DSCSA Saleable Returns Verification Requirement Archives - rfxcel.com
Rfxcel Logo

Tag: DSCSA Saleable Returns Verification Requirement

FDA Postpones Enforcement of Key DSCSA Requirements to November 27, 2024

Posted on by rfxadmin

In a guidance document published on Friday, August 25, the U.S. Food and Drug Administration (FDA) announced that it was delaying by one year enforcement of key requirements under the Drug Supply Chain Security Act (DSCSA). This “extended stabilization period” moves the enforcement date to November 27, 2024.

The guidance is primarily for manufacturers, wholesale distributors, dispensers, and repackagers; delayed enforcement pertains to product identifiers at the package level; saleable returns; interoperable, electronic product tracing; and investigating suspect and illegitimate products. We provide the specifics below.

The key takeaway: Don’t stop preparing for the DSCSA requirements. If you have questions about the DSCSA delay or are concerned that your current provider may not have the tools you need to comply, we encourage you to contact us today to speak with one of our DSCSA experts. We are committed to meeting DSCSA compliance for all our customers in a timely manner.

And if you’re going to the Healthcare Distribution Alliance (HDA) 2023 Traceability Seminar in Washington, D.C., stop by Table-Top 21 to meet our team and talk about the developments in person. Click here to learn more.

Overall FDA rationale for the DSCSA delay

The FDA said extending enforcement will give supply chain stakeholders — particularly manufacturers, wholesale distributors, dispensers, and repackagers — the extra time that may be necessary “to continue to develop and refine appropriate systems and processes to conduct interoperable, electronic tracing at the package level, to achieve robust supply chain security under the DSCSA while helping ensure continued patient access to prescription drugs.”

Furthermore, the Agency said, “additional time beyond November 27, 2023, may be needed for systems to stabilize and be fully interoperable for accurate, secure, and timely electronic data exchange.”

What DSCSA requirements are affected?

Product identifiers

The requirement. Trading partners must include the product identifier at the package level for each package in a transaction into the transaction information. Furthermore, a product’s manufacturer or repackager must incorporate the PI at the package level for each package “introduced in a transaction into commerce.” These requirements are included in section 582(g)(1)(B) of the Food, Drug, and Cosmetics Act (FD&C Act).

Reasoning for DSCSA delay. The FDA said the delay will “accommodate the additional time (beyond November 27, 2023) that may be needed by trading partners to achieve compliance and to help ensure continued access to prescription drugs as trading partners continue to refine processes” to include the PI at the package level. Furthermore, the FDA said “this policy will facilitate the use and exhaustion of product supply already in the supply chain prior to November 27, 2024.”

What is a PI? The PI is a standardized graphic that contains, in both human-readable form and on a machine-readable data carrier, four data elements:

      1. National Drug Code (NDC)
      2. Serial number
      3. Lot number
      4. Expiration date

Saleable returns

The requirement. Each person accepting a saleable return must have systems and processes in place to allow acceptance of the product. Furthermore, they may accept saleable returns only if they can associate the product with its transaction information — including the PI — and transaction statement. These requirements are included in section 582(g)(1)(F) of the FD&C Act.

Reasoning for DSCSA delay. FDA said delaying enforcement of this requirement until November 27, 2024, will “facilitate the continued use of methods currently being used by wholesale distributors for associating a saleable return product with its applicable transaction information and transaction statement while accommodating the additional time that may be needed for all trading partners to mature the new systems and processes required for acceptance of saleable returns.”

Interoperable, electronic product tracing at the package level

The requirement. Transaction information and transaction statements must be exchanged in a secure, interoperable, electronic manner. This requirement is included in section 582(g)(1)(C) of the FD&C Act; the standards for exchange are established under section 582(h) of the DSCSA.

Furthermore, systems and processes for verifying products at the package level, including the standardized numerical identifier, must meet the standards established in DSCSA section 582(a)(2) and the guidance in DSCSA section 582(h).

Reasoning for DSCSA delay. The FDA these policies will allow trading partners to continue to provide, capture, and maintain data for the data exchange for product tracing and verification while providing additional time that may be needed to “continue to develop and refine systems and processes for electronic data exchange.”

Investigating suspect and illegitimate products

The requirement. In the even of a recall or to help investigate a suspect or illegitimate product, stakeholders must be able to promptly provide product transaction information and transaction statement when requested by the FDA secretary or other appropriate federal or state official. This requirement is included in section 582(g)(1)(D) of the FD&C Act.

Furthermore, Section 582(g)(1)(E) of the FD&C Act requires stakeholders to “produce the transaction information for each transaction going back to the manufacturer” in certain situations, including a recall or investigating a suspect product or an illegitimate product.

Reasoning for DSCSA delay. FDA believes these compliance policies will facilitate the continued use of methods currently being used by trading partners to respond to the type of requests for information described above while accommodating the additional time that may be needed for trading partners to mature the new systems and processes required for such activities under section 582(g)(1)(D) and (E) of the FD&C Act.

Compliance Management Solutions: Ensuring Regulatory Compliance and Risk Mitigation

Posted on by rfxadmin

Does your business have effective compliance management solutions and risk management solutions in place? In a constantly changing regulatory landscape, companies need sophisticated tools to manage their governance, risk, and compliance (GRC) efforts and reduce their risk exposure. Learn about compliance management implementation and best practices in this guide from rfxcel.

Understanding Compliance Management Solutions

Compliance management refers to the set of policies and procedures that an organization uses to ensure adherence to the laws and regulations that govern their industry. Compliance management solutions aim to:

  • Identify and prevent violations
  • Improve business practices
  • Build and maintain consumer confidence
  • Ensure ethical behavior in the industry

Compliance requirements vary by sector and country. For example, in the United States pharmaceutical companies must adhere to the Drug Supply Chain Security Act (DSCSA) and in the European Union they’re bound by the Falsified Medicines Directive (EU FMD). Food companies in the United States must comply with rules under the Food Safety Modernization Act (FSMA).

Regulatory compliance is a requirement, not a goal. Businesses that are found to be out of compliance can face harsh consequences, including corporate sanctions and government-issued fines. Plus, they run the risk of damaging their reputation and losing customers. Non-compliance can also result in costly corrective actions, such as recalling a product.

