New DSCSA Compliance Blueprint Includes FDA & Industry Input

By Eric Marshall and Zach Howard, Partnership for DSCSA Governance

As we approach the final phase of a 10-year rollout of the Drug Supply Chain Security Act (DSCSA), which aims to create a more secure, interoperable drug supply chain in the U.S., pharmaceutical manufacturers, distributors, and pharmacies must all ensure they are ready for its full implementation starting on Nov. 27, 2023. Specifically, the DSCSA requires all trading partners in the pharmaceutical supply chain — that is, manufacturers, wholesalers, and dispensers — to implement secure, interoperable electronic systems and processes to uniquely serialize each individual drug package in the supply chain and trace their distribution.

Companies have not been left alone to implement the DSCSA. Several years ago, stakeholders throughout the pharmaceutical industry recognized a common need to create a shared vision for what an interoperable drug supply chain would look like under the DSCSA. To fill that need, the industry and the FDA created a public-private partnership known as the Partnership for DSCSA Governance (PDG). Their work has culminated in the recent publication of a Blueprint for 2023 Interoperability — a shared industry vision for achieving drug traceability.

PDG is a collaborative forum dedicated to developing, advancing, and sustaining an effective and efficient model for interoperable tracing and verification of prescription pharmaceuticals in the U.S. and assist the industry prepare for the DSCSA implementation date. PDG is made up of over 60 members who represent leading stakeholders among manufacturers, wholesalers, and dispensers within the world of pharmaceuticals. This strong, diverse, and knowledgeable group has allowed PDG to develop consensus best practices as DSCSA implementation looms.

The PDG Blueprint

Over the last two years, the pharmaceutical industry has worked through PDG to develop a shared vision for interoperable drug traceability, documented in the PDG Blueprint for 2023 Interoperability. The DSCSA requires the pharmaceutical supply chain to develop a cohesive critical mass moving in a common direction toward interoperability. The blueprint represents leading industry stakeholders’ best solutions to move in this common direction.

In 2021, PDG published the initial chapter of the blueprint, which explained how these compliance and business requirements affect every stakeholder in the pharmaceutical supply chain. In February and March of 2023, PDG published five additional chapters, which established the PDG functional requirements for each component of interoperability.

While the technical details outlined in the blueprint are critical for compliance with the DSCSA, PDG wants every stakeholder in the pharmaceutical supply chain to understand the deliberative process and consensus building that went into drafting the blueprint. A few facts about the drafting process illustrate its thorough process:

• Every chapter includes input from every sector, including solution providers and the FDA.
• Each chapter is the product of extensive discussion to reach consensus in the drafting work groups.
• After the drafting work groups finished their drafts of individual chapters, they underwent further review by PDG’s general membership.
• All chapters were approved through a supermajority vote of the general membership and a majority within each industry sector (manufacturers, wholesalers, and dispensers) to ensure sector neutrality and consensus.

PDG sought to achieve two goals in the blueprint. First, the members sought to bring together into a comprehensive framework the disparate components of industry work on DSCSA implementation. Tremendous work has been done by various industry groups over the past several years. GS1 US has driven standards for data exchange and interoperability, the Healthcare Distribution Alliance (HDA) has convened stakeholders to form a verification system, and the Open Credentialling Initiative (OCI) has worked on open specifications for digital credentialing. Before the PDG blueprint, however, none of these component pieces had been pulled together into one framework.

Second, where gaps existed, PDG developed new frameworks to fill those gaps. For example, little work had been done across the industry to define the method for tracing. In response, PDG developed its tracing information request and response protocol to fill that void, which can be found in Chapter 5 of the blueprint.

An analogy may be instructive. Imagine the DSCSA as a requirement to build a high-quality interoperable electronic car. If someone had already designed good specifications for high-quality tires and drivetrains, the auto manufacturer would incorporate these innovations into the overall blueprint for the car. If, however, no one had designed specifications for windshields and blinkers, an auto manufacturer would need to develop those systems from scratch. PDG has approached the blueprint in the same may, gathering disparate prior knowledge in one place and innovating where no prior solutions existed.

While it is important for pharmaceutical manufacturers to understand the substance of the new chapters, which we will delve into below, the process that went into those blueprint chapters should give stakeholders confidence that interacting with other trading partners and solution providers who adhere to the blueprint will support interoperability.

The Blueprint’s Six Chapters Of Guidance

Each of the six chapters of the blueprint build on each other to create the overarching vision for interoperability. Recognizing the technical nature of these chapters, each chapter is accompanied by a summary fact sheet that boils down the key points for anyone not intimately familiar with the DSCSA or supply chain interoperability.

