Ramping Up DSCSA Readiness Efforts

The old truism that the US pharmaceutical supply chain was essentially impervious to counterfeits and illicit diversions has crashed against the realities of the COVID-19 pandemic and its aftermath. No, the US is not awash in counterfeits; but there are “dark corners” of the supply chain, from manufacturers all the way through to the delivery vans bringing drugs to a local clinic or pharmacy, that are not as reliable as they once were. There is also an appetite, brought on by all the controversy over COVID vaccines and therapies, for individual consumers to go their own way in choosing medications—buying from unreliable online pharmacies, or accepting treatments outside FDA’s purview.

“With the disruptions brought on by the pandemic, the urgent needs for COVID-19 therapies and other medications around the world, the readiness of counterfeiters to step in, and now the Russia-Ukraine war, the pharma supply chain has become a Wild West,” says Greg Cathcart, CEO of Excellis Health Solutions, a Drug Supply Chain Security Act (DSCSA) and supply chain consulting firm (now a part of NNIT, a global information technology company). “These disruptions have given drug diverters plenty of room to operate in.”

All this is happening just as the crowning achievement of pharma supply chain managers and regulators—the 2013 DSCSA—reaches its 10-year culmination.

By Nov. 27 of this year, all participants in the US’ pharmaceutical supply chain—manufacturers, wholesaler/distributors, pharmacies, and even certain logistics providers—are supposed to have a comprehensive, interoperable electronic-data system that enables drug packages to be tracked by individual identities, from maker to dispenser.

Rising risks

Data from multiple sources show the heightened threats the global pharma supply chain is under. The Pharmaceutical Security Institute, in its annual summation, counted 5,987 counterfeit incident reports in 2021 (the latest year studied), up 38% from the year before; over 40% of these were in North America. The BSI Supply Chain Risk Insights Report, published in January, found higher levels of thefts of all types (facility, container, vehicle, etc.) but one, and also reported that pharmaceuticals were the second-highest product type (behind food) subject to vehicle hijackings. In the US, it’s worth noting that FDA’s Office of Criminal Investigations had a very active 2022, with new announcements of thefts, diversions, and financial improprieties occurring almost daily (although it should be recognized that a significant number of these involve controlled substances).

These sorts of worries have elevated supply chain risk management to the highest executive levels in pharma. “The escalation of supply chain and digital supply chain risk up the c-suite agenda means that today there has to be a proactive approach, from the outset to the procurement of supply services,” says Mark Brown, a global managing director at BSI, in its 2023 report. “You can’t just go for the lowest cost—you have to assess the situation and understand that sometimes the lowest cost may increase risk and potentially harm your organization.”

Having “situational awareness” in real time is the essential capability to control risk and manage theft or misdirected shipments, according to Barry Conlon, CEO of Overhaul. The company was an early developer of software systems that could unite, for example, temperature readings of a cold-chain pharma shipment with truck-mounted location devices, and assemble these data to enable a physical intervention to redirect a shipment or recharge refrigerant. The company recently acquired FreightWatch from Sensitech, the Carrier Corp. division that specializes in temperature monitoring hardware. Conlon says that the FreightWatch acquisition broadens Overhaul’s global reach. “In 2022, our interventions resulted in $250 million worth of recovered product, and it should be emphasized that every dollar in saved product represents $9 in avoided cost for product replacement, litigation, and the like,” he notes.

There has been a small explosion in recent years in IT systems that can aggregate supply chain data and present it to logistics managers or shippers—these include ParkourSC, Roambee, Controlant, and others. Conlon says that a distinction can be made between service providers based on software only (like Overhaul), offering to interface with any sensor or tracking device, and those that offer a combination of the two. However, a common problem in the industry is getting cooperation from the hardware vendors (which could in fact include container suppliers that mount their own hardware), freight forwarders, and IT providers.

