Guest Column | June 27, 2019

DSCSA's 2023 Interoperability Requirements: Don't Just Check The Compliance Box

By Mark Karhoff, Ten Count Consulting, LLC

I recently had the unfortunate opportunity to experience how important lifesaving medication is and how important it is to know that it is securely in the right place at the right time with the right information. I awoke one morning in July of 2018 with an extreme fever, shaking, chills, and nausea.  Twenty minutes later, I walked into an emergency room with a 104-degree fever. After a day of tests, it turned out I had an E Coli infection in the blood, possibly as a result of something I ate the previous day.  As my doctor explained my treatment and the antibiotics that would be administered, a thought occurred to me.  If something I ate was the source of the problem and I had no idea where it came from, shouldn’t I be able to ask where the drug being injected to treat the sickness came from?  If a manufacturer had issued a recall that day, did it know that this drug was not a part of it?  As someone who was working closely with pharmaceutical companies to help them meet the requirements of the Drug Supply Chain Security Act (DSCSA)1, I already knew the answer to the questions, but it didn’t change just how wrong it was that the information was not readily available.  

As someone who spent  years implementing over 40 projects and managing supply chains in pharma and other industries (automotive, electronic, grocery, and a few others), it is my opinion that the law is also a direct result of the slow adoption of technology, lack of trust, and highly fragmented supply chain that is the U.S. pharma supply chain. 

In an industry that is struggling with a seemingly endless wave of negative press, such as the opioid crisis, drug pricing controls, and diluted medicines, the natural reaction by many is to hunker down, keep data close at hand, and bring in the legal teams to make decisions. However, it’s time for manufacturers, distributors, and pharmacies to see that well-designed openness and transparency can save lives and add value to their businesses.  Many believe that the DSCSA, passed in 2013, will help drive this openness in its requirements around interoperability called for in 2023, but I would like to suggest that a much higher level of coordination than simply complying with the law is needed.

The law is complex and written in a way that is “intentionally ambiguous,” with the expectation that industry collaboration would help determine the best path forward and provide input to the FDA for the related guidance documents to be generated.  As we move closer to the key portion of the law that some call “2023 interoperability,” it has become clear that the industry has some critical choices in its immediate future. 

Most U.S. pharma industry professionals I have met are aware of DSCSA and that the law calls for some key requirements, including:

  • “Serialization” of prescription drugs with bar code encoding of a unique identification number with other critical data, such as expiry date and lot number (in effect since November 2017)
  • The creation of an interoperable system by 2023 to facilitate the sharing and gathering of transactional information back to the packaging at the original manufacturer for authorized trading partners or government agents in the event of a suspicious or illegitimate product.

As you delve into the details of how this 2023 interoperability system might work and what components and governance might be required, the range of options and opinions begins to expand to a point of causing anxiety and confusion for many.

Spirit Of The Law Or Letter Of The Law?

It is hard to group the various thoughts, approaches, and camps that seem to be forming around DSCSA, but for more clear understanding, I would say opinions tend to lean either to following  the “spirit of the law” or following the minimal “letter of the law” (with related guidance and standards). A good test as to where your company might fall on this topic is whether your intention is more about  completing a compliance task or about advancing patient safety and the industry as a whole.

The letter of the law group tends to focus first on the requirements of the law and related final guidance documents indicating what a company or sector must do in order to be considered compliant. This group proceeds in a manner that allows them to check the box of compliance and avoid time on areas that are not required and that may take even more work.  I would not say the intent is in completely avoiding additional value (such as transparency for patients, cost reduction, better industry forecasting), but it is generally less likely to look longer term at problems or opportunities.  It is a reasonable position given that moving to the other group means taking on the risk of venturing into choppy waters. The letter of the law is also a good position to take to ensure you completely avoid the possibility of exposing data that competitors may find beneficial.  The significant drawback of following the letter of the law is it risks missing a larger benefit of an interconnected pharma supply chain.

The spirit of the law group tends to look at why this law was written and what is the best way to proceed that maximizes those objectives. My experience is that this group tends to be more open to looking at longer-term concerns and how to proceed in a way that provides more possibilities for future benefits or value. In the case of DSCSA, the law was passed to address the growing number of states that are reacting to events and signs that the U.S. supply chain (legitimate and illegitimate) is becoming less secure. The examples continue, per a recent white paper published jointly by NABP, NADDI, and PSM, which states: “Counterfeit medications that can kill someone with a single pill are a reality that is increasing at an alarming rate.”2

Why True Interoperability Is Needed Now

Compared to other industries, the pharma industry has been slow to fully adopt integration technology and sharing information.  There are still companies that are just beginning to use data integration technologies and just in time principles that have been in many industries since the 1990s.

Patients deserve to know every possible detail about the medicine that is being administered.  The fact that they cannot simply pull out a phone app or ask a pharmacist or nurse to find out where a drug was made and see a clear chain of ownership and be certain there are no recalls leaves the door open for tragedy or delays in responses. The technology exists and we, as a collective industry, can make it happen, but it requires boldness and evolution to a new way of thinking.