Many companies now rely on software solutions to manage and centralize their compliance efforts. Compliance software offers tracking and audit tools to ensure business practices align with applicable laws and regulations. This helps reduce manual errors and provides ongoing monitoring throughout the organization.

Benefits of Compliance Management Solutions

In addition to ensuring adherence to industry regulations and standards, effective compliance management solutions offer a range of benefits, including:

  • Reduced risk: Effective management processes minimize the legal and financial risks associated with non-compliance.
  • Efficiency: Compliance management software can streamline routine tasks and reduce manual processes, freeing up staff to focus on other priorities.
  • Security: A good compliance solution will also have safeguards in place to protect data privacy and improve cybersecurity.
  • Cost savings: A risk and compliance solution can flag risks before they cause financial implications.

Key Features of Compliance Management Solutions

If your business is in the market for a new compliance management platform, look for a solution that includes these features:

  • Compliance tracking and monitoring: Your software should manage a centralized repository of the relevant regulations and requirements for your industry.
  • Policy management: Compliance management solutions can help teams develop, update, and communicate standardized policies across your organization.
  • Risk assessment and mitigation: Proactive identification and management of compliance risks can help companies avoid fines, fees, and sanctions.
  • Data insights: Companies can review compliance activities in real time and generate compliance reports that aid in decision-making.
  • Audit management: A centralized platform streamlines the audit process and can track corrective actions.
  • Awareness: Compliance management tools help you manage ongoing employee training and awareness programs.

Implementing Compliance Management Solutions

Proper implementation is key when introducing compliance management software solutions. Start with a comprehensive needs assessment: What are your organizational priorities? Which regulatory requirements apply to your business? Use the findings from your assessment to guide your software selection process. Look for a compliance management platform that:

  • Integrates with your existing software systems and data sources
  • Can be customized to align with specific regulatory requirements
  • Has a good user experience and is easy to navigate

Ideally, the software platform you choose should automate compliance processes to reduce administrative burden, saving your organization time and money.

Best Practices for Effective Compliance Management

Utilize these best practices at your enterprise to make your compliance program more effective:

  • Organizational culture: Establish a culture of compliance. Plan for ongoing training to keep compliance requirements top-of-mind for staff.
  • Internal audits: Conduct regular compliance assessments and gap analyses to identify areas for improvement.
  • Coordination: Build a cross-functional compliance team to provide comprehensive oversight that includes stakeholders from HR, legal, and finance departments.
  • Workflow management: Implement automated workflows and utilize notifications to ensure the timely completion of required compliance tasks.

Ensuring Data Security and Privacy Compliance

An important aspect of compliance management is addressing data protection regulations, which dictate how companies in a wide range of industries (e.g., healthcare and financial services) handle consumer data and personally identifiable information (PII). Data protection regulations include laws such as:

Companies must implement data access controls, encryption measures, and other protections to reduce the likelihood of a data breach. Additionally, if you work with third-party vendors, you need a system for setting up data-sharing agreements. Any third parties with which you contract must comply with your industry’s regulatory requirements and have adequate privacy and security protections in place.

The Future of Compliance Management Solutions

As more and more companies embrace digital transformation and implement distributed or hybrid work structures, compliance needs will continue to shift along with an evolving regulatory landscape. Additionally, newer developments in artificial intelligence (AI) and machine learning will make automated compliance monitoring more sophisticated. AI technology is already improving predictive analytics, which draws on historical data to identify patterns and make predictions that guide future business decisions.

Choose Us for Expert Compliance Management

By leveraging effective compliance management solutions, businesses can streamline their compliance processes, mitigate risks, and maintain regulatory adherence. With us, you can implement a robust compliance management system to navigate regulatory changes and help your organization work more effectively. We offer complete compliance solutions, with software that’s designed to meet the needs of specific industries including:

To get started or request pricing, contact us today.

Spherity and Antares Vision Group further partnership to ensure life sciences customers will comply with upcoming DSCSA regulations

Posted on by rfxadmin

Antares Vision Group, through rfxcel technology, has integrated Spherity’s Credentialing Service into its DSCSA solutions to verify authorized trading partners’ identities and licensing in all regulated interactions.

Reno, Nevada, April 25, 2023 — Spherity, a German leading provider of digital wallet and credentialing solutions, and Antares Vision Group, an Italian multinational and a leading provider of track and trace and quality control systems, are continuing a partnership that helps ensure life sciences customers comply with this year’s U.S. Drug Supply Chain Security Act (DSCSA) regulations.

By November 27, 2023, manufacturers, distributors, dispensers, and other actors in the life sciences supply chain must prove that they are legitimate organizations, or authorized trading partners (ATPs), as defined by the DSCSA.

The two companies first partnered in 2021, when Spherity’s Credentialing Solution, CARO, was integrated into the Group’s Verification Router Service (VRS) solution, enabled by rfxcel technologies, to allow life science customers to confirm their ATPs status. The combined solution also allows customers to exchange DSCSA-compliant electronic Product Identifier (PI) messages, trace products, and create an audit trail of their VRS business interactions.

CARO uses Self-Sovereign Identity (SSI) technology to establish a secure, verifiable digital enterprise identity for every ATP. By integrating the service into its VRS solution, rfxcel customers can ensure secure, authenticated data exchange with other ATPs and verify they have the credentials required by the DSCSA, including state licenses and U.S. Food and Drug Administration Entity Identifiers (FEIs).

“We partnered with Spherity to enable our customers to comply with this year’s DSCSA authorized trading partner (ATP) requirements,” said rfxcel Senior Vice President of Product and Strategy Herb Wong. “With Spherity’s CARO, our VRS solution automatically confirms whether a company is an ATP. Now, every customer can add ATP credentialing to our entire product portfolio and secure their VRS interactions.”

“Spherity will ensure that Antares Vision Group’s customers can securely exchange data with previously unknown entities,” said Georg Jürgens, Spherity’s Manager for Industry Solutions. “The concept of exchanging and verifying credentials using Digital Wallets supports company and product compliance use cases that require communication between regulators, existing supply chain partners, and new trading partners.”

Spherity and Antares Vision Group are members of the Open Credentialing Initiative (OCI), and both contribute to the standardization and industry-wide interoperability of credentialing technology.

For more information about the Spherity-Antares Vision Group partnership, their solutions for DSCSA compliance with ATP requirements, and the Open Credentialing Initiative, contact Spherity’s Manager for Industry Solutions Georg Jürgens at georg.juergens@spherity.com and visit caro.vc, and rfxcel Senior Vice President of Product and Strategy Herb Wong at hwong@rfxcel.com.

