Industry, FDA Advance Drug Supply-Chain Security Plan

By Patricia Van Arnum - DCAT Editorial Director

August 4, 2021

The bio/pharma industry is moving to meet a November 2023 deadline, under the Drug Supply Chain Security Act (DSCSA), which requires manufacturers to set up electronic systems to track their products through the supply chain. An industry consortium, chosen by the FDA to pilot such systems, has released a blueprint. What else is planned?

DSCSA implementation moves forward

The bio/pharmaceutical industry, its supply-chain partners, and the US Food and Drug Administration (FDA) have taken additional steps to implement the Drug Supply Chain Security Act, which was signed into law in November 2013. Phased in over a 10-year period, the DSCSA outlines steps to build an electronic, interoperable system to identify and trace certain prescription drugs as they are distributed in the US. Additionally, the DSCSA directs the FDA to establish national licensure standards for wholesale distributors and third-party logistics providers and requires these entities to report licensure and other information to the FDA annually (see Figure 1). The traceability requirements in effect under DSCSA from 2015 to 2023 generally require products to be traceable at the lot level. A second phase of requirements, to go into effect November 27, 2023, require the interoperable, electronic tracing of products at the package level.

Figure 1 DSCSA in Brief

The DSCSA 2023 requirements are comprised of three specific, but highly interrelated statutory components as outlined below, according to information from The Partnership for DSCSA Governance, a collaborative forum and FDA public-private partnership for developing, advancing, and sustaining a model for interoperable tracing and verification of prescription pharmaceuticals in the US.

Interoperable exchange. Trading partners must exchange required transaction information (TI) and transaction statements (TS) in a secure, electronic, interoperable manner, and the TI must include the product identifier at the package level.

Interoperable verification. Trading partners must be able to verify the product identifier on a package or sealed homogenous case in a secure, electronic, interoperable manner.

Interoperable tracing. Trading partners must maintain secure, electronic, interoperable systems and processes to provide TI and TS in response to a request for it and to promptly facilitate gathering the information necessary to produce the TI for each transaction going back to the manufacturer.

Recent FDA guidance documents

Last month (June 2021), the FDA issued two final guidance documents and two draft guidance documents to help ensure that prescription drugs are identified and traced properly as they move through the supply chain. These guidance documents lay out the FDA’s recommendations for how to comply with applicable DSCSA requirements, including those for enhanced drug distribution security at the package level that go into effect in November 2023.

“Since 2013, when the FDA began phasing in new requirements added by the Drug Supply Chain Security Act (DSCSA), we have helped create a supply chain that is better at preventing and detecting the introduction of illegitimate products,” said Donald D. Ashley, J.D., Director of the Office of Compliance for FDA's Center for Drug Evaluation and Research, in a June 3, 2021 statement. “The new requirements can also enable stakeholders and the FDA to respond rapidly when such products are found. To help our stakeholders understand these requirements, we are issuing guidance documents intended to assist trading partners in complying with the law and achieving a safer, more secure and more trusted drug supply chain. We are also soliciting feedback for further improving the way our drug supply chain operates within the DSCSA framework. We view these guidance recommendations as an important part of implementing the robust enhanced system envisioned under DSCSA.”

Figure 2 highlights the key provisions of the FDA’s recent guidance documents for DSCSA implementation. The first final guidance, Product Identifiers Under the Drug Supply Chain Security Act, Questions and Answers,clarifies industry’s questions on DSCSA provisions that require manufacturers and repackagers to put a product identifier on drug packages. This includes the product national drug code (NDC), serial number, lot number and expiration date on each package and homogenous case of product, in human- and machine-readable form. The machine-readable form is generally a two-dimensional data matrix barcode (see Figure 2).

