Did Industry Fumble the DSCSA Deadline?

Like a football game where the ball is fumbled at the goal line, the US pharmaceutical supply chain must wait yet again for a complete traceability solution to take effect. When the Drug Supply Chain Security Act (DSCSA) was passed in 2013, it set a 10-year process of industry preparation for tracking pharmaceuticals at the package level, from point of manufacture to point of dispensing. In 2023, the FDA allowed for a one-year “stabilization period” before enforcing the law. Now, a year later, it has again deferred enforcement, depending on the type of trading partner, for six months to two years.

Going forward, the FDA has proposed a schedule for exemption expiration (i.e., when compliance becomes mandatory):

• Manufacturers and repackagers: May 27, 2025
• Wholesale distributors: Aug. 27, 2025
• Dispensers with 26 or more full-time employees: Nov. 27, 2025

Previously, dispensers with 25 or fewer employees were granted an exemption until Nov. 27, 2026.

Industry representatives generally supported the action, recognizing that a significant portion of the supply chain was still not ready. The position of the Healthcare Distribution Alliance (HDA), the trade group of wholesalers, was to “applaud” the decision, saying that “Given the interdependency of the pharmaceutical supply chain, FDA’s phased-in approach will allow supply chain partners to better align their data exchange processes to ultimately achieve full implementation.”

At the National Association of Chain Drug Stores (NACDS), the trade group “expresses appreciation to the FDA for making a sound decision,” while noting that its members were reporting receiving complete DSCSA data “for only about 25% to 50% of prescription drug products that dispensers receive.” Per DSCSA rules, “without compliant data and transactions, dispensers cannot accept ownership of the product, and the product either must be quarantined or rejected and sent back to the trading partner.”

But unofficially, there is some grumbling, including a belief that the string of deferrals will continue.

“The industry has taken massive, monumental steps to get to where we are today,” says Greg Cathcart, senior vice president at NNIT and president of Excelis Health Solutions, a longtime DSCSA specialist. “I’m disappointed that FDA couldn’t push this through and start slapping the bad guys.”

He is also suspicious that after the current postponements are expired, other delays could appear.

Another industry consultant, Scott Pugh, principal of Jennason LLC, is even more pessimistic.

“The [pharma supply chain participants] are not being forthright in why we continue to have delays,” he notes. “It won’t surprise me at all that there will be more delays in the future.”

The basic problem is that no one is asking why the interoperability of diverse systems, from a group of solution providers, is difficult to achieve.

“The EPCIS (Electronic Product Code Information Services) standard is robust, but different vendors are interpreting it different ways,” says Pugh, leading to incompatibilities that have to be resolved on a point-to-point basis.

EPCIS version 2.0, a standard developed by the GS1 organization for supply chain visibility, is used in a variety of industries besides pharma. Pugh’s comments hark back to the early days of pharmaceutical package “pedigrees,” and the belief that eventually, pharma supply chains would exchange information as smoothly as, say, international credit-card transactions by banks.

A more positive view comes from Elizabeth Gallenagh, general counsel and senior vice president, supply chain integrity, at HDA. She points out that each successive postponement by the FDA has led to tighter, stricter requirements to continue; the latest delay gives carte blanch to pharma trading partners but only if they are already testing electronic data exchange. The latest exemption from DSCSA compliance “is not meant to be a free-for-all if you haven’t done anything, or that you should stop doing anything," says Gallenagh. "Organizations need to continue to work through lagging trading partners, bringing the system to fruition.”

Dan Walles, serialization and traceability business leader at TraceLink, a leading solution provider, adds that many pharma trading partners are already up and running with their systems; within the TraceLink client network, a “terabyte a month” is being generated, representing billions of DSCSA transactions cumulatively.

Barcodes and WEEs

The intent of DSCSA all along has been to tighten up US supply chains and prevent diversions or counterfeiting of drugs—at the unit-of-use level—from the point of manufacture to the point of dispensing. According to HDA data, 99% of drug shipments received have these barcodes now. Earlier DSCSA compliance milestones called for sharing bulk data with trading partners. The “enhanced drug distribution system” nominally in effect now requires the individual barcodes to be tracked, and to be accompanied by trading-partner data to validate the transaction. The sticky part has been the ability to align the physical shipment with the electronic transaction (for example, shipments received without transaction data, or the latter without the former.)

Under full DSCSA compliance, a shipment must be quarantined at the respective trading partner until the data are verified. HDA data (as of the end of 2023) show that the wholesalers themselves were able to scan only 80% of incoming shipments for serial data; the task is also complicated in that 5% of the data were unreadable. These vagaries are why pharmacies, at the tail end of the supply chain, report 20% to 50% missing data for incoming shipments.

When there are such data gaps, what is to be done? The planned-for response is called “exceptions handling”—a manual, semi-automatic or fully automated system to correct the data gaps. LSPedia, a DSCSA software provider, has had considerable success recently with a product called Investigator, a tool that can automate some of the EPCIS syntax or data errors, and automatically generate an email to the originating trading partner for verification. According to Riya Cao, CEO, Investigator reduces the time spent resolving exceptions from days to hours (or less).

“We’ve run surveys of our customers on the exception frequency they are experiencing, and it’s gone down from 9.8% at the beginning of this year to 6.5% currently,” she says.

The currently indefinite regulatory situation has another component: the status of exempted manufacturers or other trading partners. In late 2023, FDA issued instructions¹ for "waivers, exceptions, and exemptions (WEEs)" to the then-looming DSCSA deadline. The program enables a party, typically a manufacturer, to apply for an exemption from DSCSA compliance when barcodes and related documentation are not finalized. The WEE is intended to have a set time limit, after which the party can re-apply.

