSCSA compliance requirements:

Other DSCSA Requirements to Consider

Detection and response + notification: Stakeholders must quarantine and promptly investigate suspect or illegitimate drugs. They must also notify the FDA and other interested parties when they find such drugs.

Licensing: Wholesalers must report their licensing status and contact information to the FDA. Third-party logistics providers must obtain a state or federal license.

Final thoughts

What is the Drug Supply Chain Security Act? The DSCSA requires pharma stakeholders to work together to secure the U.S. supply chain. It doesn’t matter if you’re a manufacturer, wholesaler, repackager, third-party logistics provider, or a dispenser — the law affects how you conduct business. Your compliance depends on making sure you can meet your responsibilities.

That’s where rfxcel comes in.

We have 20 years of experience providing the pharmaceutical industry with leading regulatory and compliance software. So if you aren’t sure if you’re going to be ready for DSCSA 2023–2024 or you’re wondering if your current solution provider is doing everything it can to prepare you for compliance, contact us today.

Our DSCSA experts can show you a short demo of our solutions, clarify what your responsibilities are, and answer questions about your needs and how to meet them, no matter your role in the supply chain.

In the meantime, check out some of our other DSCSA resources, including our DSCSA: Preparing for the Full Serialization of the U.S. Pharmaceutical Supply Chain white paper and our DSCSA 2023 webinar series. These are great resources to help you better understand the law. You can click on those links or jump right to our DSCSA Compliance Library, a clearinghouse of all our information about the law.

Drug Supply Chain Security Act (DSCSA) Pharmacy Responsibilities

Drug Supply Chain Security Act pharmacy responsibilities are complex. They can be confusing. But the clock continues to count down to the final compliance deadline.

On August 25, 2023, the U.S. Food and Drug Administration (FDA) announced that it was delaying by one year enforcement of key DSCSA requirements. This “extended stabilization period” moves the enforcement date to November 27, 2024. Read our blog post here for all the details.

If you want to ensure that your business processes comply with DSCSA pharmacy regulations, the first step is to familiarize yourself with the nuances of the law. With that in mind, let’s do a quick recap for pharmacies.

What is the U.S. Drug Supply Chain Security Act?

The U.S. Drug Supply Chain Security Act, enacted on November 27, 2013, establishes a system to track and trace prescription drugs in a fully serialized supply chain. It calls for end-to-end traceability and electronic interoperability to prevent counterfeit, stolen, contaminated, or otherwise harmful drugs from entering the U.S. supply chain.

So far, the DSCSA has mostly focused on lot-level traceability — exchanging information about every package of medication so stakeholders can see exactly where it has been. Enactment will culminate next year with complete unit-level serialization of the U.S. drug supply chain. This means stakeholders will have to electronically track products at the individual package level.

As the final link in the pharmaceutical supply chain, pharmacies are the last safeguard between suspect products and patients. They are responsible for gathering transaction information and reviewing supply chain data to verify the legitimacy of products (more on that below).

Drug Supply Chain Security Act pharmacy responsibilities: definitions

Pharmacies are referred to as “dispensers” in the DSCSA. The legislation defines a dispenser as “a retail pharmacy, hospital pharmacy, a group of chain pharmacies under common ownership and control that do not act as a wholesale distributor, or any other person authorized by law to dispense or administer prescription drugs, and the affiliated warehouses or distribution centers of such entities under common ownership and control that do not act as a wholesale distributor.”

If you dispense only products to be used in animals, you are not a dispenser under the DSCSA. The DSCSA pharmacy requirements apply only to dispensers that provide medication to patients or end-users. If your pharmacy is providing medications to another dispenser or another member of the pharmaceutical supply chain, it is acting as a distributor, which means other DSCSA requirements would apply.

How to comply with the DSCSA

Compliance is mandatory if you are a dispenser under DSCSA pharmacy requirements. Failure to comply will raise flags with the FDA and open your organization to penalties, including fines.

As we said above, the Drug Supply Chain Security Act pharmacy responsibilities are complex. Let’s break them down into easy-to-understand pieces.

You must exchange information about every drug you buy and who handled it each time it changes ownership in the United States.

