The LSPedia DSCSA Webinar, Part 1: What did the FDA change about DSCSA compliance last month?

September 15, 2023

On Tuesday, we held the first of our new monthly series The LSPedia DSCSA Deadline Webinar, with a session titled “What it means and how to prepare.” These sessions are designed to be your expert-led update to complying with DSCSA on schedule, understanding FDA guidance as it emerges, and making it all make business sense. This post will recap the situation as it now stands based on the FDA's statements, as outlined by our panelist Tish Pahl, one of the industry's leading voices on DSCSA implementation and compliance.

Meet Tish Pahl

Image preview
Tish Pahl

Tish Eggleston Pahl is a principal at Olsson Frank Weeda Terman Matz PC. She is regulatory counsel to drug, cosmetic, dietary supplement, and food clients with concerns before the Food and Drug Administration, the Federal Trade Commission, and other federal agencies. Since November 2013, Tish has worked closely with pharmaceutical supply chain stakeholders, including manufacturers, repackagers, and wholesale distributors, on DSCSA implementation.

What are the pharma industry's current requirements under DSCSA?

Pahl kicked things off with a walkthrough of current DSCSA requirements – that is, those already in place and that must be complied with now. These include the requirement for trading partners to only do business with Authorized Trading Partners; to have systems in place for verification, covering identification, quarantine, and investigation of suspect products, disposition of illegitimate products, and obligation to notify the FDA and partners of them; to have a product identifier for all covered drug packages and homogenous cases, absent an FDA-granted waiver, exception, or exemption; the ability to provide, receive, and maintain lot-level transaction data (Transaction Information, Transaction History, and Transaction Statement, or 3Ts) for all changes of ownership; and retainment of records and transaction data related to suspect/illegitimate products for six years.

Pahl emphasized that these will be enforced by FDA and state regulators, with violations incurring seizure, injunction, criminal fines and penalties, and other measures that can be undertaken as responses to serious violations and threats to public health. She also noted that trading partners can (and many are already) setting other incentives for compliance, including contractual obligations and supply agreements; violations can incur product liability or class action challenges, and can seriously hurt the reputation of the company responsible. As examples, Pahl referenced the FDA warning letter to Safe Chain Solutions (detailed in our July 5 post) and the indictment of Steven Diamantstein (detailed in our June 30 post).

What are the future requirements under DSCSA?

She stated the requirements that have been set to go into effect November 27, 2023, which may be referred to as “Section 582(g)(1)”, “package-level”, “enhanced drug distribution security” or simply “2023” requirements. These mandate that trading partners must:

  • exchange TI and TS securely, electronically, and interoperably
  • include in Transaction Information the unique identifier of each package in the transaction (referred to as “serialized data”).​
  • have systems and processes for verification of product identifiers at the package level.​
  • have the ability to respond to appropriate tracing requests and trace products at the package level. ​
  • associate a saleable return with the Transaction Information (TI) and Transaction Statement (TS) associated with that product

Pahl noted that FDA has stated that 582(g)(1) can be satisfied by trading partners exchanging EPCIS event files with accurate product identifiers for each package, and that exchanging serialized data in EPCIS files enables package-level tracing.

What does the FDA expect after November 27, 2023?

Then, Pahl addressed the FDA’s guidance that it “does not intend to take action to enforce” 582(g)(1) until November 27, 2024. On this topic she called attention to the FDA’s statement, and its own unusual and immediate emphasis, via underlining, that:

In short, FDA still expects trading partners to have systems and processes in place to meet their requirements as of November 27, 2023 – not a year later (the day that marks the end of the stabilization period). The administration expects continued use of current methods for handling transaction data, while businesses then stabilize and make their systems fully interoperable for “accurate, secure, and timely electronic data exchange.”

Thus, the FDA’s stabilization period is not enforcement discretion. Trading partners are at risk of FDA enforcement actions if they are not complying with current requirements or if they're stopping or slowing their compliance with 582 (g)(1).

In our next post, we’ll introduce the rest of our panelists, and dig into the panel discussion and polls – stay tuned!

Click here to register for the October session.