FDA guidance suggests a firm stance on DSCSA enforcement

June 14, 2023

As experts on the Drug Supply Chain Security Act, we get repeated questions on what the FDA plans to do around and after the law's November 27, 2023 enforcement deadline. Specifically, companies want to know whether the deadline will be extended (almost certainly not), whether enforcement audits will occur (yes), and whether all types of pharmaceutical trading partners need to comply (yes).

How can we be so sure? Well, apart from the FDA's own statements that they intend to enforce the new law on schedule, we find it very telling that its recent releases on DSCSA include implementation takeaways from its pilot program and guidance that, rather than adding fundamental changes, neatens up definitions to reduce any remaining ambiguity.

DSCSA is a "when," not an "if"

Under the FDA's DSCSA Pilot Project Program, LSPedia joined 19 other companies in leading programs that provided key insights into the technical capabilities of the supply chain, and identified ways to implement the law’s requirements for tracking and tracing prescription drugs. Here are a few key takeaways:

Interoperability: The FDA says “cooperation from trading partners and other stakeholders (e.g., solution providers)” will be important in achieving interoperability, and adds that all companies involved “should consider how to balance supply chain transparency and security of the data.” Achieving this balance is part of why onboarding can be a long process, though one we can cut significantly shorter. In addition to streamlining EPCIS onboarding, including using pre-tested connections, we’ve designed OneScan to enable quick and seamless communication between trading partners, with easy ways to track one another’s relevant data and receive real-time notifications when problems occur.

Standardization: The report argues that standardization “is important to facilitate interoperability,” specifically regarding how “the data that is provided, maintained, and received … including how the data is defined and organized.” Further, it contends that there could be industry-wide benefits from standardizing how trading partners respond to verification requests. This is core to LSPedia's participation, and an item we’ve worked to address with our Verifier® Verification Router Service (VRS) solution. Additionally, the report says that standardizing responses to exceptions (as we’ve enabled via OneScan Investigator and pursued further with our own Exceptions Pilot) can “help with supply chain management,” resulting in “efficiencies and clarity between trading partners.”

Systems: The FDA calls attention to the importance of addressing IT issues, noting that this affects operational problems such as exceptions management. We agree – this is why we’ve focused so heavily on making Investigator capable of carrying out investigations via a secure, automated, cloud-based approach, reducing the need for internal IT resources to address every problem. Cloud technology also plays into the FDA’s finding that “system modification may result as a trading partner’s existing system is upgraded or combined with a new system component,” as OneScan’s cloud-based operation streamlines resource needs.

Processes: Every business should expect some sort of change to its business and operational processes, around using the product identifier for product tracing and verification. While this is certainly a reason to start your DSCSA implementation as soon as possible, it’s important to note that OneScan can integrate with any business system, minimizing operational impact.

Implementation Issues: The FDA tells trading partners to “allow for sufficient time needed to onboard suppliers and customers,” to “plan for technical issues with establishing … connectivity,” and to “conduct testing, particularly connectivity, with suppliers and customers.” Further, it highlights the importance of training staff “to ensure smooth and efficient implementation and workflow integration.” LSPedia agrees with these points wholeheartedly – while we can significantly reduce implementation time, at this point in 2023, it’s very important for companies to act now, given that EPCIS onboarding between trading partners can be time-consuming. It’s also a great idea to plan DSCSA training with LSPedia, as we offer the industry’s most comprehensive compliance training program for the new law.

Putting the finishing touches on DSCSA

In March, the FDA finalized its guidance on how to consider potentially dangerous products. The release can help trading partners across the pharmaceutical supply chain achieve verification requirements for DSCSA, where trading partners must have processes in place to identify, report, and dispose of potentially dangerous products. The guidance helps determine whether a product should be considered "suspect" or "illegitimate" under the Federal Food, Drug, and Cosmetic Act by interpreting several terms for security threats.

Counterfeit means that a product wrongly shows, or is labeled with, the trademark, trade name, or likeness of trading partners other than those involved in its creation, packaging, and distribution.

Diverted product left the U.S. pharma supply chain, yet was brought back into it via a transaction with a trading partner. This also applies to product that was labeled for sale in a non-U.S. market, but brought into the U.S. supply chain through a transaction. (Note: This applies to any method by which a product might leave the supply chain, including having been removed by a trading partner for other reasons, or having already been dispensed to a patient — but there are also counter-examples where a product could enter the U.S. supply chain yet not be deemed "diverted." These include a trading partner's surveillance activities, FDA actions to address drug shortages, and the FDA's Emergency Use Authorization.)

Stolen is used to define products that were taken without permission at any point in the supply chain. The guidance notes that this should not apply to products that may be lost or missing under other circumstances, and points readers to its 2021 Enhanced Security guidance, which addresses "aggregation errors and other discrepancies."

Fraudulent transaction applies when transaction data contains intentionally falsified information. The FDA's guidance advises that trading partners use this with caution, noting that such instances may not be immediately evident, and that clerical errors or other discrepancies may be to blame.

Unfit for distribution refers to drugs whose sale would violate the FD&C Act, given evidence that the product is dangerous:  altered, adulterated, recalled, damaged, expired, and so on. Misbranded products that could harm a user are covered here as well.

It's time to make quick progress on DSCSA

The FDA's guidance encourages pharma trading partners to follow their policies and procedures for investigating products to make these determinations. Given that the deadline is just a few months away, this communicates the view that all pharmaceutical trading partners who wish to continue doing business in 2024 have developed these policies and procedures. Every company needs a solid playbook to make these decisions and follow up with partners and the FDA itself.

Don't assume that everyone on your team will handle these scenarios optimally without well-constructed and tested SOPs. Logistical issues and sensitivities vary from company to company, and you'll want processes that are a good fit for your workflows and are easily repeatable. Time pressure will be a factor, and reliability in your internal procedures can add speed and reduce uncertainty in supply chain operations.

Learn more about LSPedia's tools for verification and investigating suspect products, or contact us today!