The latest enforcement delay, announced in early October,² granted exemption to trading partners who are already exchanging DSCSA data. Trading partners who are not, and hadn’t previously obtained a WEE, were able to request a WEE until the end of November. (Left unsaid was the status of companies not exempted and not possessing a WEE.) This state of confusion could be a knotty problem for a wholesaler who is receiving exempted data, WEE data, and non-WEE data. LSPedia’s Cao says that her company is readying a new compliance module that will provide current data on trading-partner WEE status—in effect, a new data-tracking service to make up for the lack of compliant data.

VRS is happening

Yet another subsidiary component of DSCSA traceability is the process of handling saleable returns—a longstanding practice among trading partners whereby unsold drug stocks are returned for a refund. Some of these returns are discarded, but some of them (amounting to tens of millions of dollars annually in the US) can be resold. But to do that legally, the products’ tracking data must be received, validated, and reissued when a transaction is made.

The mechanics of processing these data was not formalized under DSCSA, but industry, led by HDA, created a verification router service (VRS) to enable the current possessor of product to obtain tracking data from its origin. (Since the product might have changed hands multiple times in the supply chain, it is not automatically known who the originator of the product is.) According to industry sources, the VRS system, which requires collaboration among the solution providers that are generating and storing DSCSA data for their clients, is up and running, although its use is not universal. (Trading partners who are bothering to collect the data can also find its source manually through their own efforts.)

According to HDA, the current members of the VRS Provider Network are: Antares Vision Group (which includes the solution provider rfXcel); LSPedia; Movilitas.Cloud; the National Association of Boards of Pharmacy (NABP); Optel; Tracelink; and Trust.med.

Who are you?

Within the VRS Provider Network, NABP, which represents state-level pharmacy regulation, has set up a service for its members overseeing retail pharmacy. The service, Pulse, is designed to make it easy to verify the identity of a trading partner. This becomes more necessary as transactions move from a face-to-face negotiation between buyer and seller to an online marketplace abetted by DSCSA-validated transactions. In other words, both the product and its seller can be authenticated with the appropriate digital signatures.

Pulse, in turn, has a group of vendors that offer interoperability with their data: Antares Vision Group (rfXcel); Axway; Engineering Industries eXcellence (owners of Movilitas.Cloud); InfiniTrak; LedgerDomain; LSPedia; Optel; and Systech.

LSPedia’s Cao calls NABP’s effort a “noble vision,” but notes that take-up among retail pharmacies has been limited (recently, Walgreens announced its participation). The trading-partner-identification process also affects the rest of the supply chain; trading partners worry about an anonymous request within a network seeking either to extract or to inject information that could affect downstream transactions. Yet another effort, managed by the Open Credentialing Initiative (OCI), seeks to provide technological solutions to validated identification. The sponsors of this organization (all of which specialize in digital credentialing) are: LedgerDomain; Legisym; Spherity; and Trust.med.

Network effects

A vendor that has established a preferential position in the DSCSA compliance space is TraceLink, which is aggressively moving to take advantage of the relatively large client base it has. According to Walles, TraceLink has more than 1,600 clients globally, to which some 290,000 trading partners have linked. A long-standing part of TraceLink’s business model is that a client can onboard its preferred trading partners; and once those trading partners are in the network, they are identifiable to other TraceLink clients.

Walles says that the current version of its DSCSA platform, Magnum Opus, is being built out with 50 types of business transactions, all of which depend on “serialized data as a tool to provide visibility across the supply chain.” One example of this functionality is a digital recalls tool, which automates the workflow for managing a product recall from pharmacy shelves, typically a highly manual process. With the appropriate serialization data, the recall can be targeted to the specific lot or item numbers, and where they are stored. He says that this capability is an example of the “value beyond compliance” that practitioners in the field have been hoping for; and it’s “making a meaningful positive impact” on pharmacy operations.

Last year, the company announced the Multienterprise Information Network Tower (MINT), a resource to enable the trading partners along a supply chain to share information and coordinate activities. Between that and the Magnum Opus platform, the solution provider expects to foster an environment where other supply chain specialists can link their systems and distribute trading-partner data faster and more effectively. Most recently, it announced a collaboration with Tecsys, a software provider of warehouse management systems, to this end.

Tweaks targeted

Even as some participants in the pharma supply chain struggle to get compliant DSCSA data systems up and running, others, already well along in implementation, are looking at business improvements. At Excelis Health Solutions, CEO Greg Cathcart says his company is involved in an effort with a major retail organization to rationalize inventories across a large number of retail outlets.

“The company wants to be able to decide, when inventory is low at one outlet, should it reorder from the supplier, or move inventory from another outlet,” he says.

The pharma industry is at the point where high-performing organizations will out-compete the poorer ones, through better use of their DSCSA investments.

References

1. FDA, Waivers, Exceptions, and Exemptions from the Requirements of Section 582 of the Federal Food, Drug, and Cosmetic Act: Guidance for Industry (August 2023). https://www.fda.gov/media/113342/download

2. FDA, Waivers and Exemptions Beyond the Stabilization Period (October 9, 2024). https://www.fda.gov/drugs/drug-supply-chain-security-act-dscsa/waivers-and-exemptions-beyond-stabilization-period

— Nicholas Basta is Founder and Editor Emertus of Pharmaceutical Commerce