Chapter 1 lays the foundation for interoperability by defining the business and compliance requirements. Colloquially, we think of these as “what” is required to achieve DSCSA interoperability. These business and compliance requirements are defined for each of the main components of the DSCSA:

• Interoperable Transaction Information Exchange: The 2023 requirement that trading partners exchange transaction information (TI) and transaction statements (TS) in a secure, electronic, interoperable manner, and the TI must include the product identifier at the package level.
• Interoperable Verification: The DSCSA 2023 requirement that trading partners be able to verify a product identifier on a package or sealed homogenous case in a secure, electronic, interoperable manner.
• Interoperable Tracing: The DSCSA 2023 requirement that trading partners maintain secure, electronic, interoperable systems and processes to provide TI and TS in response to a valid request and promptly facilitate gathering the information necessary to produce the TI for each transaction going back to the manufacturer.
• Credentialing and User Authentication: A process — which may be more manual or more automated — used by an organization to demonstrate that it is duly licensed/registered and is the organization it claims to be.

Chapter 2 provides an overarching description of the functional design for interoperability. In other words, “how” the business and compliance requirements in Chapter 1 can be implemented. This chapter introduces the DSCSA Enhanced Drug Distribution Security (EDDS) network. This network is a decentralized system of systems, where interoperability is accomplished through standardization of data interfaces and agreement on how trading partners interpret, manage, and respond to messages and events received from other trading partners or DSCSA authorities.

Chapter 3 defines the functional design for the exchange of Transaction Information (TI) and Transaction Statements (TS). In short, TI and TS are the data points included on any drug package (i.e., serial number, expiration date, date of shipment). The TI and TS exchange designs in this chapter provide detailed information on how the TI/TS Exchange components of the PDG-defined EDDS network will function. Included in this chapter are detailed functional requirements including use cases, system inputs and outputs, process flows, diagrams, and example TI Exchange scenarios.

Chapter 4 defines how verification should work under the DSCSA. This chapter is based on the high-level requirements for Product Identifier Verification found in Chapter 1. These PI are alphanumeric codes that uniquely identify each individual package. The functional requirements, existing requirements, constraints, guidelines, and specifications found in this chapter are a compilation of existing standards and specifications from both HDA and GS1.

Chapter 5 defines the function of design for tracing, which was newly created by PDG for this blueprint. This chapter provides detailed information on how TI and TS data is gathered to recreate or “trace” the ownership of a drug product going back to the manufacturer or re-packager in support of suspect, illegitimate, and recalled product investigations utilizing the PDG-defined EDDS network.

Chapter 6 defines options for functional approaches to credentialing. This is a process to ensure trading partners who interact electronically are identity proofed and duly licensed or registered as required by the DSCSA.

Why Should Your Business Care About The DSCSA?

These new requirements and complex processes might seem like unnecessary detail or even unachievable sophistication of system. This would be a mistake, as not only does DSCSA noncompliance carry stiff government penalties in the form of fines and suspensions but not paying attention to the DSCSA risks your company using obsolete business practices. With key players in all sectors of the pharmaceutical supply chain poised to embrace interoperability through the PDG blueprint consensus, not paying attention to DSCSA best practices risks your business falling behind as the supply chain digitizes.

While businesses should have been preparing for the Nov. 27, 2023, compliance date for the last few years, now is the next best time to start your company’s path to DSCSA compliance. The best place to learn how to start this process is through the PDG Blueprint for 2023 Interoperability, which can be found here.

About The Authors:

Eric Marshall is a principal in the Washington, D.C. office of Leavitt Partners and the executive director of the Partnership for DSCSA Governance (PDG), a public-private partnership between industry and FDA that is committed to implementing supply chain security protections in the U.S. At Leavitt Partners, he advises healthcare coalitions on health policy and provides consulting services to drug and device companies. A regulatory lawyer by training, he is an industry specialist in the areas of drug, device, and diagnostics regulation. A portion of Eric’s practice is focused on domestic and international supply chain security. Marshall leads Leavitt Partners’ alliance practice, helping the firm and clients with industry collaboratives committed to advancing sound health policy initiatives. Prior to joining Leavitt Partners, he practiced law, counseling healthcare and life science clients on regulatory, compliance, and transactional matters.

Zach Howard is an associate at Leavitt Partners based in Washington, D.C. His work is focused on the intersection of health law, policy, and regulation. Before joining Leavitt Partners, he worked as an attorney at a national law firm specializing in health law matters and serving healthcare provider clients. He also served as a clerk on the Select Subcommittee on the Coronavirus Crisis in the U.S. House of Representatives on the Majority (D) Side. Additionally, he served as a clerk in both the Office of the General Counsel, CMS Division, and the Office of Counsel to the Inspector General at the Department of Health and Human Services. Howard received his B.A. in American history from Washington and Lee University and his J.D. and M.H.A. from The Ohio State University.