On December 5, LSPedia hosted its latest DSCSA webinar, “Four Steps to DSCSA Stabilization.” The event had three parts: An overview of DSCSA requirements, including the measures that came into enforcement on November 27, 2023 and the FDA’s stabilization policy; a panel discussion on major questions surrounding DSCSA compliance in 2024; and a wide-ranging Q&A, where the panelists addressed questions sent in by the hundreds of people who tuned in.
In this post, we’ll cover the DSCSA overview, from the presentation by compliance expert Tish Pahl.
Tish Eggleston Pahl is a principal at Olsson Frank Weeda Terman Matz PC. She is regulatory counsel to drug, cosmetic, dietary supplement, and food clients with concerns before the Food and Drug Administration, the Federal Trade Commission, and other federal agencies. Since November 2013, Tish has worked closely with pharmaceutical supply chain stakeholders, including manufacturers, repackagers, and wholesale distributors, on DSCSA implementation.
It’s important to understand that even though we’re past the November 27, 2023 deadline, Pahl still divided topics into before and after that date. This is because there’s an important distinction to draw that can influence the path of a given company’s compliance effort.
Trading partners may still be working to stabilize and ensure full interoperability regarding the Enhanced Security measures that came into effect on the deadline, with FDA forgoing enforcement for noncompliance only on condition of continued progress toward getting them done. That’s what the Stabilization Period is for – it assumes you’ve already met the basic requirements and are using this year to fix the more complex requirements, which means testing and polishing your systems with your trading partners.
However, trading partners are expected to already be compliant with the requirements that were in place before November 27, 2023. Let’s start by recapping those, which Pahl characterized as “Things you should already have been doing.”
- Only do business with Authorized Trading Partners.
- Have systems in place for verification, with the ability to
- Have a product identifier for all drug packages and homogenous cases, unless dealing with product that is subject to grandfathering, waivers, exceptions, or exemptions by the FDA.
- Provide, receive, and maintain lot-level transaction data when exchanging product with trading partners. Transfers of product will include 3Ts: Transaction Information, Transaction History, and Transaction Statement, delivered via Advanced Shipping Notice (ASN) or through an online portal.
- Respond to government requests for information by providing lot-level transaction data.
- Dispensers can only return products to the trading partners they purchased from, and their seller must associate the return with transaction data.
- Manufacturers and repackagers must be able to respond to requests from authorized trading partners to verify product identifiers.
- Retain transaction data related to suspect/illegitimate products for six years.
These will be enforced by FDA and state regulators, with violations incurring seizure, injunction, criminal fines and penalties, and other measures. She also noted that trading partners can (and many are already) setting other incentives for compliance, including contractual obligations and supply agreements; violations can incur product liability or class action challenges, and can seriously hurt the reputation of the company responsible. As examples, Pahl referenced the FDA warning letter to Safe Chain Solutions (detailed in our July 5 post) and the indictment of Steven Diamantstein (detailed in our June 30 post).
Now, let’s look at the requirements that were added on November 27, 2023. These are often referred to as “Section 582(g)(1)”, “package-level”, “enhanced drug distribution security” or simply “2023” requirements.
As the FDA has noted, these requirements can be satisfied by Electronic Product Code Information Services (EPCIS) files with accurate product identifiers for each package; exchanging serialized data in EPCIS enables package-level tracing.
The FDA stated that it “generally expects” trading partners to have systems and processes in place to meet all – old and new – requirements now. That is, after the deadline of November 27, 2023.
The FDA does not intend to take action to enforce the Enhanced Security measures for one year – if its expectation is met that trading partners are not slowing or stopping their efforts to become compliant. The administration expects continued use of current methods to exchange and store transaction data, investigate and report suspect or illegitimate product, and handle saleable returns. In short, don’t give regulators a reason to think you’re reversing course! If you meet all the previous requirements and are making progress on the new ones – that is, stabilizing – you’ll be fine.
Additionally, Pahl noted that the FDA also issued its Verification Compliance Policy, extending the following measures through November 27, 2024:
Finally, Pahl mentioned that the Center for Drug Evaluation and Research (CDER)'s NextGen Portal –a site where companies can send information to the FDA – was updated to feature a portal where trading partners can send in Drug Supply Chain Security Act (DSCSA) information. The portal can be used to confirm basic information and points of contact for trading partners, notify trading partners of messages from the FDA, respond to these messages, and upload documents. It’s available here.
We’ll be back soon with a look at the panel discussion, in which Pahl and LSPedia VP of Services Rose Campasano were joined by LSPedia CEO Riya Cao!
.svg){kind=icon}
