Part 4: Pharmacy "DSCSA Stuff" - Store Data & Share Data
What Does All This "DSCSA Stuff" Mean to a Pharmacy?
Store Your Data & Share Your Data
In the final blog of this series, we wanted to focus in a bit on more complicated topics of storing and sharing your DSCSA related data as you prepare to ensure system and processes to comply with DSCSA 2023. It is important to remember that DSCSA is primarily an "ownership change" law and generally does not include the dispensing of medicine to patients. The primary focus is to ensure proper documentation on any changes of ownership from the point of packaging (manufacturer/repackager) up to the acceptance of title of the product at the organization considered the "dispenser" based on DSCSA definition. For larger organizations this may be the point of receipt at a central distribution or initial ownership receipt within an organizations "common control".
Note: If you have not already, we recommend adding this FDA DSCSA Policies site to your favorites list as it contains the most recent policies in the form of guidance, rules and notices.
What Exemptions or Exceptions Might Apply?
DSCSA can be complicated depending on the specific scenarios involved in transactions and there are exceptions, exemptions and waivers that may apply. It is always best to seek input from peers, trade groups, standards groups and legal/regulatory counsel where your business determines is needed. For dispensers, if you feel a deeper look at exceptions is needed, there are several areas that you will want to consider and we would recommend starting with a looking at:
1. Section 581-(24) of the DSCSA which outlines transaction exemptions.
2. Section 582-(a)-(3) of the DSCSA which outlines the waivers, exemption and exception process which is further explains in the related draft guidance from the FDA.
3. Section 204-(a)-(2)which outlines distribution or dispensing events that may be excluded.
4. Guidance related to grandfathering of product identifiers (for product packaged before November 27, 2018 that may still be in your inventory)
5. Guidance related to transactions with 1st responders (where transaction is between a trading partner and 1st responder as defined in the guidance)
6. Guidance related to the exemptions and exceptions around the Covid 19 Public Health Emergency
Each of these as well as other parts of the law and guidance contain verbiage that may apply depending on the scenarios involved in the movement of prescription drug product. There is also a significant clarification needed to determine how product which is already in the supply chain prior to November 27th, 2023 should be handled in terms of receiving and sharing related data and we are hopeful that industry groups and the FDA will provide more information as explored further.
When Do I Need to Store Data?
Dispensers are already required to store lot level transaction information through electronic and/or paper documents that should contain sufficient information to meet T3 requirements (Transaction Information, Transaction Statement, Transaction History). On November 27th, 2023, this expands to include the storage of serialized information related to the product identifier barcode and human readable on the applicable saleable unit packaging of products. As you consider how you will meet this data storage requirement, it is important to ensure that you have the sytems and processes in place so that no records are altered or removed without your authorization
Once you have determined that the product and ownership change events require capturing transaction statement and transaction information, you should ensure that you are capturing the data fields outlined in the law which are further explained in the draft guidance on the standardization of data documentation and practices. The methods for receiving this information will likely continue to evolve but the GS1 EPCIS messaging structure is largely being utilized by trading partners as the technical format for sharing transaction information for serialized product. Many larger dispenser organizations are planning to implement track and trace solutions to store this data in their own contracted solution. We expect distributor, 3PL and other organizations may also offer solution options that dispensers can consider for data storage but there is limited time for such options to evolve and stabalize. The important thing to consider is that you are aware your organization is responsible for ensuring their own compliance based on the law so you will want to make sure you are able to capture data from any applicable supplier. You should also ensure that this information is readily available in the event of a suspicious/illegitimate product or other authorized request to share information and that it remains available for up to 6 years from the last transaction or any related product investigation. You should also ensure you have business agreements in place to avoid debate in the event of the need to prove compliance to any data storage related requirements.
The FDA has outlined in draft guidance that only product with matching transaction information and transaction statement at the point of ownership transfer with receipt scanning should be further distributed or dispensed. The draft guidance indicates that product without matching data should be considered potentially suspect until the data can be aligned. Stakeholders from across the supply chain have commented on the related draft guidance to ask the FDA for greater flexibility for resolving complicated data issues when it can be confidently assured that the product is safe so that the product can continue to be accessible to patients. There has also been a request to clarify that stakeholders may utilize aggregation in the transfer to scan parent or upper level barcodes such as cases or pallets and infer the child or saleable unit level records.
When Do I Need to Share Data?
Data sharing related to DSCSA may come in several requested methods from federal agents, state agents or in some cases trading partners. Dispensers should develop policies to help determine when such request require response and if the 48 hour response time is required. We expect further information, standards and guidelines to unfold but here are some of the areas you should consider may involve a need to share T3 data in the event of:
- Sale or change of title to another authorize trading partner organization that will further distribute or dispense to the patient.
- Suspicious/illegitimate product investigation by federal or state agent.
- Fraudulent activity investigation by federal or state agent.
- A product recall information request from federal or state agent.
- Return of salable product to the supplier trading partner (some discussions in industry groups about if/when required).
- When determined needed to respond to or create notifications or terminations for suspect/illegitimate product.
- In the event of the need to demonstrate compliance to state or federal regulatory agents.
In addition to these events more clearly required by DSCSA, dispensers may also consider if there are further instances where they believe data sharing may be required or advantageous. While these events may not warrant being addressed during initial implementations, they may be key considerations for long term viability of solutions or to further enhance their patients safety.
Related Note: NABP recently released their State Regulator Pilot DSCSA report from a pilot to explore state regulator interoperability with a wide industry group which helps outline some of the considerations and gaps being addressed by the industry.
Don't Wait to Start Your DSCSA Journey
We encourage pharmacy stakeholders who may be responsible for DSCSA compliance to consider joining industry discussions in groups such as PDG and GS1 US to further discuss with peers and understand the potential options that are taking shape for addressing these important and still evolving requirements.
We are glad to provide advisory DSCSA service for all sectors of the supply chain and are available to help plan your organization's DSCSA compliance journey.
Feel free to reach out to us through TenCountConsulting.com/contact if you have any questions or just want to chat!