The DSCSA calls this “product tracing information,” and it has three components, collectively referred to as “T3 information”:

  1. Transaction Information (TI) about a product (e.g., proprietary or established name or names and the strength and dosage form)
  2. Transaction Statement (TS), which is an electronic statement confirming the entity transferring ownership.
  3. Transaction history (TH), an electronic statement with the TI for every transaction going back to the manufacturer. TH is required only until the November 27, 2024, deadline.

Under DSCSA pharmacy requirements, you have to obtain and exchange this data for every transaction. The purpose of these traceability requirements is to promote drug distribution security and to identify potential discrepancies in the supply chain records. If a product cannot be traced back to a legitimate source, it is considered “suspect.”

Adhering to these transaction requirements will help pharmacies protect their consumers from illegitimate drug products. Traceability standards also help the FDA ensure that suspect prescription drugs do not enter the supply chain in the first place.

You must receive, store, and provide product tracing documentation

You can accept prescription drugs only if they have proper tracing information, and you must store the information for six years. You must also generate and provide all information when you sell a prescription drug to a trading partner.

If the FDA conducts a DSCSA pharmacy audit, it can examine records dating back six years. If information is missing, you will be found in violation of the DSCSA and could face substantial penalties.

Providing product traceability information is another important part of DSCSA pharmacy requirements, as pharmacies frequently send inventory to other companies within their healthcare networks. When you engage in these activities, you are acting as a distributor and must adhere to all relevant standards regarding the creation of lot numbers and product-level tracing.

You can only do business with authorized trading partners (ATPs)

And speaking of trading partners, if you can’t confirm your they’re licensed or registered, you can’t do business with them. If they’re not authorized, their access to the U.S. pharma supply chain will be severely restricted or denied altogether. Read our in-depth ATP blog series for all the details.

For now, we will provide a brief recap of what constitutes an ATP under the DSCSA guidelines. The FDA states that an authorized partner is:

  • A manufacturer or repackager that has a valid registration with the FDA
  • A wholesale distributor that has a valid license under state law
  • A third-party logistics provider (3PL) that has a valid license in accordance with state law
  • A dispenser that has a valid license in accordance with state law

The FDA defines a trading partner as:

  • An entity (i.e., manufacturer, distributor, repackager, or dispenser) that accepts director ownership of a product from a manufacturer
  • An entity that transfers direct ownership of a product
  • A 3PL that accepts or transfers products to another entity in the supply chain

In other words, an ATP is an entity that is appropriately licensed and accepts or transfers direct ownership of a regulated pharmaceutical product. Before a pharmacy does business with a repackager, wholesaler, or distributor, it must verify the organization’s ATP status.

You must investigate and properly handle suspect and illegitimate drugs

Suspect and illegitimate drugs include drugs that may be counterfeit, diverted, stolen, intentionally adulterated, or unfit for distribution — the problem the DSCSA was designed to eliminate. Pharmacies must quarantine and investigate these drugs to determine if they are fake. If you make this determination, the next step is to work with the manufacturer and take specific action to ensure the bad drug does not reach patients/consumers. You must also notify the FDA and your trading partners about the drug.

Identifying illegitimate products is one of the most important roles of pharmacists under DSCSA requirements. It is also one of the most challenging tasks, as each pharmacist and pharmacy technician must be trained on how to identify illegitimate or suspect products. All pharmacies should train their employees about the DSCSA requirements (e.g., abnormalities in transaction information) and other methods to identify suspect products.

You must authenticate and verify drugs

This is what’s coming in 2024. You’ll have to be able to authenticate and verify all the medicines you buy before you can sell them. The fundamental requirement is that TI (transaction information) must include a product identifier (PI), which includes serial numbers and expiration dates. The Electronic Product Code Information Services (EPCIS) is likely to be the standard the industry will use to enable this exchange.

EPCIS is a standard from GS1, an international organization responsible for creating and maintaining operational standards for key industries, including healthcare. EPCIS is a means to electronically share the “what, when, where, why, and how” information about pharmaceutical products, promoting end-to-end traceability and interoperability among supply chain actors.

Final thoughts

Navigating complex compliance requirements and adapting to new standards can present challenges. Fortunately, you have options — like partnering with rfxcel to help you meet DSCSA pharmacy requirements.