ABOUT ANTARES VISION GROUP

Antares Vision Group is an outstanding technology partner in digitalization and innovation for companies and institutions, guaranteeing the safety of products and people, business competitiveness, and environmental protection. The Group provides a unique and comprehensive ecosystem of technologies to guarantee product quality (inspection systems and equipment) and end-to-end product traceability (from raw materials to production, from distribution to the consumer) through integrated data management, applying artificial intelligence and blockchain technology. Antares Vision Group is active in life science (pharmaceutical, biomedical devices and hospitals) and Fast-Moving Consumer Goods (FMCG), including food, beverage, cosmetics, and glass and metal containers. As a world leader in track and trace solutions for pharmaceutical products, the Group provides major global manufacturers (over 50% of the top 20 multinationals) and numerous government authorities with solutions, monitoring their supply chains and validating product authenticity. Listed since April 2019 on the Italian Stock Exchange in the Alternative Investment Market (AIM) segment and from 14 May 2021 in the STAR segment of Euronext; furthermore, from July 2022 included in the Euronext Tech Leaders index, dedicated to leading tech companies with high growth potential. In 2022, Antares Vision Group recorded a turnover of €223.5 million. The Group operates in 60 countries, employs more than 1,100 people, and has a consolidated network of over 40 international partners. To learn more, please visit www.antaresvision.com and www.antaresvisiongroup.com.

ABOUT SPHERITY

Spherity is a German software provider bringing secure and decentralized identity management solutions to enterprises, machines, products, data and even algorithms. Spherity provides the enabling technology to digitalize and automate compliance processes in highly regulated technical sectors. Spherity’s products empower cybersecurity, efficiency and data interoperability among digital value chains. Spherity is certified according to the information security standard ISO 27001.

DSCSA Compliance Update with Herb Wong: What’s Happening Right Now?

Posted on by rfxadmin

Herb Wong’s a busy guy. We said that the last time we did a DSCSA compliance update with him, and it’s still true today Just last week, for instance, he participated in two Healthcare Distribution Alliance (HDA) webinars, “DSCSA 2023: How a Service Provider Can Help You Prepare” and “All About the VRS.” These were part of the HDA’s 2022 Traceability Webinar Series, which Antares Vision Group is sponsoring.

That’s why it was such a treat to get some one-on-one time with Herb for a real-time DSCSA compliance update — what’s happening right now with industry readiness.

We asked Herb to talk about what he calls “the four cornerstones” of DSCSA compliance: product identification (EPCIS and serialization), product tracing, authorized trading partners (ATPs), and verification (the Verification Router Service, or VRS). Here’s what he had to say.

DSCSA compliance update #1: product identification (EPCIS and serialization)

All solution providers’ systems are ready to send and receive serialization data in the EPCIS format, but we still need to help the industry get data flowing. To use an analogy, even though the pipes have been laid and connected, we’re just not getting enough water through to test for “leaks” in the system — errors in send/receive processing. Just as important, we need time to “flush the pipes” to ensure that we have “clean water.” By that I mean ensuring that the data is correct.

We’re trying to do everything we can. We’ve actually developed a standard process for onboarding customers and getting data exchanged with other solution partners. We’re going to be piloting this so we can refine the onboarding process. [Herb’s talking about the EPCIS Onboarding Guide Workgroup and its draft “Guide for Accelerated EPCIS Onboarding.”]

What’s the key takeaway, Herb?

The key takeaway is, “Let’s connect, let’s get the serialized data out.” Time is running out. That’s the biggest message. People who think they have time to wait until next year, you really don’t. Because what’s going to happen is similar to what happened when the lot-based laws went live: The people who waited couldn’t find help. All the solution providers were busy; everyone was busy. And everyone who waited was trying to get through the same door to meet the deadline.

So, if you’re a manufacturer, you have to start sending data early. If you’re serializing and not sending data downstream, start now. Don’t wait till the November 2023 deadline. You have to “turn on the switch.” Send your data downstream now.

At this point, we decided to ask Herb about aggregation.

DSCSA doesn’t say anything about aggregation. But wholesalers are asking for aggregation to support their business processes. When you send electronic data, wholesalers need to know what serial numbers are in the cases they just received.

Aggregation is a business requirement for operational efficiency. For example, if you get 10 cases with a hundred items in each case, you don’t want to open the cases and scan every item to see what you received and will ultimately ship. Aggregation makes things faster and more efficient. It’s similar to how VRS had both a legal and a business requirement: The legal requirement mandated a response within 24 hours for saleable returns verification. But given the potential volume of saleable returns, 24 hours was too slow for wholesalers; it would cause the receiving docs to fill up with products pending verification. For this reason, wholesalers mandated a business requirement of sub-second response times.

DSCSA compliance update #2: product tracing

A centralized solution or standard has not been defined for product tracing. A lot of different approaches have been discussed, but there’ve been no specs, no firm requirements, that solution providers can implement at this time.

Right now, we’re supporting the industry’s manual process for product tracing. The HDA, NABP, and PDG have done a really good job of outlining what’s required for tracing. [That’s the Healthcare Distribution Alliance, the National Association of Boards of Pharmacy, and the Partnership for DSCSA Governance.]

They’ve walked through a series of scenarios that can be executed manually and have helped the industry to better understand the complexity and nuances of tracing a product through the system. In parallel to this effort, the PDG is working on a data format to communicate traceability requests and responses. PDG is putting that information into a JSON format to communicate the need. [JSON is the JavaScript Object Notation data interchange format. Its advantages are that it uses human-readable text and is a more compact means of communicating data.]

What’s the key takeaway, Herb?

Pay attention to the traceability scenarios that are coming out of the HDA, NABP, and PDG. They’re doing a really good job of trying to show how tracing workflows will happen. They’ll be publishing more results and helping the industry understand. Watch for these, because it will enlighten you about what’s coming in 2023.

DSCSA compliance update #3 and #4: ATPs and VRS

From a solution provider standpoint, the ATP and VRS initiatives have become one and the same. Right now, ATPs have only been applied against the VRS, so the timing for us to get that done has become one implementation effort.

