Walking through recommendations for dispensers on the DSCSA and implementing recommended actions for pharmaceutical dispensers in serialization should be a necessary business step regularly. The United States Drug Supply Chain Security Act (DSCSA) was enacted on 27 November 2013. It requires pharmaceutical manufacturers, wholesale distributors, dispensers, and third-party logistics providers to comply with requirements to impede drug counterfeiting that have gone into effect or will go into effect on the 27th of November of various subsequent years.
Dispensers, such as retail pharmacies, hospitals, and physicians’ offices, have been required since 2015 to refuse to accept pharmaceutical products from a previous owner, such as the manufacturer or a wholesaler distributor, that could not provide paper or electronic versions of these data ( often referred to as “T3”):
- Transaction History: Documentation of each prior change of ownership starting with the manufacturer through the present transaction.
- Transaction Information: Documentation of product name; strength; dosage; National Drug Code Number; container size; quantity of containers; product lot number; transaction date; shipment date, if more than 24 hours later than the shipment date; and the business name and address of the previous owner.
- Transaction Statement: Documentation that the previous owner is authorized under the DSCSA; received the product from a person or entity authorized under the DSCSA; received Transaction History and Transaction Statement from that person or entity; did not knowingly ship a suspect product; had systems and processes in place to comply with verification requirements; did not knowingly provide false Transaction Information; and did not knowingly alter Transaction History.
Since 2018, pharmaceutical manufacturers have been required to print or engrave a “product identifier” on each saleable package. The DSCSA defines the “product identifier” as “… a standardized graphic that includes, in both human-readable form and on a machine-readable data carrier … the standardized numerical identifier, lot number, and expiration date of the product.” The “standardized numerical identifier”, in turn, is defined in the DSCSA as “… a set of numbers or characters used to uniquely identify each package or homogenous case that is composed of the National Drug Code that corresponds to the specific product (including the particular package configuration) combined with a unique alphanumeric serial number of up to 20 characters.”
Recommendations for Dispensers on the DSCSA: New Requirement
Dispensers will have an additional requirement under the DSCSA from 27 November 2020: “… a dispenser may engage in transactions involving a product only if such product is encoded with a product identifier …*”. (Note: Product for which documentation exists to prove that it was in the pharmaceutical supply chain prior to 27 November 2018 is exempt from this provision per FDA guidance.)
There are several considerations that dispensers must make as a result of this DSCSA provision:
- Product Acceptance: Dispensers will no longer be permitted to accept receipt of pharmaceutical products that do not have unique serial numbers. The law assumes that non-serialized products will be then have been flushed through the supply chain.
- Suspect Product Verification: From time to time, dispensers will need to determine whether products they receive are genuine or counterfeit. To do this, they will need to provide the serial number along with other product information to manufacturers within 24 hours according to the DSCSA.
- Scanning Capability: The preferred method for obtaining and sending these data would be for the dispensers to scan the 2D bar codes of suspect products. Factors impacting this consideration include:
- 2D bar code condition – which may have become degraded due to abrasion resulting from material handling from the manufacturers through the third-party logistics providers and the wholesalers.
- Scanner performance – whether the scanning capability at the dispensers will be sufficient to reliably scan 2D bar codes. Mobile phone scanners may be sufficient but more costly professional scanners, such as are typically used in warehouses, may have to be obtained.
- Training: dispensers’ personnel will need to be made aware of the new requirements so that they can deal with inquires.
Recommendations for Dispensers on the DSCSA: Future Requirement
Building on all the requirements that have gone before, the DSCSA will require full electronic track and trace capability be in place from manufacturers through dispensers from 27 November 2023. It is not yet clear how this requirement will be met. Multiple pharmaceutical manufacturers, wholesalers, distributors, and serialization system software providers have begun discussions on a voluntary Verification Router Service (VRS) that, if implemented, would provide this capability. The FDA is expected to monitor developments and endorse or criticize industry proposals. The FDA is highly unlikely to prescribe a solution.
Recommended Actions for Pharmaceutical Dispensers on Serialization
Despite the remaining uncertainty of how best, exactly, those operating in the role of Dispenser will ensure compliance with the DSCSA, there are practicable and meaningful steps that organizations should be taking ahead of time, even before decisions about technology solutions are made.
