What the DSCSA deadline means, and what the FDA had to say about it

March 13, 2023

Understanding the DSCSA Deadline

The DSCSA deadline of November 27, 2023 remains a consistent topic of conversation within the pharmaceutical industry, largely centered on what changes on that deadline, what needs to be ready beforehand, and whether it'll be enforced.

The short versions of those answers, in order, are: regulatory enforcement; package-level traceability, interoperability, and EPCIS exchange; and yes, it will. Read on for the rest!

Components of DSCSA

The Drug Supply Chain Security Act, part of 2013’s Drug Quality and Security Act, was created with a 10-year timeline, with enforcement rolled out in a phased approach. DSCSA outlined a transformation of the pharmaceutical industry that would make all prescription drug products traceable at the level of the individual package, no matter how they're packed or combined within shipments, via serialization, interoperable connections, and the requirement for products to be accompanied by matching data at each transaction. Further, it laid out new operational definitions of businesses in the pharma supply chain, and added methods for them to ensure that they're only doing business with other legitimate partners.

Its key requirements include the following:

  • Companies in the pharma supply chain must meet operating and licensing criteria as Authorized Trading Partners for their business type.
  • Trading partners must exchange data electronically when product changes hands.
  • Interoperable data connections must support data exchanges between any trading partners.
  • Products must be traceable individually and within their via serialized labeling.
  • Returned products must be verified before redistribution.

FDA Guidance on DSCSA

In July 2022, the FDA released two pieces of draft guidance regarding DSCSA. These clarified the requirements for each type of trading partner, and affirmed that paper transaction records must be phased out for electronic methods. Importantly, the guidance contained the FDA’s recommendation of a standard -- Electronic Product Code Information Services, or EPCIS -- for the exchange of transaction data between trading partners.

The first part of the July release clarifies the definitions of each type of business in the pharma supply chain under DSCSA, and which licenses and requirements enable them to operate as Authorized Trading Partners. In particular, it addresses entities that are less common, or may fit more than one definition, such as private-label distributors, salvagers, returns processors, and reverse logistics providers. Further, it details the licensure and reporting requirements for 3PLs and wholesale distributors (WDDs). Trading partners at all points in the supply chain now should have a clear picture of what will be expected in terms of state and federal licensure, and what data they’ll be required to capture and make available.

That a new set of definitions was necessary, and that the FDA acknowledged the need for greater clarity over their initial handling, points to the release’s intent to add certainty and shore up lingering points of argument that could stall compliance in the remaining months to November 2023. The FDA’s other release affirms this further, adding an interpretation of “interoperability for enhanced drug distribution security” that specifically calls for the use of electronic transaction information and transaction statements. It’s a point that may not seem to need clarification, as nearly every other facet of DSCSA seems to reflect electronically stored, accessed, and exchanged data; however, it removes any possibility that companies could either intentionally or unintentionally continue doing business outside DSCSA compliance.

EPCIS Recognized As The Industry Standard

The FDA recognizes that the GS1 global standard EPCIS has emerged as the best tool to carry out its intentions for DSCSA, having gained industry consensus as well as the FDA’s own approval: “FDA believes that EPCIS is an appropriate globally recognized standard, and FDA understands there is considerable agreement among stakeholders that EPCIS is a suitable standard to adopt for the enhanced drug distribution security requirements.”

The passage also emphasizes that pharma businesses ought to “make a collaborative effort” to follow the shared standard. While the FDA says it’d be unreasonable to expect all players to “rely upon a single technological approach,” it does find it appropriate to recommend that they accept the EPCIS standard (and that they use additional systems and practices to ensure confidentiality and security).

EPCIS's strength largely lies in the fact that each file is entirely composed of events, providing a detailed look at each step in an item's history, including manufacture, aggregation, distribution, and sale. As such, EPCIS exchange between organizations, whose personnel can leverage interoperable connections between systems, provides strong traceability and transparency.

With the FDA supporting EPCIS, it becomes clear that trading partners who do not adopt the standard, and onboard the necessary connections to exchange these files, risk damaging themselves and their partners. The FDA recognizes EPCIS as both the most secure data standard in the industry and the path of least resistance thanks to its existing uptake. As LSPedia CEO Riya Cao said during a September 2022 webinar, “There’s no looking back. The FDA has confirmed it, and the industry has conformed.”

While alternatives are available, companies who do not standardize on EPCIS will likely be increasingly few in number, thanks to both the merits of EPCIS and the necessity of using it to do business with existing trading partners. Opting for a different standard will pose a greater nuisance as well as a business opportunity cost, given that the majority of businesses in the prescription drug supply chain will require EPCIS for data exchanges.

With that said, the DSCSA deadline itself is the last item to study. The fact that these are the final DSCSA guidance releases prompt a tricky twofold question: With November 2023 fast approaching, and these being the last such announcements – will that date stand, and is it appropriate to take action based on this draft guidance?

The DSCSA Deadline Will Be Enforced

It’s critically important to understand that there is every reason to believe that DSCSA’s final deadline will be November 27, 2023. The deadline concludes a 10-year phased rollout, every other step of which has now passed. The intent of the release was to provide broadly applicable direction with enough notice for companies to transition to compliant methods and systems by the deadline.

Given that perspective, the remaining eight months seems a rather short span of time for those who haven’t made much progress yet to enact significant changes. Such businesses will need, among several other updates, to form individual interoperable connections with each of their trading partners, a repeated process that can take weeks or months.

On the downside, these companies are at risk of seeing their operations grind to a halt when partners are unable to accept their data, and could face state and federal audits. On the upside, education and sensible peer pressure from compliant trading partners – toward simply being able to do business as usual after November 2023 – is likely to push such businesses to take the necessary steps to comply.

Further, there are now readily available, easy-to-use, and affordable solutions for both DSCSA implementation and maintenance, led by OneScan, which includes its Investigator technology to automate the difficult problem of exceptions management, and Onescan EDGE for warehouse management.

Plan Your DSCSA Implementation Ahead

Leaders responsible for compliance who have been waiting to take action on DSCSA should act quickly. Planning for DSCSA is a complex, multi-pronged process, and taking a piecemeal or “bolt-on” approach — or failing to understand DSCSA’s full implications for one’s business — comes with harsh, and possibly hidden, tradeoffs. For example, a data exchange solution without smart exceptions management tools or a robust quality system could still leave operations vulnerable to costly delays.

A well-planned integration built around compliance can carry positive effects on operational efficiency and cost. Companies can save money by simply avoiding what would be the additional costs that come with incomplete programs for exceptions management and verification. These tend to require more staff time or outside personnel to manage frustrating recurring problems, rather than fixing them at the system level.

Pharma businesses can also see long-term productivity and efficiency gains from proactively working with solutions experts who can analyze a business’ progress and vulnerabilities to determine the best fit. In short, solving for DSCSA proactively will always save more time, labor, and stress than doing so reactively.

The remaining months to implementation will hold unknown challenges, such as a new wave of exceptions resulting from this year’s massive increase in EPCIS exchanges, but that only makes it more important to make good use of the information, tools, and guidance that are already available.

Contact LSPedia today to ensure that you're fully prepared -- well in advance -- to meet the DSCSA deadline.