FDA releases more guidances for complying with DSCSA

Nicholas Basta

“Aggregation” and “inference” are specifically allowed, under draft guidance

On June 3, FDA released four guidance documents (two final, two draft) for resolving at least some of the nagging issues that industry has been wrestling with since the passage of the Drug Supply Chain Security Act (DSCSA) in 2013. FDA has delayed enforcement of a number of interim requirements to November 27, 2023, the nominal date when a fully interoperable electronic system for sharing product and transaction data for nearly every pharma package in commercial distribution is to be in effect.

The two finalized guidances, “[DSCSA] Implementation: Identification of Suspect Product and Notification” and “Product Identifiers Under [DSCSA] Questions and Answers” provide fairly straightforward answers for a number of questions that have cropped up; for example, because some drug packages require a linear barcode on their label, the DSCSA-mandated 2D barcode will not be a replacement.

One of the draft guidances, “Definitions of Suspect Product and Illegitimate Product for Verification Obligations under [DSCSA]” provides some color around the terms “counterfeit,” “diverted,” “stolen,” subject to a “fraudulent transaction” or “unfit for distribution”—all fairly straightforward. The other draft guidance, “Enhanced Drug Distribution Security at the Package Level” is the gold mine of guidance that industry has been seeking for years.

One key element of this is FDA’s acknowledgement that aggregation (accumulating multiple individual package identifiers under one case) and inference (assuming that the individual package identities are correctly tied to the case-level ID) are explicitly permitted. “Because it appears to be an essential process in trading partner daily operations of supply chain and data management, whether manual or automated, FDA supports the use of data aggregation.” Also: “A trading partner should only use inference when it receives pallets or homogeneous cases with aggregated data if the integrity of the unit is intact—in other words, the tamper-evident tape or wrap, or other security seal, has not been broken.”

An even bigger element of this guidance is FDA’s acceptance of how industry intends to collect, store and transmit product and transaction information. “FDA supports a distributed or semi-distributed data architecture model because either model can allow each trading partner to maintain control over its own data.” For years, there has been wrangling over whether transaction data needs to be collected in one place for each product shipment, regardless of how many trading-partner transactions have occurred; this language seems to support the stance of the Healthcare Distribution Alliance (and others) for a “one up, one down” system where each trading partner stores data on whom it bought product from, and whom it sold product to. In the event of an investigation, FDA (or others) are supposed to be able to go to each trading partner in a chain of transactions and obtain the necessary information all the way back to the manufacturer.

The one-up, one-down scheme does put the onus on the entire pharma supply chain, from manufacturer to wholesaler to third-party distributor to enable a comprehensive tracing system to function. That remains a challenge, but one that most industry experts believe is realizable.

The “Definitions” guidance has a 20-day comment period (ending roughly in early July); the “Enhanced Drug Distribution” guidance has a 60-day comment period. All these guidances are accessible via the FDA announcement.

— Nicholas Basta is Editor Emeritus and Founder, Pharmaceutical Commerce