When you make a VRS request, you have to prove you’re an ATP. ATP is there to confirm two things: you are who you say you are and you are authorized to transact business. Proof that you are an ATP is especially important in the VRS network since trading partners may not have direct relationships with other VRS participants.

For VRS, there’s a new version 1.3 that will be deployed before the DSCSA 2023 deadline. The current version we have is based on the 1.2 standards interface. The 1.3 version “opens up” VRS beyond what it was intended to do, which is the verification of saleable returns.

What people should know is that VRS 1.3 is not backwards-compatible. This means VRS providers have to upgrade at once. To ensure that the upgrade occurs on time, solution providers have agreed to “decouple” the 1.3 interface from the 1.3 functionality.

What this means is that everyone on the VRS network will remain connected since we will all support the new 1.3 connections. However, solution providers (or customers) who are not ready to upgrade to the new 1.3 functionality can continue to use VRS as needed. That’s going to be important because it allows us to change the interface so we can at least keep talking to each other. We can be interoperable. But not everyone has to support the features of 1.3 at the same time.

As for timing of the update, we’re talking about doing the testing of the interoperability of 1.3 in Q1 [of 2023]. So we’ll have to push this into a production environment after Q1, but we haven’t agreed on a production date.

What’s the key takeaway, Herb?

There is going to be an upgrade required soon and the industry and solution providers are working to make sure it’s easy to implement. We realize that is not as simple as a software upgrade but we need to carefully consider the revalidation requirements of our customers.

Final thoughts

And there you have it: A DSCSA compliance update about what’s happening right now with industry readiness for product identification (EPCIS and serialization), product tracing, and ATPs and VRS. Thanks, Herb!

Contact us if you have questions about what Herb talked about or the DSCSA in general. We can explain the requirements and how our solutions will help ensure you’re ready for November 2023 and the full serialization of the U.S. pharmaceutical supply chain.

If you like, we can probably arrange a meeting with Herb. But remember, he’s busy. In the coming weeks, he’ll travel to the Antares Vision Group global HQ in Italy, visit the Group’s brand-new North America HQ in New Jersey, and join a panel discussion at the HDA Traceability Seminar in Washington, D.C. (Antares Vision Group is also a sponsor of that annual event.) So reach out today and let’s see what we can work out.

Also take a look at our DSCSA Compliance Library. It’s a clearinghouse of information with links to our blog posts, white papers, webinars — everything — about the law, including the “four cornerstones” Herb talked about in today’s DSCSA compliance update.

Understanding FDA DSCSA Guidance for the Pharmaceutical Industry

Posted on by rfxadmin

The Drug Supply Chain Security Act (DSCSA) was passed 10 years ago in November 2013. Congress created the legislation to secure the U.S. pharmaceutical supply chain through unit-level product identification (serialization) and electronic exchange of product information.

Over the years, the FDA has issued updates and revised DSCSA guidance for manufacturers, dispensers, wholesale distributors, and other pharma stakeholders. If your products and/or operations are regulated by the law, it is vital to remain aware of requirements, changes, and deadlines.

Let’s explore the DSCSA guidance and requirements and what the FDA has done in recent years.

What Is the DSCSA?

Created as Title II of the Drug Quality and Security Act (DQSA), passed by Congress in November 2013, the DSCSA is an initiative to prevent the introduction and distribution of counterfeit, stolen, contaminated, or otherwise harmful drugs in the United States. It outlines steps to build an interoperable electronic system to identify and trace prescription drugs as they are distributed throughout the country.

Who Must Comply with the DSCSA?

Manufacturers, wholesale distributors, repackagers, dispensers (i.e., pharmacies, healthcare systems), and third-party logistics providers (3PLs) all have requirements with which they must comply.

Recent DSCSA Guidance Updates

Recently, the most notable action from the FDA was its announcement in August 2023 that it was delaying by one year enforcement of key DSCSA requirements. This “extended stabilization period” moves the enforcement date to November 27, 2024.

This DSCSA guidance primarily affects manufacturers, wholesale distributors, dispensers, and repackagers; delayed enforcement pertains to product identifiers (PIs) at the package level; saleable returns; interoperable, electronic product tracing; and investigating suspect and illegitimate products.

Though this gives the industry more time to comply, the Agency has made it clear that the postponement doesn’t amount to a grace period. It said the stabilization period was “not intended to provide, and should not be viewed as providing, a justification for delaying efforts by trading partners to implement the enhanced drug distribution security requirements.”

You can read the FDA’s official document about the stabilization period here.

Other Noteworthy DSCSA Guidance Updates

July 25, 2022: The FDA published a proposed rule, “Revising the National Drug Code Format and Drug Label Barcode Requirements.” The National Drug Code, or NDC, is the Agency’s “standard for uniquely identifying drugs marketed in the United States.” The codes are usually found on product labeling and might be part of the universal product code (UPC). Read more about the NDC and what the FDA said here.

October 23, 2021: In a policy document, the FDA announced it was delaying enforcement of key requirements to verify saleable returns. It also included guidance for wholesale distributors concerning transaction statements under the Federal Food, Drug, and Cosmetic Act (FD&C Act).

The timeline below provides an at-a-glance view of DSCSA guidance as the law has been rolled out over the last decade.

A timeline showing key dates of the U.S. Drug Supply Chain Security Act (DSCSA) from 2013 to 2024

DSCSA Guidance in Context, Today

The stabilization period announced in August 2023 did not, in fact, change the original compliance deadline of November 27, 2023; it is up to individual states to decide if they’re going to enforce the requirements before November 2024.

However, the FDA said extending enforcement will give supply chain stakeholders the extra time that may be necessary “to continue to develop and refine appropriate systems and processes to conduct interoperable, electronic tracing at the package level, to achieve robust supply chain security under the DSCSA while helping ensure continued patient access to prescription drugs.”

What DSCSA Requirements Are in Effect Right Now?

It follows from what we just said that there is DSCSA guidance in effect right now. Some digressions are prohibited per the FD&C Act and can be enforced — with consequences ranging from product seizure to fines to imprisonment. Both federal and state authorities may take action against DSCSA violations.

What Was Enforceable Before Nov. 27, 2023?

Here are a few regulations that can be enforced now. For a full list, see the National Association of Boards of Pharmacy’s (NABP’s) excellent article here. (And also be sure to read about how we were the first DSCSA solution provider to join NABP’s Pulse Interoperable Partner Program. Learn more here!)