Even though the enforcement deadline has been extended until November 2024, the time to act is now. If you aren’t sure you’ll be ready, contact us to schedule a short demo of our DSCSA pharmacy compliance solutions, which include robust traceability tools, data management solutions, and more. As an rfxcel partner, you’ll tap into the expertise of our DSCSA pharmacy compliance experts, who will collaborate with you to design a solution to ensure you meet all DSCSA requirements and remain compliant forever.

We also invite you to download our DSCSA compliance white paper. It drills down into what we talked about today and is a great reference tool to have on hand as you prepare for the full serialization of the U.S. pharma supply chain. Also bookmark our DSCSA compliance library, which has all our resources about the law.

Understanding the Two Parts of the Drug Quality and Security Act (DQSA)

The Drug Quality and Security Act (DQSA) was enacted on November 27, 2013, to address gaps and oversights in the way compound medications — medications that are customized by combining, mixing, or altering two or more drugs to meet the needs of a specific patient — are prepared and distributed. It was a response to the inadvertent distribution of contaminated steroidal injections that killed 64 people and caused infections in 793 patients.

The DQSA comprises two pieces of legislation: The Compounding Quality Act and the Drug Supply Chain Security Act (DSCSA). Here’s a quick overview of each.

DQSA Part 1: The Compounding Quality Act

The goal of the Compounding Quality Act is to make compounded medicines safer for patients.  It established a registration system for pharmaceutical industry stakeholders that create sterile drugs (e.g., manufacturers and pharmacies). It also reinstated Section 503A of the Food, Drug, and Cosmetic Act (FD&C Act), parts of which the Supreme Court in 2002 ruled unconstitutional.

Companies can register as an official outsourcing facility if they meet a specific set of criteria. Outsourcing facilities are usually larger companies that supply compounds to healthcare facilities such as pharmacies, hospitals, and clinics. The key requirements for outsourcing facilities under the Compounding Quality Act include the following:

  • They must report adverse events to the FDA twice a year.
  • They must submit reports about all compounded medications to the FDA twice a year
  • They must meet product labeling requirements.
  • They must agree to FDA inspections (according to a “risk-based schedule” and pay fees for any re-inspections.
  • They must pay a registration fee to the FDA.

Outsourcing facilities are also subject to increased quality standards and can be penalized for certain actions, including intentionally falsifying prescriptions for compounded medicines, failing to report adverse events or compounded medications to the FDA, making false claims about compounded medicines (i.e., false advertising), and selling medications with “not for resale” warnings.

All this said, it’s important to note that the FDA does not approve compounded drugs. The Agency does not verify their safety or effectiveness. Furthermore, compounded drugs do not have an FDA finding of manufacturing quality before they are marketed.

DQSA Part 2: The Drug Supply Chain Security Act (DSCSA)

The DSCSA is a wide-ranging piece of legislation designed to prevent counterfeit, stolen, contaminated, or otherwise harmful drugs from entering the U.S. pharmaceutical supply chain. It affects virtually every industry stakeholder, from manufacturers, distributors, and wholesalers to repackagers, logistics providers, and dispensers (i.e., pharmacies). It is

Enacted in November 2013 and culminating with the November 2023 deadline, the ultimate goal of the DSCSA is a fully serialized pharmaceutical supply chain with full electronic operability. There are four core requirements:

  1. Product serialization
  2. Product tracing
  3. Verification (of product identifiers)
  4. Authorized trading partners

If you follow our blog, you know we’ve been writing about the DSCSA for years. For a longer summary, check out “Countdown to DSCSA 2023 Serialization: The Deadline Is Two Years Away.” For an in-depth look at what’s in store for 2023, read “DSCSA 2023: The Future of Pharmaceutical Traceability in the USA.”

Final thoughts

rfxcel has been the leading provider of regulatory and compliance software for the pharmaceutical industry for almost 20 years. We’ve also been a thought leader on the DQSA and DSCSA compliance. Our goal is to keep all stakeholders informed and work with them to ensure they’re ready to meet all the requirements in 2023.

Below are a few of our most recent resources to help bring you up to speed. Take a look, and if you have any questions or want to see a short demo of our DQSA and DSCSA solutions, contact us today. Our supply chain experts know the legislation inside and out and will work with you to design a solution that’s right for you.