- Clean up Your Master Data and Familiarize Yourself with Global Standards Applicable to Serialization
One of the critical success factors for ensuring the accurate and timely flow of serialized event data from one node in a supply chain network to the next is having the systems data speak the same “language.” What this means in practical terms is that the specific product being shipped, transported, and received must be known in identical terms to all participants in these activities. For the most part, this alignment in data values for products depends on numeric or alpha-numeric identifiers being expressed in the same characteristic, and with the exact same value. If the Manufacturer uses the NDC for their product in the shipment message, but the Distributor is expecting to receive the EAN or GTIN for that product, they are not going to be seen as equivalent or identical without custom interface mapping – and that requires an investment of time and money. In some cases, this issue even holds true for purely alphabetical nomenclature: the Unit of Measure of a Single Saleable Unit of Commercial Product is typically known as an “Each”; but, if it is abbreviated as “EA” in one system, and “Ea” in another, there is a likelihood that the transfer of the serialized message between the two systems will fail. Troubleshooting issues like this can be laborious, and until the shipping data is resident in the system of the receiving entity, the product associated with that shipment cannot usually be sold or shipped to a subsequent customer. For purposes of dispensing to a patient or clinic, that product will be considered illegitimate under DSCSA.
While not usually as common a cause as the aforementioned scenarios, additional master data objects and values including – but not limited to – Trading Partner and Batch Data must also be identical and equivalent in all systems involved in a serialized shipment event.
In order to avoid having master data issues be found only when they impact active supply chain operations, everyone involved in a Dispenser’s network of suppliers needs to confirm and verify the data they are using before shipping serialized product to one another. Fortunately, in many cases, this will likely have already been at least partially accomplished when the supply chain partners began exchanging non-serialized shipment messages in the past. For example, this could have occurred with an Advance Ship Notice [ASN] through an EDI exchange platform. That said, it is unlikely that the actions taken to work around data-driven errors in a non-serialized environment will be potential options when serialized product and data are involved given the increased importance of data equivalency under a regulatory paradigm like DSCSA compliance. The exercise of data verification must be given high priority in a serialization implementation, regardless of the specific software system that will be used to manage and communicate it.
Furthermore, master data in serialized transactions makes use of global standards and protocols for the way in which serialized products, partners, and locations are identified, and in how the messages that convey serialized transaction data are structured. Many organizations may not be fully familiar with these yet. These standards are notable for their high adoption rate by global Life Sciences and Pharmaceuticals industries [meaning: while not technically mandated they are by now a de facto common standard] and they are robustly supported by a single non-profit organization with global presence, namely GS1 (www.GS1.org). Organizations not familiar with the standards themselves, the registration process involved, or the importance of alignment with trading partners, can find themselves facing several weeks – if not months – navigating a critical path while unprepared. As with not waiting until a serialized system implementation project to begin harmonizing more traditional and familiar master data characteristics with supply chain partners, Dispensers are advised to begin the process of obtaining a GS1 Company Prefix and having GTINs allocated to all commercial products as soon as possible. A comprehensive review and alignment effort for all the master data required for serialized operations is the first and best activity that can be undertaken by Dispensers.
- Prepare Your Organization for The Impacts of Serialized Operations on Existing Processes
There is a common perception of serialization that it involves applying unique numbers to commercial pharmaceutical product, and then building a data network to communicate those numbers between known trading partners. And this is all true. But, while this perceived description makes us aware that there will be changes to the artwork of packaged finished goods – adding a 2D data matrix, for example – and that additional logistics data will need to be exchanged electronically between trading partners, it does not give us a sense of the substantial impacts serialization makes on existing processes in a Dispenser’s operations. While a Dispenser – by definition – will not be updating or augmenting product packaging to comply with the requirements that a Manufacturer, Contract Packaging Organization, or Re-packager must follow, they will need to adapt inventory management practices to accommodate the new packaging they receive.
The hardware needed to decode the 2D data matrix present on packaging labels may not already be in the warehouses or receiving locations used by Dispensers, and the costs associated with replacing or upgrading the devices can be substantial. Anyone responsible for receipt of or handling of serialized products will need to know how to verify the product is legitimate, and whether it can be received at all. In cases where the data expected by serialization software does not match the actual product, it must be kept from active inventory until an investigation is performed. As DSCSA is enforced by the FDA, it is critical that the Government Affairs, Regulatory, and Quality business areas within the organization are fully informed of their responsibilities as a Dispenser under DSCSA, and what process must be followed in the event a product cannot be confirmed as legitimate. The Dispenser will also need to provide a means by which their customers and direct partners can submit questions or queries regarding serialized product they are in possession of, bearing in mind that any product that cannot be confirmed as legitimate must be treated as though it were adulterated until an investigation can be completed and the product either cleared for sale, or moved to quarantine, and destruction.
