by Peter J Blok, PhD

To paraphrase a news show’s catch line, “It’s 10 pm, do you know where your inventory is?” When the FDA regulation, DSCSA, is fully rolled out the answer may just be “Yes”. But, there is a long way to go and a great deal of uncertainty concerning what is really needed to comply and how the Agency is going to enforce the regulations over the 10 year roll out. Coming out of the May FDA workshops one thing seems to be sure, it’s unlikely these regulations are going to be repeatedly deferred like the California ePedigree mandate was. Those companies with a “wait and see” point of view may get a very rude surprise on Jan 1 2015, the first milestone.

There is some good news, DQSA Title II, also known as DSCSA (Drug Supply Chain Security Act) put an end to the conflicting set of state mandates for drug pedigrees and track & trace. As of November 2013 the DSCSA overrides all of those directives giving Life Sciences companies doing business in the US one set of nationwide regulations. There is a second piece of good news, the mandate to serialize all drug products is deferred to November 2017 for manufacturers, and to 2018, 2019, and 2020 for repackagers, wholesalers and dispensers respectively. And, fully unit level serialization is deferred until the last year, 2023.

The major challenge is that by January of 2015 all participants in the supply chain will have to exchange data to verify that the bulk drug products or packaged finished goods are genuine, authorized materials. This data interchange includes pharmaceutical manufacturers, CMO, Primary Wholesalers, Secondary Wholesalers, and Dispensing organizations. There are exceptions for internal transfers within companies and between dispensing organizations owned by the same company. However this regulation will impact every business in the supply chain in some way.

If you have not been following the development of these regulations and preparing, you have a lot of ground to make up in order to be ready for January 2015.

DSCSA will require all participants in the supply chain to handle and contribute to a data set called the Transaction History (TH). This is similar in concept to the ePedigree envelope in the California statute. Each participant, with some exceptions, adds Transaction Information (TI) records and Transaction Statement (TS) records. TI records indicate the drug and quantity being shipped and the TS records are legal affirmations on the part of the record contributor as to the information’s validity. The first member in the chain is responsible for initiating the TH and most members of the chain must contribute TI and TS records. The records are contributed by those members of the chain who take title of the drug material. This means that 3PL’s operating on consignment stock will not have to contribute to the data set. However they will still have to be capable of receiving, managing and sending data sets. Since 3PL’s will often ship partial lots they will also have to be able to create TH records containing the appropriate subsets of data for the recipients of their shipments.

Under DSCSA all members of the supply chain are now explicitly responsible for acting on suspected counterfeit materials. This has added an analysis and response requirement to the regulation. Any member of the supply chain can post an inquiry to any other member of the supply chain for information pertaining to its shipments. The member asked must respond within 24 hours. In addition the Agency can post requests and members must also respond in 24 hours their requests. While it is hard to tell how many requests can come in at any time, one thing is sure, sifting through all the transactions for a major supplier or distributor will be a very challenging task.

There is a demanding record retention requirement as well. All members of the supply chain will have to retain all TH data sets they receive and send for a period of 6 years after the transaction.

At this point major wholesalers and manufacturers have been participating the regulatory process however there remains no consistent data requirement for the TI component nor is there universal agreement on the structure of the TH envelope. The Agency is planning on publishing a data guideline in November 2014. Depending on the complexity in the FDA guidance, that may just add more confusion for those working to meet the January 1 deadline.

The FDA has only stated that the data sets must be all electronic when the regulation is fully rolled out in 2023. For this initial phase beginning next year there is no specific guidance. Supply chain members can use any number of electronic or paper formats for these records as long as the information meets the content, analysis and reporting and records retention requirements. The wholesalers McKesson and Cardinal Health have published guidelines to their suppliers for the data and formats they expect. They have even posted testing deadlines beginning July 2014. Unfortunately the specifications are not the same.

The FDA has been working closely with the industry, however at this point the Agency has not given any guidance on how these regulations will be enforced nor what the likely penalties will be. This is adding more uncertainly to the overall situation.

Given the limited amount of detailed definition from the agency and the diverse level of IT sophistication throughout the supply chain DSCSA has given the industry a significant challenge with an unclear path forward. But there are things to do.

First and foremost, study and understand DSCSA and understand what is currently going on in the industry and with the FDA. Your best asset is a knowledgeable team. There is very little time so eliminate the possibility of rework wherever you can. Engaging an industry expert would be very helpful getting your organization up the learning curve. There are many vendors and consultants that have been following this for years who assist in this process.

Commission a team in IT to document the data and architecture of your enterprise so you can fully understand what your organization is capable of handling as input and what you’re capable of originating. Knowing what data is available and how it can be transmitted will be very important.

Document your internal supply chain. Understand when you are a wholesaler, repackager, manufacturer and, if appropriate, dispenser in the context of the regulation. You may be the manufacturer and hold the NDS/ANDA but, for a given transaction, your firm may be repackager or even a wholesaler under DSCSA. The data sets and rules are little different for each category so it’s very important to understand your supply chain in the context of the regulation’s definition of terms.

Document and prioritize your supply chain partners on the suppler and the customer side. This will help you in planning your project and managing your business risks.

Establish a task force to work with your supply chain partners. Have the teams begin working with these partners so you can understand their capability for data interchange.

Take a careful look at your CMO partners. The smaller CMO’s may not have sophisticated IT teams so you may have to support them to ensure product flow after the January deadline.

With this knowledge formulate a plan and share it with your trading partners. Work with them to get an agreement to the communication technology and operations quickly.

Begin building your DSCSA systems environment as quickly as you can. Structure communications to be a flexible as possible to allow for changes in the approached used by your trading partners as well as building in some flexibility to handle new trading partners in the future.

Obtain tools and create processes to deal with the analysis and reporting as well as the archival requirements. Your IT data management and database experts will be key members of this work team.

Work out a training, testing and roll out plan. Include your internal staff in this plan too. Customer service, warehousing, distribution and returns processing will likely all be impacted. Critical areas will include: ensuring TH data sets are sent out, exception processing for set errors and retransmissions, returns processing, recall processing, and handling trading partner inquiries.

Engage your operations and compliance team to ensure that procedures and SOPs are in place for the roll out. The rapid adoption of DSCSA does not change the requirements for the appropriate SOP’s under GxP’s. Systems validation will also be a key component in this effort.

Establish a backstop solution that is compliant and useful to your trading partners. Many commercial packages support the use of Portals for trading partners. Portals can not only support view only data but, also downloading of data in flat file or other formats. While not ideal, these solutions are likely a technically compliant way of posting TH/TI/TS data and could be a very viable interim solution to demonstrate compliance.

DSCSA has removed some demands but has imposed a large array of demands on the industry. All this is exacerbated with a much accelerated timeline and unclear requirements pertaining to TH/TI/TS data, and inquiry cases. In the long term there is likely a benefit to the consumer by reducing the likelihood of counterfeits entering the supply chain. There is also likely benefit to supply chain partners by increasing visibility into the entire support chain. For those companies clever enough there may be strategic advantages to be gained by analyzing supply chain data for trends and marketing information.

The main challenge is getting through this initial period. The keys are:

  • Acquiring knowledge quickly
  • Organizing your team
  • Collaborating with your supply chain partners.
  • Staying focused.