Automate, or else

Manufacturers have already invested billions to imprint 2D barcodes on packaging, meeting an earlier DSCSA mandate; now, many of them are investing in case packing automation to enable them to aggregate case data, and for wholesalers to infer the contents of cases without opening them. (Technically, this is not a DSCSA requirement, but wholesalers have been adamant that their highly automated processes would break down without aggregation/inference, and a couple years ago, FDA essentially blessed this process.)

Upsher-Smith Laboratories, a Morton Grove, Minn. manufacturer, recently opened a new “Plant C” that brings together new serialization capabilities. “We’re still pulling it all together,” says Adam Conlon, associate VP of operations, while noting that Upsher-Smith makes not only its own branded products, but also brings in product manufactured by contract manufacturing organizations (CMOs), and, with the new capacity, is planning to become a CMO for others. “We wouldn’t mind having more time for the DSCSA deadline, but we plan to be compliant by then.”

Tim Donelson, director of serialization and manufacturing IT at the company, notes that Upsher-Smith took a two-phase approach, selecting Optel Systems for barcoding technology earlier, and now has case-packing machinery on order for delivery later this year. Uhlmann bottling equipment is doing both serialization and aggregation on certain lines. Some packaging lines will have a semi-automated aggregation process, including 2D “helper” codes to manage bundles of product, adds Donelson.

Conlon says that the company, besides being able to serialize its own production, that of its CMOs, and eventually for clients for whom it is a CMO, hopes to gain value by better management of quality control, and linking to an IT system for electronic batch records. All these operational and compliance capabilities are grounded in the Advanced Track and Trace for Pharmaceuticals (ATTP) system from SAP.

Countering counterfeits

Harm is certainly on display for Gilead Sciences, which has concluded multiple sets of litigation against multiple pharmacies and so-called “fly by night” distributors who were either involved in selling and reselling diverted or counterfeit HIV medications, as well as fraudulently taking advantage of a free-drug distribution program supported by Gilead. In February, a federal jury convicted the head of Minnesota Independent Cooperative of selling diverted or counterfeit Gilead HIV and hepatitis C medications worth over $150 million; in March, a default judgment was granted by a Florida federal judge against Baikal Marketing Group and others amounting to $175 million for the free-drug program abuse. Last year, another diversion/counterfeiting case, involving dozens of parties in 10 states, led to an injunction under the Lanham Act, which allows brand owners like Gilead to seize counterfeits prior to resolving legal actions.

“Gilead uses various measures to help ensure safe and secure supply of its products, including having authorized pharmaceutical distributors of record, as well as utilizing anti-counterfeiting technologies,” notes a company spokesperson. In some of the investigations, DSCSA-mandated product codes and transaction documentation were key evidence. In fact, the company is critical of the DSCSA rule specifying the “sunsetting” of the Transaction History record, one of three types of tracking reports defined by the law; it would prefer to maintain this record after its November expiration, to help it track its products’ distribution.

Protection by packaging

Long before DSCSA or any data-driven tracking process, the pharma industry has used a wide variety of anti-counterfeiting measures to protect its brands. Broadly speaking, these techniques—which are widely used in consumer goods and other markets—can be overt (recognizable by the end customer), covert (hidden but identifiable by inspectors), or forensic (verified by laboratory analysis, often with a view toward building a legal case).

Most of these techniques involve the packaging or containers of pharma products (some have been proposed for the products, such as pills, themselves). Thus, security printing or microprinting has been applied; holograms have been embossed onto packages, and taggants incorporated into packaging paper or ink.

One example is Schreiner MediPharm, which provides labeling technology for manufacturers of products in vials or syringes. In the past year, it has introduced Syringe-Closure-Wrap (for prefilled syringes) and a similar tamper-protection label for vials. In both cases, the labels clearly show if the container has been opened (in cases where counterfeiters might reuse the container); other security features can also be incorporated into the label.

A new offering might be in the works for Sicpa, a provider of security inks. Last year, it announced an expanded partnership with UbiQD, a Los Alamos, NM developer of quantum dot (QD) technology. QDs are nanomaterials that exhibit the effects of individual atoms—in this case, photoluminescence that can be “tuned” to various colors. That combination of properties creates possibilities for uniquely identifying commercial products in a near-impossible-to-replicate manner.