  • All trading partners must be authorized trading partners (ATPs) and can only buy, sell, or trade with other ATPs.
  • ATPs must be able to identify and manage suspect and illegitimate products.
  • A product identifier (PI) must be placed on all regulated drug packages and homogenous cases — except for grandfathered products or products with an FDA waiver, exception, or exemption.
  • ATPs must provide certain information about a drug and who handled it each time it’s sold: transaction information (TI), transaction statement (TS), and transaction history (TH).

What Went into Effect on Nov. 27, 2023?

The November 2023 deadline was when enhanced security requirements went into effect. We’ve written extensively about this for years (in our recently updated DSCSA white paper, for example), but here’s a summary of what companies must do to comply:

  • Exchange TI and TS securely, electronically, and interoperably. TI must include each package’s unique identifier.
  • Verify PIs at the package level.
  • Respond to appropriate tracing requests and trace products at the package level (serialization).
  • Associate saleable returns with the TI and TS associated with its initial sale.

Final Thoughts About DSCSA Guidance

So what’s the upshot of all this information? It’s simple: Don’t stop preparing.

Use your extra time during the stabilization period to evaluate your systems, communicate and coordinate with your trading partners, and — importantly — ensure you’re working with a solution provider that knows the DSCSA guidance inside and out.

If you have questions about the DSCSA or are concerned that your current provider may not have the tools you need to comply, we encourage you to contact us today to speak with one of our DSCSA experts. We are committed to meeting DSCSA compliance for all our customers in a timely manner.

DSCSA EPCIS Update: 3 Questions for rfxcel SVP of Product and Strategy Herb Wong

Posted on by rfxadmin

Herb Wong’s a busy guy. As senior vice president of product and strategy at rfxcel, he’s always on the go, advising and conferring with customers, talking and brainstorming with industry leaders, dashing off to speak at conferences, and thinking of new ways to improve … everything. So we were happy that he found time to talk with us about what’s happening with DSCSA EPCIS.

Our chat comes as Herb is fresh off an appearance at the Healthcare Distribution Alliance (HDA) Distribution Management Conference in Austin, Texas, where he participated in the “EPCIS Standards and Implementation Process” panel discussion. HDA also recently published a DSCSA EPCIS Implementation Benchmarking Survey about the progress of adoption and trading partner plans for sending data.

Here’s the scoop:

Herb, what has the EPCIS Center of Excellence learned about industry readiness for the DSCSA EPCIS requirements?

Well, the EPCIS COE, which we introduced at the HDA Quarterly Update in September last year, has discovered a number of things through our studies and meetings. Here are takeaways in the key areas of education, consistency, and standards.

As we get closer to the November 2023 deadline, new participants are less knowledgeable about EPCIS and DSCSA. Their integrations take more time and they have more questions and need more education. This was a recurring theme we started hearing during our EPCIS COE interviews. Because of this, the HDA and GS1 are looking to see how they can offer/repackage training to get the industry up to speed.

In terms of consistency, we are looking into developing a common, consistent process for all solution providers to begin an EPCIS exchange. This can improve the efficiency across all supply chain partners.

And for standards, we have been discussing a process or tool to have all participants verify that their EPCIS data is formatted correctly before they begin exchanging it with others. GS1 developed an offering for this and everyone agrees that it’s a good idea; but determining who pays for this testing has been challenging.

How has the industry reacted to the EPCIS COE’s efforts?

Overall, everyone has been receptive. But this is a huge undertaking. It reminds me of the question, “How do you eat an elephant?” Answer: “One spoonful at a time.” Accelerating EPCIS data exchange is like that. It’s so big that people don’t know exactly where to start.

The answer is to just start somewhere and then learn and improve. The hardest part is getting started. Once we decide on a few areas where we can make an impact, momentum will keep us moving forward. We are in the process of agreeing on what we can do, so stay tuned!

What are your thoughts about industry readiness?

A number of supply chain partners asked me this question at the HDA Distribution Management Conference in Austin earlier this month. The industry is becoming more focused on the deadline. Everyone is realizing that the time for open-ended discussion is coming to a close and decisions must be made. We have 19 months to be ready for DSCSA 2023 and a lot of different efforts must be aligned.

Final thoughts

Herb Wong, everyone!

We hope Herb’s answers were helpful and shed light on the industry’s efforts to be ready for the DSCSA EPCIS requirements. As he said, it’s an elephant-sized undertaking with a lot of moving parts that need coordination and consensus. The EPCIS COE is “the spoon” that’s helping the pharmaceutical industry digest the requirements, address the challenges, and get everyone compliant by November 27, 2023.

If you still have questions, your first step should be to contact us. One of our supply chain experts can explain the requirements and how our solutions will get your house in order. If you like, we can probably arrange a meeting with Herb. So reach out today and let’s talk.

We also encourage you to browse our DSCSA Compliance Library. It’s a clearinghouse of information with links to our blog posts, white papers, webinars — everything — about the law, including EPCIS requirements.

Last, we want to let you know that in June Herb will head to San Diego to speak at the GS1 Connect 2022 conference. On Thursday, June 9, he’ll present “Supply Chain Traceability: Can Your Business Survive Without It?” Herb will discuss why traceability is foundational to business success and how companies in any industry can leverage traceability in a digital supply chain to ensure they comply with regulations and much more. Check back for updates as we get closer to June!

DSCSA Compliance Library: Comprehensive DSCSA Information in One Location

Posted on by rfxadmin

Welcome to the rfxcel DSCSA Compliance Library. It’s a collection of our key DSCSA resources (as of September 2023) and is a convenient place to get information as the industry navigates the “extended stabilization period” until FDA enforcement begins on November 27, 2024.

We will, of course, continue writing about the DSCSA and providing the best supply chain solutions to ensure manufacturers, wholesalers, dispensers, repackagers, third-party logistics providers — all pharmaceutical stakeholders — meet the requirements and remain compliant forever.

So bookmark this page and our blog. You can also subscribe to our newsletter to make sure you don’t miss anything about the DSCSA and other important developments in the pharma industry. Just fill out the short form at the bottom of any page on our website.

And of course, contact us today with your questions about the DSCSA or anything else about the pharma supply chain. Our experts are here to help.

A note about the rfxcel DSCSA Compliance Library

Please note that that we haven’t included everything we’ve written or presented about the DSCSA. Deadlines and requirements have changed since the law was enacted in November 2013, so some of our earlier pieces are, logically, outdated.

