Software and tech standards advance as pharma traceability deadline looms

The GS1 organization, and its GS1 Healthcare US unit, has been beetling away for years at standards for identifying and locating healthcare products in transit; when the Drug Supply Chain Security Act (DSCSA) was passed last year, that was merely a turn along the road GS1 has been on. For packaging and distribution managers, logistics providers and others in the US drug supply chain, however, DSCSA was a major milestone that set (among many other deadlines) a January 2015 date for having product identification and transaction data available to trading partners.

Now, GS1 Healthcare US has issued an update, Applying GS1 Standards to U.S. Pharmaceutical Supply Chain Business Processes to Support the Drug Supply Chain Security Act. To the extent that trading partners in the pharma supply chain (from manufacturer to hospital or retail pharmacy) want to have interoperable data systems, alignment with the GS1 standards is all but mandatory (FDA has been careful not to specify GS1’s or anyone else’s specific standards, but most of the industry has already coalesced around the GS1 framework).

The new guideline provides additional information on how DSCSA’s mandated “transaction history” and related documents are to be formatted and transmitted between trading partners; it becomes a subset of the existing EPCIS guidelines that GS1 has already developed for pharma application. “The ability for stakeholders to share information at the lot-level, and to identify and trace prescription drugs at the item-level is essential for providing critical transparency and accountability in the pharmaceutical supply chain,” said Siobhan O’Bara, SVP of industry engagement, GS1 US, in a statement. “The new guideline shares the best thinking and practical applications for how to address requirements, while also establishing a solid business process for the pharmaceutical industry as we transition to a fully automated and serialized supply chain.”

The document is available for free download at www.gs1us.org. GS1 Healthcare is also setting up a solution providers page for directing industry managers concerned with DSCSA compliance to telephone contacts; more guidance is scheduled to be released in the near future.

More cloud-based solutions

A new round of IT platform development is gradually taking shape for enabling pharma manufacturers and distributors to comply with the dictates of the Drug Supply Chain Security Act (DSCSA), passed 10 months ago and specifying compliance deadlines as soon as January 1. The newest entrant is Axway (Phoenix, AZ)—a longtime player in pharma track-and-trace issues, and one with a significant installed base already among manufacturers and wholesalers. The new Axway Cloud Global Traceability and Compliance Service (let’s call it Axway GTCS) joins other longtime players in this field, such as TraceLink (Wakefield, MA) and rfXcel (San Ramon, CA), in providing a cloud-based system for acquiring serialization data coming off packaging lines, aggregating it at the enterprise level, and then making it available for reporting out to trading partners and regulators.

“We thought long and hard about cloud services with the necessary safety and security, because DSCSA includes highly sensitive transaction data between trading partners that could be leveraged for unfair competitive advantage,” says Atif Chaughtai, director, healthcare solutions, at Axway. GTCS is in the process of being implemented at Amneal Pharmaceuticals (Bridgewater, NJ), whose co-CEO, Chirag Patel, touts the benefits of avoiding the cost and complexity of an on-premises IT implementation that cloud-based services provide. “With Axway Cloud Global Traceability and Compliance Service, we not only have the peace of mind that we’re going to be compliant with the progressive regulations that are being put in place, but also that we’ll be able to do so while saving time, money and resources,” he said, in a statement. (Even so, for clients who desire it, Axway will offer an on-premises version.)

According to Chaughtai, Axway is making several specific distinctions in how it’s providing its service. Like TraceLink, Axway is using Amazon Web Services (AWS), but in a private-cloud version (AWS offers multiple levels of service and security). GTCS is being set up as a single-tenant version, which means that each client gets its own version of the software service that will be maintained by Axway. In addition, Axway is applying its own API Gateway service, which is an added security measure to ensure that applications are protected from intrusion. GTCS is both EPCIS-certified (the communications standard established by the GS1 organization) and compliant with 21 CFR Part 11, an FDA requirement for data integrity and digital signatures. “We worked closely with clients to define the service,” says Chaughtai, “and were told that while cloud-level security is important, Part 11 data integrity is even more so.”