In addition, a challenge that all Dispensers will face leading up to the 2023 compliance deadline is that every potential location within their organization that provides commercial medicine products to a final consumer must be able to establish that product is legitimate, and create an electronic record showing that. Regardless of whether the act of product dispensing happens in an infusion clinic, across the counter at a national pharmacy chain location, or in a practitioner’s office, each of those locations, facilities and offices must be able to do three things: utilize technology to create an electronic record of the dispensed product’s receipt; be aware of how legitimacy of that product is established; and exercise responsibility for taking action if product legitimacy is suspicious. For all Dispensers in the complex pharmaceutical supply chain – large and small, technologically sophisticated or not – accurately understanding the work needed before November 2023 is a critical success factor.As with the prior recommendations, the preparation for changes in existing processes – as well as some that will be completely new and unique to serialization – can be started without having a formal serialization implementation project underway. Process design workshops, updates to Standard Operating Procedures and Work Instructions, and targeted communication sessions and training will go a long way to preparing the Dispenser organization for the coming changes in roles and responsibilities.
- Learn Your Trading Partner’s Abilities and Expectations
By the time a Dispenser is ready to adapt to serialized supply chain practices, they will benefit from the fact that their upstream trading partners will have adhering to the serialization requirements for several years in advance. There is obvious benefit in engaging with a Distributor, Wholesaler, or 3PL who has already implemented the operational practices to distribute serialized product, and the necessary technology to be the source of the requisite data that must accompany it. They are taking a lead role in key aspects of the actual enhancement of your supply chain network nodes to support serialization, primarily in the areas of technology integration and data management. This is not to say that the internal system and business requirements of the Dispenser are in any way secondary to those of the sending partner, but there will be opportunities for the Dispenser to avoid repeating mistakes, encountering risks or adopting short term solutions without future scalability because of the lessons learned by the rest of the industry since DSCSA was passed in 2013.
Specifically, the selection of serialization software for use by the Dispenser should be made with knowledge of the upstream systems where it will need to integrate. There is sufficient collective experience to help minimize the amount of customization needed to have one partner communicate data to the next.
In addition, early engagement with upstream partners allows negotiating responsibilities around exceptions in the serialized process – if product is damaged in transit, who decides if the serialized identifiers should be decommissioned? If product data carriers are scanned and found to be indicative of adulterated or counterfeit product, which partner is responsible for notifying the manufacturer?Establishing a working group with business trading partners is advisable before making the focus of the Dispenser serialization project a matter of implementing software and scanning serialized data carriers.
- Appoint a Serialization Ambassador
Given everything above – harmonizing master data, preparing internal stakeholder groups, understanding your trading partners’ requirements and expectations, the preparatory step with the greatest influence on a successful transition to serialized operations is to identify a single person with responsibility for leading this effort, and making this role their single focus. This serialization ambassador should be pulled from a position with experience and vision across the entire organization, or the result of a targeted recruitment effort, it is essential that they are given the visibility and authority to enact a complex business capability across a diverse business model. Focus on one or – even both – of these groups as the sponsor(s) or primary stakeholder group(s) of the serialization effort carries risks that may rise to the level of fatal to the effort.
For one, it may not provide the governance structure needed to cover the entire scope of impacted areas: Customer Relations, Regulatory and Compliance, and Quality functions must be involved as well. For another, the scale and scope of the work, including the time and materials capital investment needed for implementation is best managed from a level above a single functional area. While there are other scenario-specific risks with trying to give serialization solution projects to a single function within the Dispenser organization, suffice it to say that enabling serialization capabilities is of a nature that deserves the full bandwidth and enthusiasm of a dedicated, visible, and empowered individual to ensure all affected business areas are informed of the project, involved where necessary (and, as importantly, kept on the periphery when they are not ), and invested in the overall success of the project.The engagement of someone in the role of “Serialization Ambassador” should be the first of many smart decisions needed on the path to compliance with DSCSA in 2023 for a US Dispenser.
In sum, Dispensers should approach serialization with the mindset that the organization’s ongoing ability to receive and sell product in 2020 and beyond depends on it being successful and act on these recommendations for dispensers on the DSCSA quickly.
Because it does.
Contributions by Michael Marrone and Don Eberts.