The DSCSA in our blog

DSCSA compliance white papers

Our top DSCSA news items

­­Our top DSCSA webinars

The DSCSA timeline

A timeline showing key dates of the U.S. Drug Supply Chain Security Act (DSCSA) from 2013 to 2024

What is the Drug Supply Chain Security Act (DSCSA)?

Posted on by rfxadmin

Today’s question: What is the Drug Supply Chain Security Act (DSCSA)?

The Drug Supply Chain Security Act (DSCSA) was passed on November 27, 2013. Envisioning a 10-year journey leading to the complete serialization of the U.S. pharma supply chain and electronic, interoperable exchange of product information, the law is scheduled to take effect on November 27, 2023.

We’ve written extensively about the legislation, but with the deadline for full compliance quickly approaching, we thought an overview was in order.

So let’s take a look at the DSCSA from top to bottom — milestones, requirements, highlights, expectations, and challenges — and answer the question, What is the Drug Supply Chain Security Act?

The Most Recent DSCSA Developments

As the timeline below shows, the FDA has adjusted DSCSA compliance deadlines during the rollout. The most recent — and arguably most significant — happened in August 2023, when the Agency announced that it was delaying by one year enforcement of key DSCSA requirements. This “extended stabilization period” moves the enforcement date to November 27, 2024.

However, it’s vital that all supply chain actors understand that the original compliance deadline of November 27, 2023, still stands. The Agency has made it clear that the stabilization period is not a delay of the 2023 requirements: It expects companies to have implemented the mandated systems and work to ensure they are operating correctly, smoothly, etc.

In Enhanced Drug Distribution Security Requirements Under Section 582(g)(1) of the Federal Food, Drug, and Cosmetic Act — Compliance Policies, the FDA states:

This guidance is not intended to provide, and should not be viewed as providing, a justification for delaying efforts by trading partners to implement the enhanced drug distribution security requirements under section 582(g)(1) of the FD&C Act. FDA strongly urges trading partners to continue their efforts to implement necessary measures to satisfy these enhanced drug distribution security requirements.

So what’s the key takeaway: Don’t stop preparing for the DSCSA. If you have questions about the DSCSA stabilization period or are concerned that your current provider isn’t doing everything it can to set you up for success, we encourage you to contact us today to speak with one of our DSCSA experts. We are 100 percent committed to ensuring all of our customers meet DSCSA compliance.

DSCSA Timeline

A timeline showing key dates of the U.S. Drug Supply Chain Security Act (DSCSA) from 2013 to 2024

DSCSA at a Glance

Created as Title II of the Drug Quality and Security Act (DQSA), passed by Congress in November 2013, the DSCSA is an initiative to prevent the introduction and distribution of counterfeit, stolen, contaminated, or otherwise harmful drugs in the United States. It outlines steps to build an interoperable electronic system to identify and trace prescription drugs as they are distributed throughout the country. By providing comprehensive FDA guidance, the act facilitates the accurate tracing of products from the point of production to distribution to dispensation and beyond.

Understanding the Drug Supply Chain Security Act

If you’re a pharmaceutical company — a manufacturer, wholesaler, dispenser, repackager, or third-party logistics provider — you must comply with the Drug Supply Chain Security Act (DSCSA) if you want to do business in the United States.

The U.S. Food and Drug Administration (FDA) says the goal of the DSCSA is “to build an electronic, interoperable system to identify and trace certain prescription drugs as they are distributed in the United States.” The Act “will enhance [the] FDA’s ability to help protect consumers from exposure to drugs that may be counterfeit, stolen, contaminated, or otherwise harmful” and “improve detection and removal of potentially dangerous drugs from the drug supply chain to protect U.S. consumers.”

As we said above, the law has been rolled out in phases since it was passed nearly 10 years ago. Even though enforcement was delayed until November 2024, the FDA expects all supply chain stakeholders to keep preparing.

Key Requirements of the Drug Supply Chain Security Act

The DSCSA requirements can be divided into several categories that apply to manufacturers, repackagers, wholesale distributors, dispensers, and 3PLs. Each is important, but four are particularly vital to being ready for November 2023 because they require these stakeholders to have specific systems in place to be fully compliant. These are the “four cornerstones” of DSCSA compliance:

Product identification (serialization)

Manufacturers and repackagers must put a unique product identifier (PI), such as a bar code, on certain prescription drug packages. This must be able to be read electronically.

Product tracing

Manufacturers, wholesale distributors, repackagers, and many dispensers (primarily pharmacies) must provide certain information about the drug and who handled it each time it’s sold:

      • Transaction information (TI) includes the product name; its strength and dosage form; its National Drug Code (NDC); container size and number of containers; lot number; transaction date; shipment date; and the name and address of the businesses from which and to which ownership is being transferred.
      • The transaction statement (TS) is a paper or electronic attestation by the business transferring ownership of the product that it has complied with the DSCSA.
      • A third type of information, Transaction history (TH), is an electronic statement with the TI for every transaction going back to the manufacturer. It is required before the November 27, 2023, deadline; it is not required after that date.

Verification

Manufacturers, wholesale distributors, repackagers, and dispensers must establish systems and processes to verify PIs for certain prescription drug packages. For saleable returns, manufacturers and wholesale distributors must use the Verification Router Service (VRS). Like everything else in the DSCSA, we’ve written extensively about the VRS. Our “DSCSA Saleable Returns Verification Requirement: Just the Facts” article is a good place to start.

Authorized trading partners (ATPs)

All manufacturers, wholesale distributors, repackagers, 3PLs, and dispensers must be ATPs and be able to electronically verify that their trading partners are ATPs.

In broad terms, to be an ATP you must meet certain registration, licensing, and licensure reporting requirements under the Federal Food, Drug, and Cosmetic Act (FD&C Act) and comply with state licensing requirements. The definitions of ATP also include language about accepting or transferring direct ownership or possession of products.

There are “four cornerstones” of DSCSA compliance requirements:

Other DSCSA Requirements to Consider

Detection and response + notification: Stakeholders must quarantine and promptly investigate suspect or illegitimate drugs. They must also notify the FDA and other interested parties when they find such drugs.

Licensing: Wholesalers must report their licensing status and contact information to the FDA. Third-party logistics providers must obtain a state or federal license.