Nanomaterials are also the target of TruTag Technologies, which has been offering a microporous silica particle that can be encoded and then authenticated. The particles, qualified by FDA as “generally regarded as safe,” can be combined with excipients into drug formulations. The company has announced a partnership with Gerresheimer, the Dusseldorf manufacturer of glass packaging. In this case, however, Gerresheimer is seeking to incorporate the TruTags onto the glass packaging surface, initially for cosmetics products.

In January, TruTag also announced the formation of a Smart Medicines Advisory Board, to accelerate development in the pharma field.

“Smart” is a recurring theme with pharma labeling and packaging, with various vendors or collaborators seeking to combine product authentication with tracking, medication adherence, clinical-research data gathering, and other applications. The use of radio-frequency identification (RFID) labels is one element of these smart applications. Such efforts are promising but seem to be limited by the significant coordination needed between different internal groups at pharma companies. Moreover, “Going beyond the steady amount of packaging authentication activity in the industry today is limited by the multi-million-dollar contracts for DSCSA readiness,” says Excellis Health’s Cathcart.

Finishing the job

Even though compliance with DSCSA is a mere seven months away, critical programs are still being finalized. In late 2022, the GS1 US Healthcare organization published Release 1.3 of “Applying GS1 System of Standards for DSCSA and Serialized Interoperable Traceability,” adding to the Release 1.2 document published in 2016. Tracy Nasarenko, director of community engagement at GS1 US Healthcare, explains that the 1.2 document should still be the starting point for new participants in DSCSA compliance; Release 1.3 includes refinements or enhancements on applying GS1 terminologies, and includes how to encode “22 serialized supply chain choreographies” in XML—the latter coming from workgroup discussions on how supply-chain events should be handled.

Looking at the concerns expressed by the 50 or so organizations participating in the GS1 workgroups, Nasarenko comments that learning the nuances of EPCIS standards, including the “common business vocabulary” (CBV) by which information is transmitted, will be an ongoing exercise for the pharma industry. “Communicating the right master data (i.e., the basic descriptions of what a product is and who made it) is causing issues,” she says. Use of the GS1-defined “GCP” (GS1 company prefix) is still a ‘work in progress.’”

Another group active in developing guidance to help the industry is the Partnership for DSCSA Governance (PDG), which brings together representation from manufacturers, wholesalers, dispensers, and solution vendors (FDA also sits in on the deliberations). In February, PDG released four chapters of a “Foundational Blueprint for DSCSA Interoperability,” addressing practical matters of transmitting information among trading partners.

“The expanded Blueprint is a critical milestone and will significantly contribute to the industry’s efforts to achieve DSCSA interoperability by the November deadline,” says Eric Marshall, PDG executive director. “While the Blueprint does not carry the force of law, it does represent the consensus best thinking of more than 60 of the nation’s leading DSCSA stakeholders.”

A third resource arises from the pharmacy community, specifically the National Association of Boards of Pharmacy (NABP). In March, the group announced that it will be launching the Pulse online service this summer to assist pharmacies (especially small ones that lack IT resources) in meeting their DSCSA responsibilities. The service, open to all pharmacies registered to their states’ pharmacy boards, will enable them to connect with their trading partners and to respond to tracing requests that might come in from regulators. Pulse “will provide access to user-friendly tools and a comprehensive network of verified relationships, enabling consistent communication with trusted trading partners of all sizes across the supply chain,” says Al Carter, NABP executive director.

The plight of small pharmacies has been an ongoing concern of DSCSA observers; warning signs have been flashing for years on this part of the pharma supply chain. In December, the American Pharmacists Association wrote to FDA, requesting an official finding from the agency that “enforcement discretion” (i.e., a delay in enforcement) would be allowed for pharmacies, in part because of FDA’s own tardiness in completing assessments and guidances.