Some companies in the industry are expressing a growing understanding of this new thinking, as evidenced by these quotes on the possibilities of blockchain to help advance interoperability:

  • “Reliable and verifiable supply helps improve confidence among all the stakeholders we serve — especially patients — while also strengthening the foundation of our business,” Craig Kennedy, senior vice president of supply chain at Merck3
  • “We are hopeful that it could one day lead to a fully digital chain of ownership that could further reduce the risk of illegitimate and diverted products in the overall pharma supply chain,” Marc Watrous, senior vice president of managed care and customer operations at Genentech4
  • “Our customers also need to know they can trust us to help ensure products are safe,” Karim Bennis, Walmart’s vice president of strategic planning and implementation, health and wellness3
  • “Pharmaceutical supply chain is another area that Blockchain can provide a lot of value to; also, blockchain can help overcome the increasing risks around counterfeit and unapproved drugs,” Hesham Mourad, ASHP Connect.5

A Once-In-A-Generation Chance For Evolution

While DSCSA is mostly, as the name suggests, about keeping the drug supply chain secure, it represents much more than a new square bar code on a box. It represents a compliance reason to build a more informative pharma supply chain that can empower scientists, doctors, nurses, and pharmacists to have life-saving information at their fingertips in any area of the supply chain. Unfortunately, the vagueness of DSCSA’s requirements allows those who are mostly concerned about minimally meeting regulatory requirements and short-term cost control to bring in legal teams to back their decisions  that ignore the true possibility of DSCSA.

So, what could happen if the industry embraced the spirit of the law and worked to bring true interoperability? The possibilities are seemingly endless, but here are the ones that come first to mind for me:

  • Empowering the patient.  Any patient should be able to easily see where a drug has come from and be 100 percent certain that it has not expired, is not related to product being investigated as suspicious, and has not been recalled by a manufacturer at that exact time. A more integrated supply chain could accomplish all of these, while the system that exists today can take days or weeks of phone calls/emails and investigation to understand whether there is a problem.
  • Let the doctors and scientists connect. Tracking and tracing unique identifiers (serial numbers) through the supply chain can provide a vital link from the production of the batch all the way to the bedside scanning or pharmacy dispensing of an Rx product. While there are shortfalls in the law’s requirement to only track to the “saleable unit” and not to the unit dispensed, these can be bridged as use cases, technology, and guidance evolve. Imagine scientists who are designing a drug receiving near real-time feedback on any safety concerns and effectiveness.  As one hospital system analyst said at a trade group meeting I attended, “We are swimming in research white papers; we need real-time useable data on products’ effectiveness.”
  • Enable real-time collection of event data. In the event of a dangerous product (whether counterfeit or a quality issue) the objectives of the FDA and other federal and state officials are to protect patients and find the source of the problem. What if that information was collected in minutes instead of the days and weeks presently required to work back through fragmented systems? Could we prevent patients from being injected within minutes, or do they need to wait for people to make phone calls across companies not willing or able to easily share data?
  • Value beyond compliance.  I could write an article on this topic alone, but there is a long list of problems in the pharma supply chain that could be improved by simply better connecting supply chain stakeholders at a unique identifier (serial number) level. Some examples include recall management, enhanced patient outcomes tracking, expired product returns, reduced inventory shortages, clearer product information, trackable opioid distribution patterns, signals to consumers of industry transparency, and more.

Reasons to Think Beyond Compliance

I am encouraged by all the hard-working and caring professionals I have met in and around the U.S. pharma supply chain.  It is my hope that they will see the above signs and make the right calls and tough proposals to their leadership, but if they need any justifications, here are a few:

Amazon is coming! While I cringe at the idea that companies like Amazon will easily adopt and engage in the pharma supply chain, I know it will much more likely happen if today’s inefficient systems keep distribution costs high.  I have no doubt Amazon can do it competitively and with package traceability, as they have done it in many other industries, and Amazon deliveries are already happening at a growing number of hospitals and pharmacies.

  1. Personalized medicine revolution.  It should not be a surprise that a drug that works well in a fit young Hispanic American in Los Angeles may not work the same in a slightly overweight middle-aged male of European descent in Chicago.  Serialization and a fully connected supply chain in either direction provides an opportunity to link patient outcomes and characteristics of their very specific sicknesses back to scientists working on formulations.
  2. Partial interoperability won’t solve the problem. For those holding on to addressing the “letter of the law” and sharing data in a one up and one down manner, I have news for you: It gets ugly.  In the event of a serious occurrence, lives could be put in jeopardy while the FDA and state officials try to follow the path of the drugs up the stream. Systems could easily be out of sync if one party in the chain has information that fails to replicate back and forth through the supply chain in the proper sequence. A more centralized and integrated supply chain could enable this data to be shared and managed in a more efficient, managed, and accurate manner.
  3. The FDA’s hiring provides a signal where things should be going.  It is not a coincidence that the FDA has brought in technologists familiar with the newest tracking concepts, such as blockchain, to guide its plans in food. The parallels to the prescription drug supply chain are very relevant when you focus on the need to track dangerous or potentially harmful products.


While I know there are many large hills to climb for the industry, the convergence of regulatory requirements, technology evolution, and eroding trust in the pharma industry provides a once-in-a-generation chance to bring life-saving and monumental cost reduction possibilities to an industry that has become a drain on our entire GDP. What can you do? Get involved or, at a minimum, join the conversation, talk with your trading partners, reach out to groups conducting pilots on 2023 interoperability. The time to make a decision is now, while the FDA is overseeing industry pilots that will very likely be used to develop guidance and frame requirements for years to come.  Consider looking beyond checking a compliance box and help transform and protect the supply chain we all depend on for life-saving medicines.



About The Author:

Mark Karhoff is a supply chain consultant and founder of Ten Count Consulting, LLC, which provides clients guidance with program management, supply chain solutions, as well as DSCSA and global serialization compliance and readiness assessment.  Mark has over 20 years of experience in supply chain operations and systems. He is currently working with multiple pharmaceutical supply chain clients in the implementation of serialization and integration projects to meet global serialization requirements, improve patient safety, and achieve value beyond compliance.  You can reach him at or connect with him on LinkedIn.