By Michael Rowe, director, DSCSA/Serialization Services, Two Labs
In the seven years that I’ve been actively involved in DSCSA compliance efforts, I have lost count of how many times I have said, “In the future, on Nov. 27, 2023, the complete track and trace requirements will be in full effect.”
It has been challenging for me to adjust my language to say this November since 2023 is no longer in the future. With less than five months remaining until the requirements are fully implemented, I would like to share my perspectives on the industry’s progress regarding the three main requirements – serialized data exchange, enhanced verification, and tracing – and additionally, the valuable lessons we have learned in the last few years.
Serialized Data Exchange In An Interoperable Manner
In my last article, published in December 2021, I emphasized the need for life sciences companies to proactively prepare for establishing EPCIS data exchanges to prevent a “bottleneck” scenario. Unfortunately, over the past 18 months, the Two Labs DSCSA team (working on behalf of several pharma manufacturers and wholesalers) has observed that several companies are still unprepared and not actively engaging in data exchange. Troubleshooting and working through errors don’t happen quickly. We have noticed extended SLAs and a decrease in responsiveness among service providers. A testing process that would typically take two weeks is now being quoted with a 10-week waiting period before it can be addressed. This is the result of a large influx of testing and onboarding requests as well as insufficient provider resources. Doing the testing simply takes longer than you think.
Wholesale distributors have issued letters expressing concerns about suppliers who are not responding to requests for EPCIS exchange onboarding. They have also begun informing manufacturers that they will enforce penalties or return products if they do not receive pharmaceuticals accompanied by comprehensive, aggregated EPCIS data. This action may take effect as early as Aug. 1, 2023. Consequently, the situation appears bleak.
And the deadline really is much sooner than Nov. 27, 2023. Without any grandfathering guidance from the FDA like the industry received when the serialization requirements kicked in, the supply chain must consider the inventory purchased before the deadline when you don’t have the data. So, this means that the deadline for most companies is likely three to four months earlier because of the variance in the time between a purchase date and subsequent sale date.
Based on my experience with companies that made preparations beforehand, here are some valuable insights gained:
1. Master data exchange is overly manual and cumbersome. Serialize your data.
Master data management is currently a very manual process, with data being communicated via emailed spreadsheets of varied formats and data being entered by hand. This creates confusion about the GLN/sGLN formatting of the header and shipper information and increases risks for typos. It is crucial to prioritize the organization of serialized master data, as having clean data in the channel is key to having streamlined data exchange, avoiding “garbage in, garbage out,” and wasting time having to reconfigure data sets.
2. Testing can be streamlined among service providers.
Initially, we discovered that teams wanted to have regular cadence calls to align their testing expectations. The aim was to outline various scenarios and create test data and scripts. However, as different service providers consistently tested with one another and file formats remained consistent, conducting repetitive tests for each supplier-distributor combination became redundant over time. We observed several companies adopting a “handshake” approach to testing, wherein the primary focus was sharing master data and migrating to production. This approach isn’t without fault, though. Sometimes we would still see that even though data was coming from the same service provider, it wasn’t always formatted the same way across clients.
3. Trust but verify that connections are actually “working.”
While receiving an email confirmation that the EPCIS connection is “good” might be reassuring, it is essential to review data consistently to ensure they are reaching their intended endpoints effectively. We encountered multiple instances where we received the green light indicating everything was functioning correctly, only to discover during a data audit conducted 90 days later that no data was being transmitted and no error notifications were being investigated. Therefore, it is crucial to proactively reach out to your customers (whether that be wholesale distributors, specialty pharmacies, or dispensers) with whom you may have already conducted tests to confirm that data is indeed reaching their systems as intended.
4. Exception handling is going to be cumbersome to manage.
I had a client who encountered a situation where the last four units of a lot were unable to be packed for the shipment because they were mistakenly marked as “sold” to another customer despite the cycle counts showing that the inventory was accurate. This means that there was an error during the outbound scanning process that went unnoticed. As a result, updating the data now required contacting multiple customers to inspect their inventory, creating a cumbersome task. If customers are not actively scanning or validating products, we lack a clear understanding of the data quality. Resolving these issues will pose a steep learning curve for the industry, especially when the product is in quarantine. Testing now will only uncover those issues and allow your organization to prepare. Trying to learn after the regulatory deadline is never ideal.