However, the pharmacy community has not been standing still. Numerous hospitals and health networks have been installing software and systems for DSCSA compliance within their pharmacies. Most recently, Renown Health Foundation, a 150-site network in northern Nevada, has selected rfxcel’s DSCSA software. “This will enhance Renown’s ability to help protect patients from exposure to drugs that may be counterfeit, stolen, contaminated, or otherwise harmful,” says an rfxcel statement.

“Dispensers have entered the DSCSA discussion later in the game, and as a result, some of their unique needs were not well highlighted until recently,” says Herb Wong, rfxcel marketing manager. The company has also been participating in NABP-sponsored workshops for pharmacies this year.

One might have the impression that the private-sector solution providers—of which there are quite a few—is waiting for these consensus documents to be adopted before writing code that carries them out, but the reality is that many solutions are on the market. Vendors such as TraceLink, rfxcel, LSpedia, Systech, Axway, Covectra, and others voluntarily collaborated with the Healthcare Distribution Alliance a couple years ago to ensure that a verification router service (VRS) could be used to verify the authenticity of saleable returns at distributors.

Another industry-sponsored group, the Open Credentialing Initiative, is addressing the ongoing problem of verifying the identities of parties that might show up as authorized trading partners in DSCSA communications networks. Legitimate pharma supply-chain trading partners want to prevent the incursion of unauthorized or illegitimate parties, as well as to ensure that information requests are correctly routed.

One fairly new DSCSA-compliance vendor participating in the Open Credentialing Initiative is Trust.med. The company is developing a new approach to both trading-partner verification and to establishing EPCIS-compliant messaging, according to Dan Kraciun, CMO, VP operations. He explains that several years ago, Trust.med’s parent established ownership of the “.Med” top-level domain (TLD) with ICANN, the international body that standardizes the World Wide Web. When a DSCSA trading partner establishes an account with Trust.med, Trust.med can, in turn, establish webpage addresses (URLs) not just for that trading partner, but for each product it has. In effect, Trust.med uses the machinery of the internet to manage the security and the interoperability of DSCSA compliance.

Creighton says that Trust.med has lined up a handful of clients so far; he also emphasizes that Trust.med needn’t be looked at as an alternative to existing DSCSA software implementations, but as a complement that can extend them more efficiently.

Looking for exceptions

One of the biggest worries currently in the industry is handling exceptions—cases where product identities cannot be read, or incorrect or incomplete information is transmitted during a transaction. The concern is that for minor or innocent reasons, a shipment might be held up or rejected until the data flaw can be corrected.

One solution vendor, LSPedia, is continuously updating a software module specifically for exceptions management, called Investigator. According to Riya Cao, CEO, AmerisourceBergen chose to implement this solution to avoid setting up a call center of nearly 100 personnel to anticipate manually handling exception queries. With Investigator, exceptions are automatically analyzed and predetermined responses, such as sending an email query to the appropriate trading partner, are generated. “These automatic processes can reduce the time to resolve exceptions from days to minutes,” says Cao. The company is currently about halfway through a multi-week pilot to gather more instances of exceptions and to broaden its applicability to more supply-chain participants. On top of that, LSPedia plans to add business-intelligence tools to Investigator so that a user could evaluate the quality of DSCSA data a manufacturer is providing.

“Eventually, higher-quality DSCSA data will become a competitive advantage,” adds Cao.

LSPedia also figures in an intriguing application of DSCSA capability—the so-called “value-beyond-compliance” goal that early promoters of DSCSA technology touted as the eventual payoff for the substantial investments the industry has made. In January, LSPedia announced a partnership with a company called Workd, whose software, MedMover, enables organizations to optimize matching-product sales with complementary products or services—the sort of capability Amazon provides to its users with its “recommendations” for follow-on purchases.

According to Cao, MedMover will analyze DSCSA’s item-specific data and suggest other products a wholesaler, for example, might recommend to its customers.

It’s hard to get too excited about such value-beyond- compliance applications when so much of the industry is struggling to get its basic DSCSA tasks in order. But those applications give a glimpse of a future pharma supply chain that is more secure, more responsive, and more cost-effective.

— Nicholas Basta is Editor Emeritus and Founder of Pharmaceutical Commerce.