The Drug Supply Chain Security Act represents a transformation of the pharmaceutical supply chain, and even as its 10-year journey nears its end, there are still misunderstandings of what it is, how it secures the US supply chain, and what's going to happen this year. Read on for a quick DSCSA explainer!
1. DSCSA has been on the way for a decade.
Yes, dating back to 2013, the law's phased rollout now spans three presidential administrations. DSCSA is the second part of the Drug Quality and Security Act, which was created after nationwide outbreaks showed dangerous vulnerabilities in drug supply chain tracking.
From the writing of the law, it was clear that some aspects would need to develop over time, as companies and organizations throughout the industry collaborated to find the best method to fulfill its mandates. For example, the FDA only recommended GS1's EPCIS in July 2022, recognizing that the industry had largely begun adopting the file standard for its ability to record detailed event histories, efficiently fulfilling the core need and intent.
2. DSCSA serialization makes patients safer by improving visibility.
The key requirement that goes into effect in November 2023 is complete item-level traceability. This requires each individual package to be traceable individually rather than solely at the lot level, as well as to be aggregated to cases and pallets.
DSCSA serialization will enable any trading partner who interacts with a package to view each event in its history, back to the manufacturer. This capability doesn't rely on any single repository of information. Instead, it uses interoperable connections between any pair of trading partners, a process that usually takes a few weeks to put in place. (This is one reason to build in a generous amount of lead time for a DSCSA implementation -- every business in the pharmaceutical supply chain will need to form and test these connections with each of their trading partners.)
The combination of item-level traceability and interoperable connections to cement an item's history, plus reports to the FDA and trading partners regarding suspect product, prevent counterfeit, redirected, or otherwise suspicious goods from entering the US pharmaceutical supply chain. Further, it ensures that any recalled or potentially dangerous products can be removed from the supply chain quickly via coordinated action.
3. It's going to result in a data explosion.
In our test environment, we recently saw an across-the-board spike in EPCIS files being exchanged, rising from about 1,000 files per month to 15,000. This is hardly unexpected; in fact, the real-world data exchange rate will see a hundredfold surge by the end of the year, as trading partners across the pharmaceutical industry fully adopt DSCSA.
This is largely due to the need to track items at the individual level, and with full event histories. To some trading partners, the jump may seem shocking; even if their product levels don't increase significantly, the amount of data created will. Unfortunately, the rate of data errors will see a concomitant increase.
This will become noticeable (if it hasn't already!) as we get closer to the DSCSA deadline. It's an area where careful preparation will pay off in time, money, and stress saved, including having systems capable of handling higher volume and introducing easy-to-use, automated solutions for exceptions management.
4. DSCSA "peer pressure" exists -- and it's a good thing.
It's in the interest of pharmaceutical businesses anywhere in the supply chain to collaborate and even educate their trading partners on requirements under DSCSA. For starters, they'll need to work together on forming and testing interoperable connections (though in some cases, pre-tested connections are available). They'll also need to ensure that they're only doing business with Authorized Trading Partners, under the FDA's definitions and licensure requirements for their business types.
Where we'll see a lot of pressure between trading partners is exceptions. Under DSCSA, when there's a mismatch between data and product, or if key data is missing, movement must stop and the product must go into quarantine until the issue's been resolved. This makes communication between trading partners (in addition to robust technology and processes for investigating exceptions) centrally important to normal supply chain operations.
For a given business that has implemented DSCSA, it'll become clear which of their partners are ready for exceptions management and which aren't. The latter will be those having trouble executing complete data exchanges, meaning that many interactions might carry added labor and wait times (and thus costs) before products can leave quarantine and be transferred or sold as planned.
5. Everyone needs to be ready for November 2023.
There's no reason to believe there will be any delay to enforcement this year; the FDA has signaled that the November 27, 2023 deadline will stand. Generally, enforcement discretion would have to recognize that too many obstacles remain for the industry to comply on schedule, when in fact, solutions are readily available, coming after years of previous implementation phases.
Dispensers should be ready to accept and verify EPCIS files, investigate suspect product, resolve exceptions with their trading partners, and otherwise meet all requirements of the law. Businesses that fail to comply will put themselves at risk of enforcement actions, in addition to jeopardizing their trading partner relationships.
There's a lot more to know! If you really want to master DSCSA for your business, just sign up for our training courses.
Whether online or in-person, our experts will give you a practical view of the law relevant to your business, a detailed walkthrough of exceptions management, and even a DSCSA implementation guide, with hands-on exercises throughout.