Calls To Action:
- It is imperative to take immediate action by actively involving trading partners in sharing master data and formulating a testing strategy. At this late stage, prioritize simplicity and efficiency over testing every conceivable scenario. Engage in discussions with your trading partners and service providers to explore the possibility of participating in “batch” testing, where multiple customers are tested simultaneously. If you haven't already begun these efforts, it may be challenging to meet the deadline. Prepare for the worst-case scenario by being ready to request a waiver or exemption from the FDA.
- Start the development of exception-handling procedures, understanding that it may be challenging to establish comprehensive standard operating procedures (SOPs) due to the limited number of learning cycles available to inform best practices. Even if you feel that you’re lacking details for full procedural instructions, it is crucial to align and clearly define roles and responsibilities within your organization. I strongly recommend reviewing the published HDA DSCSA Exception guidelines, which are expected to undergo further refinement.
Verification requirements have been a topic of discussion for quite some time, going back to 2017, when manufacturers began serializing products. Verification has been an ongoing obligation that extends into 2023 and is necessary whenever there is a saleable return or as part of a suspect drug investigation. However, what is changing is the expansion of requesters to include all sectors of the industry, including dispensers.
Additionally, as distributor saleable returns verifications transition away from enforcement discretion, the number of verifications is expected to increase significantly, reaching approximately 60 million per year. It is important to note that when distributors link serialized transaction information with returns, hidden defects within the supply chain are likely to become apparent. This revelation may occur when customers attempt to return products for credit only to find that they cannot be verified due to missing or incorrect data. These issues will surface and could impose a financial burden on the system.
Calls To Action:
- As stated earlier, implementing serialized EPCIS data exchange is crucial to alleviate the verification burden, especially regarding distributor saleable returns.
- The potential effectiveness of the verification router service (VRS) remains uncertain, particularly regarding its adoption within the dispenser community. Pharmaceutical manufacturers should assess their verification needs and determine whether the VRS would provide value in the short or long term.
- It is essential to review and enhance verification and suspect drug SOPs to ensure they are comprehensive and capable of managing potentially increased input volumes. Cross-training on the SOPs should be happening now.
- Stay vigilant in monitoring returns that may present challenges or opportunities. Consider leveraging return credit processing as a potential value-added option for the industry.
Another requirement that still needs clarification within the industry is the tracing requirement. Section 582 (D) and (E) of SEC. 203 in the Drug Supply Chain Security Act outlines two distinct tracing obligations under the enhanced drug distribution security requirements.
Essentially, trading partners must be able to provide the serialized transaction information in the event of a suspect drug investigation or recall, which many will think of as a detailed shipment report. While this requirement may seem straightforward at first glance, several questions arise when delving into the specifics. How many requests will be made? How can one ensure the requesting party is authorized to obtain this information? What is the expected response time? Are there confidentiality concerns? In what format will the requests be made (i.e., phone calls, emails, system notifications)?
In short, 2023 (and likely the first part of 2024) will be a busy time for the DSCSA community, filled with many uncertainties. Relying on the hope of another FDA delay is not a viable strategy. Even if the FDA exercises enforcement discretion, it is unlikely to provide companies with a significant extension. If the FDA offers grandfathering guidance that only applies to legacy inventory and not new products entering the supply chain, the November deadline remains applicable.
If your organization is not actively working toward achieving compliance requirements and planning for life after the deadline, there is a significant risk of being unable to distribute pharmaceuticals or adequately respond to inquiries from state boards of pharmacy or the FDA. I do not recommend using a fallback strategy of asking the FDA for a waiver or exemption. My ultimate piece of advice is to stay engaged with the conversations that are happening (attending the HDA traceability seminar in August would be beneficial), leverage others’ insights to inform your best practices, and, of course, test, verify, and move on/push forward to the next test.
About The Author:
Michael Rowe is director of DSCSA/Serialization Services at Two Labs. He leads a team of DSCSA experts and has supported over 45 pharmaceutical companies in their DSCSA compliance efforts. Prior to Two Labs, he came from a major wholesaler (Cardinal Health), where he worked on DSCSA projects related to all sectors of the pharmaceutical distribution model. Rowe is also a certified Lean Six Sigma Black Belt.