The Drug Supply Chain Security Act (DSCSA) isn’t exactly news to the pharmaceutical industry. But it still presents many challenges for distributors to overcome. The law was passed in 2013, and entities all along the drug supply chain have had years to adapt to its new requirements for unit-level traceability of prescription drugs. The law is gradually phasing in, so as not to overwhelm what is already a carefully controlled and monitored system.
- Manufacturers were required to have lot- and unit-level traceability by November of 2017.
- Wholesale distributors had to be ready and able to accept these serialized medications exclusively by November of 2019.
- Pharmacies were next, with a deadline of November, 2020 to be fully compliant.
- The final deadline, in November of 2023, is when all parties have to be able to trace medications down to the unit, and be linked with one another through an interoperable system reading, exchanging, and storing these codes and their respective transaction histories.
That’s the thirty second explanation of what is really a very complicated law regulating businesses whose products can be literal matters of life or death. To achieve full compliance by the 2023 deadline is going to require a lot of planning. This is especially true for wholesale distributors: the DSCSA requires traceable record keeping for every transaction where medications are sent and received. Manufacturers need to keep track of what they ship, while dispensers have to record everything they purchase. Distributors have to maintain compliance in both directions, while maintaining interoperability with both ends of the supply chain.
But having met the guidelines in 2019 doesn’t mean the job is done. Distributors will still need to prepare for 2023 and beyond. It’s one thing to have your own house in order, it’s another to make sure you can easily share information and work with all entities in the pharma supply chain. To create a sustainable computing ecosystem requires planning and forethought, and maybe a major tech refresh.
One size doesn’t fit all – compliance is key
This is always easier said than done, but a little planning in the present goes a long way toward easing the future. Whilst cloud computing is becoming ubiquitous SaaS solutions often suffer from a lack of industry specificity. This one-size-fits-all approach is especially counterproductive to something like DSCSA compliance, which has a very particular set of needs. For example, a wholesale distributor could, at first glance, think they have a wealth of options to choose from for an ERP platform. But how many of those have pharmaceutical-specific features? Some do, and you’ll need to do your homework to find out which ones fit your needs.
An ERP system tailored to the complex regulatory needs of the pharmaceutical world is essential to remain compliant in the long-term. But an even greater step is to consider ERP suppliers who partner with key industry service providers, like those who specialize in suspicious order monitoring, or connect into DEA systems to perform physician list checks. This interoperability with commonly-used software, driven by a well-documented open API, should be available from, and supported by, the vendor. Whilst a large distributor might have the resources, either in staff or with money, to create special, custom integrations, small- and medium-sized distributors should look into a solution that’s geared towards both their needs and IT strategy.
Data Retention: Where and how to store records
The DSCSA has strict guidelines on record keeping: it’s one thing for every pack of medicine to be serialized and traceable, but that doesn’t do anyone any good if the records aren’t saved for the right period of time to remain compliant. Toward that end, the law requires that the data for every transaction is stored for a period of six years. In addition to the serial numbers, a distributor would have to store the Transaction Information (TI), Transaction History (TH), and the Transaction Statements (TS). If an investigating body needed to access those records, wholesale distributors have no more than 48 hours to retrieve and provide the requested information.
When documents come with time-sensitive retention requirements, a lot of thought needs to be given to data storage. When considering how to best to do this, you’ll need to consider software that can both store and quickly provide access to records. Electronic document management is a best-practice at this point, and should act as an incoming funnel for all compliance-related documentation—whether it arrives to the organization by paper or electronic means. Technologies that provide document identification, classification and data capture, and that automatically store the electronic record in a secure cloud environment, will allow you to easily tie compliance information to transactions, making traceability requirements auditable with the click of a few buttons.
It’s important to remember that every organization along the supply chain can only change what is in their control. By shaping their internal processes and systems with the DSCSA in mind—not just as a matter of compliance but as a function of their very own business—distributors can set themselves up for continued and sustainable operations well beyond the last deadline of the law. If they put enough thought into it, they’ll be well prepared to meet the challenges of the inevitable next round of regulations.