Final thoughts

What is the Drug Supply Chain Security Act? The DSCSA requires pharma stakeholders to work together to secure the U.S. supply chain. It doesn’t matter if you’re a manufacturer, wholesaler, repackager, third-party logistics provider, or a dispenser — the law affects how you conduct business. Your compliance depends on making sure you can meet your responsibilities.

That’s where rfxcel comes in.

We have 20 years of experience providing the pharmaceutical industry with leading regulatory and compliance software. So if you aren’t sure if you’re going to be ready for DSCSA 2023–2024 or you’re wondering if your current solution provider is doing everything it can to prepare you for compliance, contact us today.

Our DSCSA experts can show you a short demo of our solutions, clarify what your responsibilities are, and answer questions about your needs and how to meet them, no matter your role in the supply chain.

In the meantime, check out some of our other DSCSA resources, including our DSCSA: Preparing for the Full Serialization of the U.S. Pharmaceutical Supply Chain white paper and our DSCSA 2023 webinar series. These are great resources to help you better understand the law. You can click on those links or jump right to our DSCSA Compliance Library, a clearinghouse of all our information about the law.

Drug Supply Chain Security Act (DSCSA) Pharmacy Responsibilities

Posted on by rfxadmin

Drug Supply Chain Security Act pharmacy responsibilities are complex. They can be confusing. But the clock continues to count down to the final compliance deadline.

On August 25, 2023, the U.S. Food and Drug Administration (FDA) announced that it was delaying by one year enforcement of key DSCSA requirements. This “extended stabilization period” moves the enforcement date to November 27, 2024. Read our blog post here for all the details.

If you want to ensure that your business processes comply with DSCSA pharmacy regulations, the first step is to familiarize yourself with the nuances of the law. With that in mind, let’s do a quick recap for pharmacies.

What is the U.S. Drug Supply Chain Security Act?

The U.S. Drug Supply Chain Security Act, enacted on November 27, 2013, establishes a system to track and trace prescription drugs in a fully serialized supply chain. It calls for end-to-end traceability and electronic interoperability to prevent counterfeit, stolen, contaminated, or otherwise harmful drugs from entering the U.S. supply chain.

So far, the DSCSA has mostly focused on lot-level traceability — exchanging information about every package of medication so stakeholders can see exactly where it has been. Enactment will culminate next year with complete unit-level serialization of the U.S. drug supply chain. This means stakeholders will have to electronically track products at the individual package level.

As the final link in the pharmaceutical supply chain, pharmacies are the last safeguard between suspect products and patients. They are responsible for gathering transaction information and reviewing supply chain data to verify the legitimacy of products (more on that below).

Drug Supply Chain Security Act pharmacy responsibilities: definitions

Pharmacies are referred to as “dispensers” in the DSCSA. The legislation defines a dispenser as “a retail pharmacy, hospital pharmacy, a group of chain pharmacies under common ownership and control that do not act as a wholesale distributor, or any other person authorized by law to dispense or administer prescription drugs, and the affiliated warehouses or distribution centers of such entities under common ownership and control that do not act as a wholesale distributor.”

If you dispense only products to be used in animals, you are not a dispenser under the DSCSA. The DSCSA pharmacy requirements apply only to dispensers that provide medication to patients or end-users. If your pharmacy is providing medications to another dispenser or another member of the pharmaceutical supply chain, it is acting as a distributor, which means other DSCSA requirements would apply.

How to comply with the DSCSA

Compliance is mandatory if you are a dispenser under DSCSA pharmacy requirements. Failure to comply will raise flags with the FDA and open your organization to penalties, including fines.

As we said above, the Drug Supply Chain Security Act pharmacy responsibilities are complex. Let’s break them down into easy-to-understand pieces.

You must exchange information about every drug you buy and who handled it each time it changes ownership in the United States.

The DSCSA calls this “product tracing information,” and it has three components, collectively referred to as “T3 information”:

  1. Transaction Information (TI) about a product (e.g., proprietary or established name or names and the strength and dosage form)
  2. Transaction Statement (TS), which is an electronic statement confirming the entity transferring ownership.
  3. Transaction history (TH), an electronic statement with the TI for every transaction going back to the manufacturer. TH is required only until the November 27, 2024, deadline.

Under DSCSA pharmacy requirements, you have to obtain and exchange this data for every transaction. The purpose of these traceability requirements is to promote drug distribution security and to identify potential discrepancies in the supply chain records. If a product cannot be traced back to a legitimate source, it is considered “suspect.”

Adhering to these transaction requirements will help pharmacies protect their consumers from illegitimate drug products. Traceability standards also help the FDA ensure that suspect prescription drugs do not enter the supply chain in the first place.

You must receive, store, and provide product tracing documentation

You can accept prescription drugs only if they have proper tracing information, and you must store the information for six years. You must also generate and provide all information when you sell a prescription drug to a trading partner.

If the FDA conducts a DSCSA pharmacy audit, it can examine records dating back six years. If information is missing, you will be found in violation of the DSCSA and could face substantial penalties.

Providing product traceability information is another important part of DSCSA pharmacy requirements, as pharmacies frequently send inventory to other companies within their healthcare networks. When you engage in these activities, you are acting as a distributor and must adhere to all relevant standards regarding the creation of lot numbers and product-level tracing.

You can only do business with authorized trading partners (ATPs)

And speaking of trading partners, if you can’t confirm your they’re licensed or registered, you can’t do business with them. If they’re not authorized, their access to the U.S. pharma supply chain will be severely restricted or denied altogether. Read our in-depth ATP blog series for all the details.

For now, we will provide a brief recap of what constitutes an ATP under the DSCSA guidelines. The FDA states that an authorized partner is:

  • A manufacturer or repackager that has a valid registration with the FDA
  • A wholesale distributor that has a valid license under state law
  • A third-party logistics provider (3PL) that has a valid license in accordance with state law
  • A dispenser that has a valid license in accordance with state law

The FDA defines a trading partner as:

  • An entity (i.e., manufacturer, distributor, repackager, or dispenser) that accepts director ownership of a product from a manufacturer
  • An entity that transfers direct ownership of a product
  • A 3PL that accepts or transfers products to another entity in the supply chain

In other words, an ATP is an entity that is appropriately licensed and accepts or transfers direct ownership of a regulated pharmaceutical product. Before a pharmacy does business with a repackager, wholesaler, or distributor, it must verify the organization’s ATP status.

