Drug Supply Chain Security Act 2023 Deadline: 'All Parties Must Do Their Part'

A decade-long process to secure the safety and security of the pharmaceutical supply chain is nearing the finish line.

The pharmaceutical supply chain is gearing up for the final deadline of the Drug Supply Chain Security Act (DSCSA).

The DSCSA is a federal law passed in 2013. On Nov. 27, 2023, pharmaceutical supply chain entities such as manufacturers, distributors, and pharmacies will be required to provide serialized data in transaction information when a product changes ownership such as a sale from a manufacturer to a distributor.

To discuss the DSCSA and the 2023 deadline, HealthLeaders recently spoke with Elizabeth Gallenagh, JD, general counsel and senior vice president of supply chain integrity at the Arlington, Virginia-based Healthcare Distribution Alliance (HDA). The following transcript of that conversation has been lightly edited for brevity and clarity.

HealthLeaders: What is serialized data?

Elizabeth Gallenagh: Serialized data in this context means that the supply chain will have information related to transactions—sales of pharmaceutical products from supply chain partner to supply chain partner. This data will be at a finite level. Right now, we have serialized product at the manufacturer level, which is uniquely identifiable. We also have data exchange of transaction information that is being passed along, but that information is at the lot level. In 2023, the information will be unit-level data tied to a serial number for each product.

For example, now, we are passing transaction information statements and history that is not necessarily tied to a specific serial number. After the deadline, that serialized number will be incorporated into the data.

HL: What are the central purposes of the DSCSA?

Gallenagh: The overarching purpose was to protect the U.S. domestic supply chain for prescription drugs and to make sure that bad actors and counterfeit products were kept out. As part of those purposes, the goal was to put a framework in place so that if there was a bad actor or counterfeit product that entered the supply chain, that would be stopped and there would be a trail to enable prosecutions and find the source of bad products. For example, if a counterfeit was detected at a wholesaler, there are provisions in place in the law for identifying and investigating suspect or illegitimate product.

There is also a requirement for all trading partners engaged in the U.S. supply chain to be only dealing with authorized trading partners. So, the onus is on each entity—manufactures, wholesalers, third-party logistics providers [such as UPS], and pharmacies—to ensure that they are checking to make sure that their trading partners are properly licensed or registered with the Food and Drug Administration in the case of manufacturers.

Safety and security were the main goals, but another goal was uniformity. Before 2013, safety and security were tackled at the state level, and it got to the point where we had a 50-state patchwork of laws, particularly for wholesalers and the licensure area. It became clear it would not benefit the entire supply chain if California had one track-and-trace law, and Florida had another, and Virginia had a different approach, for example.

HL: What are the key elements of the 2023 deadline?

Gallenagh: First and foremost is the unit-level data exchange—what we call unit-level tracing capability. Right now, because DSCSA is a phased-in law over 10 years, many pieces of tracing capabilities are already in place. We already have serialization. We already have data exchange for each transaction. What we do not have is serialized data exchange, which requires many connections and interoperability across the supply chain. We also do not have a lot of engagement at the pharmacy level—they have the authorized trader requirement, and they also must be able to provide information when they are returning a product to a wholesaler. But pharmacies are facing more robust requirements. Hopefully, the entire supply chain will come full circle, and everyone will achieve the serialized-data level.

HL: What are the primary challenges of meeting the 2023 deadline?

Gallenagh: There are many challenges. The primary challenge is probably the connectivity piece—making sure that every trading partner can connect and exchange data with every other trading partner that they do business with. There are other factors that are related to connectivity and data exchange such as data quality and bar code quality. A product could be serialized and there could be systems in place at all trading partners, but there might be errors in capturing the bar code on the product, or there may be readability issues.

The other big challenge is that there is another component of the law related to uniform licensure for wholesalers and third-party logistics providers, and that has not been finalized by the FDA. There is a lot of work to be done in this area. The goal is to streamline what the states are doing and how enforcement across the states is working. In this area, there is a gap of knowledge in the supply chain about knowing what to expect on inspections and licensure. There is also a knowledge gap on the powers of the state boards of pharmacy and departments of health as well as how their interactions are going to work with FDA.

Another challenge for the 2023 deadline is a lack of understanding and engagement among the pharmacy community. There is a lot of concern that there is a gap in understanding on the part of some of the pharmacy customers of what they need to do, how they need to do it, and their level of engagement. The health system pharmacies and the large pharmacy chains have been engaged—many of them have been working on their own projects and testing. The bigger concern is the small, independent pharmacies, which may not have adequate resources and may be depending on their trading partners to help them.

HL: What are the main capabilities that pharmaceutical distributors should have in place before the 2023 deadline?

Gallenagh: We are hoping that many pharmaceutical distributors have capabilities in place already because of the ramp up over the past decade. They are going to need to have a mechanism to ensure that their suppliers and customers are authorized trading partners—whether they have staff or a system to check licensing. They are going to need to be able to receive and distribute serialized product. They are going to need to be able to receive and share serialized data, so they need to have connections established with their trading partners. They are going to need to have processes in place for identifying and investigating suspect and illegitimate product as well as be able to engage with their supply chain partners and FDA or the states on those investigations.

Many pharmaceutical distributors are testing now or trying to ramp up to get into compliance well before the 2023 deadline, but this is something that does not work with just one entity or just one segment of the supply chain. DSCSA was designed to be interactive, so all parties must do their part in order for interoperability to work.

The HDA will be holding its 2022 Traceability Seminar from Oct. 12 to Oct. 14 in Washington, D.C. The event will include discussions about the 2023 DSCSA deadline.