The Drug Supply Chain Security Act (DSCSA) is a set of regulations aimed at improving the safety and security of the pharmaceutical supply chain. To date, the industry has focused on the roles that manufacturers and wholesalers play—their data integration requirements and level of readiness for the final phase of interoperability requirements coming with the November 2023 deadline.
Much less emphasis has been placed on the pharmacy component which is also subject to DSCSA regulations and participation in this new interoperable data ecosystem. Under DSCSA regulations, pharmacies and dispensers must comply with several requirements to ensure the safety and security of the pharmaceutical supply chain.
I recently had a conversation on this topic with one of our leading DSCSA solution experts, Octavio Rodriguez. He shared his insights on DSCSA requirements for pharmacies, the challenges they face and guidance we can give the industry as they push for November 2023 compliance.
Q: Can you talk about some of the differences between what pharmacies need to do today versus after November of this year when the full regulation goes into effect?
A: Consider the inbound receiving process at the pharmacy. Currently, they take the information from the advanced shipping notice and verify that the quantity stated is what they received by counting the actual number of items in the tote. The main difference going into November is that they will start receiving serialized data. After this point, for each product received they must verify the corresponding serialized product information for authenticity and for tracing with the digital record.
Q: Now, do you see them verifying each and every one of those items from serial number to serial number matching what's in the electronic record?
A: It really depends on their process, and how their operations are executed whether this happens at receipt or even at dispense. We anticipate receiving operations being the point of verification—to ensure that the product they're putting on the shelf has the corresponding data to match.
The only way to do this 100% is to scan and validate everything you're getting. There might be ways to help simplify this, but it also depends on the resources you have in place—the people and technology assets that you can leverage. This will be a significant change for pharmacy operations.
Q: And that's a great segue into something I wanted to address here, how the DSCSA as a whole is creating a digital representation of what's going on in the physical world. I always use the term “digital twin,” but it's a digital record that should mirror the physical product across the supply chain. Can you talk a little bit about what pharmacies and dispensers will face for compliance without a centralized solution?
A: It's going to be very challenging! you're looking at the dispense and pharmacy community, data integration is essential for optimal facilitation of all these requirements.
We see some solutions out there that are very distributor or supplier specific, like individual wholesaler portals where dispensers can verify certain elements. This becomes challenging post receipt—once that drug is on the shelf or dispensed—because the same product from one manufacturer may be distributed through multiple suppliers.
Imagine a mid-size pharmacy that has two or three distributors for the same product or one distributor and a direct contract with the manufacturer. If you receive a tracing request, for instance, you will have to search in multiple portals. One of the key benefits of having a central system is it doesn't matter where medicines come from—you can just scan the serial number and immediately access the required traceability information.
Q: Let’s talk about the documentation process. What does that look like?
A: Certain things that dispensers need to do, like confirming Authorized Trading Partners (ATPs) status or performing investigations, must be documented and these records must be kept.
You cannot just get to the result. You have to record all of the interactions and elements and screenshots into multiple different places. Plus, you are required to keep paper records secure for six years—and we know paper gets lost. This is very difficult to accomplish manually, without a centralized system.
Q: Understood. And you touched on one thing which I think critical here. One of the lesser talked about elements of the DSCSA is Authorized Trading Partner verification or ATP. It’s almost impossible in just a physical paper world. But in the digital world, it provides a good checks and balances element to ensure that data and transactions are being vetted and validated across different systems.
Can you talk about the approach that pharmacies need to take?
A: There are two elements here. You can go online and manually verify that the company is an authorized trading partner from the FDA website. But that doesn't automatically mean the data you're getting is from that trading partner. So, if you exchange data through electronic means, you need the security in place to ensure the data that you're getting is coming from who you are expecting the data to come from—and that the trading partner is still a valid trading partner under the classification stipulated on the regulation.
Q: Right. How do you validate the data is actually coming from a specific wholesaler?
A: This is a distributed network of networks. The amount of data and information that is going to be exchanged is enormous. The fact that you must verify that product is coming from a trusted partner and not some nefarious actor in the supply chain, that's important. And this is where the credentialing on the electronic transactions is critical. It’s the only way to verify where that electronic message is coming from.
This gets more critical on the dispenser side because you might have a patient waiting for the medication. If it takes 24 hours for a manufacturer to respond to an authenticity request, then how is that helping the patient? We need automated systems that connect this network of networks in a trusted and safe way to get immediate verification of drug legitimacy (or not). In turn, it streamlines the process, keeps the product out of quarantine and enables dispense to the patient who needs it.
Q: As we wrap up, what do you see as critical for pharmacies when looking at a solution for compliance?
A: I believe there are two key factors. One, is selecting a vendor with a successful track record of delivering software solutions for the pharmaceutical supply chain. New solution providers may not know the data integrity requirements or have the experience to support this complex regulation.
The other thing to consider is managing exceptions use cases. Do you have a system and provider in place that allows you to verify alerts? Helps support your existing workflows? Enables you to add additional workflows that will work within your processes—especially when data misalignment exceptions occur?
Systech has been supporting the pharma industry for over 35 years. We pioneered pharmaceutical serialization and have the experience, the knowledge and the traceability solution to help dispensers achieve compliance. Learn more about our solution.