Figure 2 DSCSA

The second final guidance, Drug Supply Chain Security Act Implementation: Identification of Suspect Product and Notification, is intended to aid certain trading partners in identifying a suspect product and specific scenarios that could significantly increase the risk of a suspect product entering the pharmaceutical distribution supply chain. The guidance also describes how trading partners should notify the FDA of an illegitimate product and sets forth a process for terminating notifications of illegitimate product in consultation with the FDA. In addition, this guidance describes when manufacturers should notify the FDA of a high risk that a product is illegitimate (see Figure 2). This guidance responds to comments from stakeholders to clarify certain points and finalizes the remaining draft portion of the otherwise final guidance for industry, Drug Supply Chain Security Act Implementation: Identification of Suspect Product and Notification, which was issued in December 2016.

The FDA is also seeking industry input on two draft guidance documents (see Figure 2). The revised draft guidance, Definitions of Suspect Product and Illegitimate Product for Verification Obligation under the Drug Supply Chain Security Act, lays out the FDA’s current understanding of terms used to define “suspect” and “illegitimate” products. These include “counterfeit,” “diverted,” “stolen,” “fraudulent transaction” and “unfit for distribution.” In response to comments received from stakeholders, this draft guidance revises a March 2018 draft guidance.

The new draft guidance, Enhanced Drug Distribution Security at the Package Level under the Drug Supply Chain Security Act, is intended to assist supply-chain stakeholders, particularly trading partners, with requirements for enhanced drug distribution security at the package level that go into effect on November 27, 2023. This guidance provides recommendations on the system attributes necessary for enabling the secure tracing of product at the package level, including allowing for the use of verification, inference, and aggregation, as necessary. The FDA extended the comment period for this guidance document from August 3, 2021 to September 2, 2021 after requests by the industry to do so. Several industry groups are involved in DSCSA implementation and two, The Pharmaceutical Distribution Security Alliance (PSDA) and the Healthcare Distribution Alliance (HDA), had requested a 60-day extension until October 4, 2021.

PSDA is multi-stakeholder coalition with membership that spans the entire spectrum of the US pharmaceutical distribution system, including biologic and pharmaceutical manufacturers (both brand and generic-drug companies), repackagers, wholesale distributors (primary and secondary), third-party logistics providers, and pharmacies (chain and independent). More than 25 companies are formal members of PDSA while other external stakeholders provide additional policy and technical support through industry trade associations. Among PSDA’s members are the Association for Accessible Medicines (AAM), which represents generic-drug manufacturers, and the Pharmaceutical Research and Manufacturers of America (PhRMA), which represents innovator, research-based bio/pharmaceutical companies. Member innovator companies include AbbVie, AstraZeneca, Bayer, Bristol-Myers Squibb, Roche’s Genentech, GlaxoSmithKline, Johnson & Johnson, Merck & Co., Novartis, and Pfizer. Generic-drug companies that are part of PSDA include Apotex, Upsher-Smith Laboratories, and Viatris. Fresenius Kabi is also a member. HDA represents primary pharmaceutical distributors.

Blueprint for 2023 interoperability

Last month (July 2021), the Partnership for DSCSA Governance (PDG), an industry consortium of more than 60 pharmaceutical supply-chain stakeholders and a public-private partnership with the FDA, released an initial framework, The Foundational Blueprint for 2023 Interoperability, for implementation of the DSCSA’s 2023 interoperability requirements across the pharmaceutical supply chain. The blueprint documents important compliance requirements and business requirements to support the effective, efficient implementation of the DSCSA’s 2023 requirements. Specifically, the blueprint addresses baseline requirements for the exchange of serialized transaction information, product identifier verification, product tracing, and trading partner credentialing.

The blueprint is a product of more than a year of discussion and consensus development among PDG’s more than 60 members representing innovator and generic manufacturers; large and mid-sized wholesale distributors; third-party logistics providers; chain, independent, and health system pharmacies; and technical experts in the DSCSA field. While PDG's work does not carry the force of law, it is intended to serve as a tool that can be used and adopted throughout the pharmaceutical supply chain by PDG members and non-members. As such, the group is seeking broad industry feedback on the blueprint and is simultaneously rolling out a process by which stakeholders may request revisions and additions to PDG documentation. To further encourage dialogue and collaboration across the bio/pharmaceutical industry, PDG will host a series of public workshops to discuss the content of the blueprint and next steps to continue progress toward successful implementation of the compliance and business requirements defined in the blueprint.