For many businesses across the pharma supply chain, we’ve had to be the bearers of bad news when it comes to FDA enforcement of DSCSA. A surprising number of people in the pharma industry, at all types of businesses and at all levels, cling to the notion that DSCSA won’t be enforced, citing either wishful thinking (“I’m pretty sure we’ll just fly under the radar”) or misinformation (“the FDA always grants enforcement discretion”).
This is understandable, to a point. DSCSA is transformative, and requires trading partners to collaborate in new ways. However, the fact remains that the FDA has stated that it plans to enforce DSCSA audits, that the deadline concludes a well-documented decade-long timeline, and that trading partners have readily available access to solutions that can get them up to speed.
To learn more about what the FDA will be looking for in its inspection procedure, it can help to look at an example of a company that, according to the administration, got it wrong in quite a number of ways.
On June 8, the FDA issued a warning letter to wholesale distributor Safe Chain Solutions, calling attention to “significant violations” of DSCSA’s section of the Federal Food, Drug, & Cosmetic Act, “related to product tracing, verification, and authorized trading partners.” The letter informs Safe Chain that it “observed that Safe Chain did not have adequate verification systems in place […] failed to maintain records regarding suspect product investigations […] and failed to respond to a notification of illegitimate product.” Further the letter states that Safe Chain “engaged in transactions with unauthorized trading partners.”
While the letter alleges particularly egregious behavior behind DSCSA violations – in a matter that has already been the subject of lawsuits for more than a year – it can still be instructive as to the issues that can arise and the level of detail businesses can expect.
The FDA letter informs Safe Chain that it “was not able to demonstrate systems […] to comply with a number of verification requirements required by the DSCSA,” citing an example where a Standard Operating Procedure for verifying suspect or illegitimate products “lacked sufficient detail or instruction to enable Safe Chain to adequately:
The letter goes on to say that the failure “may have resulted in suspect product entering the supply chain rather than the product being quarantined as required,” and that the SOP even contained incorrect information about DSCSA requirements.
Another problem the FDA identified was that, despite having correct SOPs regarding trading partner validation, Safe Chain purchased drug products from wholesalers Gentek and Boulevard 9229, which were not Authorized Trading Partners. Additionally, the latter of these had provided Safe Chain with a fraudulent license: “Therefore, Boulevard 9229 LLC not only failed to report to FDA, but it was also never appropriately licensed as required by […] the FD&C Act.”
This gets very serious, as the FDA notes that, “on multiple occasions, [Safe Chain] was notified that it had received prescription drug products containing different medication than was purported to be present based on the product labeling, making those products suspect product and unfit for distribution.” The letter mentions specific instances where Safe Chain continued buying the HIV medication Biktarvy from Gentek despite having been informed that patients were returning bottles from Gentek lots after realizing they contained a different medication.
From a patient perspective, this is a nightmare, a situation the FDA calls “extremely concerning from a public health perspective given the serious health condition Biktarvy is indicated for.” DSCSA implementation guidance from 2016 specifically warns trading partners against purchasing from a source they “[know] or have reason to believe has engaged in questionable business practices,” in the interest of keeping suspect product out of the pharmaceutical supply chain.
The letter notes that Safe Chain could not provide documentation or records regarding product quarantine, violating DSCSA’s requirement that trading partners maintain records for no less than six years. Further, the firm “could not produce adequate records pertaining to three other suspect product investigations” where it had notified the FDA of illegitimate product via Form 3911. Taken together, the letter takes the position, in essence, that: thanks for filing these, but you needed to be able to back them up so we can tell if you actually quarantined and handled the product correctly.
Just as serious is Safe Chain’s inability to prove that it responded appropriately after being notified of illegitimate product. The letter cites records that indicate the company had been informed of an inconsistency in transaction history, and that it knew a product it received was considered illegitimate. The firm didn’t say whether it had investigated or quarantined the product.
Finally, an interesting section recounts Safe Chain’s actions after receiving an FDA Form 483 warning. The letter asserts that Safe Chain attempted to revise its SOPs after the warning – but the third-party firm it hired put in place procedures that were inconsistent with DSCSA. Safe Chain’s response to the 483 also comes under fire for attempting to use “an ongoing investigation” and an assumption that “the issue was at the retailer/pharmacy level” to justify continuing to buy from a supplier with known product issues.
The letter’s rebuke is sharp, first calling out the failure to conduct investigations where “you may have recognized the inherent risk of these Gentek products to the supply chain,” and then the failure to coordinate with trading partners on the matter, instead relying solely on itself and its attorneys. Aside from the other issues facing Safe Chain, this highlights the need to use trusted, competent DSCSA providers, and the reality that regulatory audits will not accept hand-waved details. Traceability enables, and the FDA will expect, a new standard of compliance.
Now, we should reiterate here that the example of this company is an extreme one. That is, to say the very least, most companies who might have DSCSA concerns are not connected to alleged counterfeiting schemes.
Our caution, then, is largely aimed at those who may be unsure whether, or how, the new rules will apply to them. (For example, if you aren’t properly connecting with your trading partners to investigate products when needed, the records, or lack thereof, can be damaging.) Fortunately, all of the functions that the FDA letter calls out are covered by readily available services. LSPedia’s OneScan provides comprehensive compliance solutions for serialization, verification, Authorized Trading Partners, product investigations, data retention, and even help fill FDA 3911 forms with accurate data.
Essentially, there's no reason to put your company at risk when there are resources available that can get DSCSA done for you quickly, efficiently, affordably – and completely. Get in touch today to learn more.