You must investigate and properly handle suspect and illegitimate drugs

Suspect and illegitimate drugs include drugs that may be counterfeit, diverted, stolen, intentionally adulterated, or unfit for distribution — the problem the DSCSA was designed to eliminate. Pharmacies must quarantine and investigate these drugs to determine if they are fake. If you make this determination, the next step is to work with the manufacturer and take specific action to ensure the bad drug does not reach patients/consumers. You must also notify the FDA and your trading partners about the drug.

Identifying illegitimate products is one of the most important roles of pharmacists under DSCSA requirements. It is also one of the most challenging tasks, as each pharmacist and pharmacy technician must be trained on how to identify illegitimate or suspect products. All pharmacies should train their employees about the DSCSA requirements (e.g., abnormalities in transaction information) and other methods to identify suspect products.

You must authenticate and verify drugs

This is what’s coming in 2024. You’ll have to be able to authenticate and verify all the medicines you buy before you can sell them. The fundamental requirement is that TI (transaction information) must include a product identifier (PI), which includes serial numbers and expiration dates. The Electronic Product Code Information Services (EPCIS) is likely to be the standard the industry will use to enable this exchange.

EPCIS is a standard from GS1, an international organization responsible for creating and maintaining operational standards for key industries, including healthcare. EPCIS is a means to electronically share the “what, when, where, why, and how” information about pharmaceutical products, promoting end-to-end traceability and interoperability among supply chain actors.

Final thoughts

Navigating complex compliance requirements and adapting to new standards can present challenges. Fortunately, you have options — like partnering with rfxcel to help you meet DSCSA pharmacy requirements.

Even though the enforcement deadline has been extended until November 2024, the time to act is now. If you aren’t sure you’ll be ready, contact us to schedule a short demo of our DSCSA pharmacy compliance solutions, which include robust traceability tools, data management solutions, and more. As an rfxcel partner, you’ll tap into the expertise of our DSCSA pharmacy compliance experts, who will collaborate with you to design a solution to ensure you meet all DSCSA requirements and remain compliant forever.

We also invite you to download our DSCSA compliance white paper. It drills down into what we talked about today and is a great reference tool to have on hand as you prepare for the full serialization of the U.S. pharma supply chain. Also bookmark our DSCSA compliance library, which has all our resources about the law.

Understanding the Two Parts of the Drug Quality and Security Act (DQSA)

Posted on by rfxadmin

The Drug Quality and Security Act (DQSA) was enacted on November 27, 2013, to address gaps and oversights in the way compound medications — medications that are customized by combining, mixing, or altering two or more drugs to meet the needs of a specific patient — are prepared and distributed. It was a response to the inadvertent distribution of contaminated steroidal injections that killed 64 people and caused infections in 793 patients.

The DQSA comprises two pieces of legislation: The Compounding Quality Act and the Drug Supply Chain Security Act (DSCSA). Here’s a quick overview of each.

DQSA Part 1: The Compounding Quality Act

The goal of the Compounding Quality Act is to make compounded medicines safer for patients.  It established a registration system for pharmaceutical industry stakeholders that create sterile drugs (e.g., manufacturers and pharmacies). It also reinstated Section 503A of the Food, Drug, and Cosmetic Act (FD&C Act), parts of which the Supreme Court in 2002 ruled unconstitutional.

Companies can register as an official outsourcing facility if they meet a specific set of criteria. Outsourcing facilities are usually larger companies that supply compounds to healthcare facilities such as pharmacies, hospitals, and clinics. The key requirements for outsourcing facilities under the Compounding Quality Act include the following:

  • They must report adverse events to the FDA twice a year.
  • They must submit reports about all compounded medications to the FDA twice a year
  • They must meet product labeling requirements.
  • They must agree to FDA inspections (according to a “risk-based schedule” and pay fees for any re-inspections.
  • They must pay a registration fee to the FDA.

Outsourcing facilities are also subject to increased quality standards and can be penalized for certain actions, including intentionally falsifying prescriptions for compounded medicines, failing to report adverse events or compounded medications to the FDA, making false claims about compounded medicines (i.e., false advertising), and selling medications with “not for resale” warnings.

All this said, it’s important to note that the FDA does not approve compounded drugs. The Agency does not verify their safety or effectiveness. Furthermore, compounded drugs do not have an FDA finding of manufacturing quality before they are marketed.

DQSA Part 2: The Drug Supply Chain Security Act (DSCSA)

The DSCSA is a wide-ranging piece of legislation designed to prevent counterfeit, stolen, contaminated, or otherwise harmful drugs from entering the U.S. pharmaceutical supply chain. It affects virtually every industry stakeholder, from manufacturers, distributors, and wholesalers to repackagers, logistics providers, and dispensers (i.e., pharmacies). It is

Enacted in November 2013 and culminating with the November 2023 deadline, the ultimate goal of the DSCSA is a fully serialized pharmaceutical supply chain with full electronic operability. There are four core requirements:

  1. Product serialization
  2. Product tracing
  3. Verification (of product identifiers)
  4. Authorized trading partners

If you follow our blog, you know we’ve been writing about the DSCSA for years. For a longer summary, check out “Countdown to DSCSA 2023 Serialization: The Deadline Is Two Years Away.” For an in-depth look at what’s in store for 2023, read “DSCSA 2023: The Future of Pharmaceutical Traceability in the USA.”

Final thoughts

rfxcel has been the leading provider of regulatory and compliance software for the pharmaceutical industry for almost 20 years. We’ve also been a thought leader on the DQSA and DSCSA compliance. Our goal is to keep all stakeholders informed and work with them to ensure they’re ready to meet all the requirements in 2023.

Below are a few of our most recent resources to help bring you up to speed. Take a look, and if you have any questions or want to see a short demo of our DQSA and DSCSA solutions, contact us today. Our supply chain experts know the legislation inside and out and will work with you to design a solution that’s right for you.

rfxcel is part of
Rfxcel Logo

© 2024 ANTARES VISION S.p.A. - Via Del Ferro, 16 - 25039 Travagliato - Brescia - ITALY Tel.: +39-030-7283500 / Fax.: +39-030-5109958 / info@antaresvision.com - C/F PIVA: 02890871201 Registro Imprese di Brescia C.C.I.A.A. di Brescia (REA) n. 523277