With the start of the new year, pharmaceutical companies now have less than two years for full compliance and interoperability as dictated by the Drug Supply Chain Security Act (DSCSA). Serialization at the unit dose has already been in full effect for manufacturers since November 2018. Companies in the pharmaceutical supply chain are now facing the challenge of successfully communicating EPCIS data amongst their respective trading partners.

Part of the challenge around data interoperability lies in the fact that dozens of software and serialization solutions providers exist, with thousands of trading partners in the pharmaceutical supply chain—each hosting their own data. Some progress has been achieved in connecting these systems, primarily amongst drug manufacturers and distributors. However, the process has proven to be lengthy, labor-intensive, and unvarying in many instances.

On June 3, 2021, the FDA released documents called the “Enhanced Drug Distribution System – EDDS” or Draft Guidance.¹ The documents intended to provide the industry with some clarity on important points, including data interoperability, identification of suspect product and notification, together with more precise definitions of suspect and illegitimate products, and more information around product identifiers under DSCSA.

Although it clarifies to some crucial points, this much-awaited guidance also raised the controversial topic of the FDA’s preference for a semi-centralized database model for tracing pharmaceutical products, per DSCSA requirements. Upon the EDDS release, the Healthcare Distribution Alliance (HDA) requested additional time to analyze and comment on the draft. On August 31, 2021, its response was published in a 37-page document,² with the association “respectfully requesting that the Draft Guidance be withdrawn in its entirety.” The main area of disagreement presented by the HDA is around the interpretation of what the FDA considers interoperability and its potential intent for implementing a semi-distributed database approach—one which, as the HDA puts it, is “contrary to what Congress enacted in the DSCSA, is unprecedented in scope, does not preserve confidentiality as the statute requires, and is in excess of agency authority.”

Different database models and approaches
Throughout the last eight years, the pharmaceutical industry has used the decentralized (or distributed) model for DSCSA data storage and interoperability. In this model, trading partners maintain their data in their own local database or their solutions provider’s database. Product tracing and verification is achieved by querying the multiple databases.

With a centralized system, trading partners provide data into a central data repository (database). Whereas in the semi-centralized (or semi-distributed) model, trading partners would maintain data into a few centralized databases or solutions provider’s databases.

The latter approach would create new technical requirements and challenges, which would certainly not be achievable prior to the federal deadline for DSCSA compliance on November 27, 2023. If a semi-centralized database were to be implemented, pharmaceutical companies would not only need to transmit data horizontally to its trading partners, but also upload transactional data “upwards” to a database managed by the FDA and/or other entities—an approach which would require a significant change in the workflows currently in place.

Nonetheless, the main concern expressed by the HDA was around data security, specifically around proprietary information which wholesale distributors wish to preserve. As noted in its response to the Draft Guidance:

[T]he DSCSA recognizes the confidentiality of transaction data and permits or requires a trading partner to protect those data from disclosure. A trading partner does not control or otherwise have unfettered access or visibility to the data of other trading partners except to the extent it received those data from a trading partner or passed those data to a trading partner as part of a transaction between the companies.

Possible motives for a semi-centralized approach
One can infer that the FDA’s goal with a semi-centralized database approach is to facilitate finding suspect and illegitimate products in the pharmaceutical supply chain and improve and shorten the process of a product recall – which today may take weeks or months to achieve.

Although it may seem like a legitimate reason for introducing such an amendment on the technical structure for DSCSA compliance, even if it were to be accepted by the industry, which is highly unlikely, it would not come as an easily applied change. In its response to the Draft Guidance, the HDA states:

[I]t seems, the “goal”, is for the FDA or a trading partner to be able to initiate a single tracing request for a product identifier via the “system” which will somehow query all systems in the pharmaceutical supply chain, that are somehow all linked or networked, and return all transaction data associated with that product identifier.

In reality, the current decentralized structure used in the pharmaceutical supply chain is far from the “one-button” approach the FDA so many desires. Presently, in order for the FDA to trace products and transactions, it must do so by querying each database individually.

For the layman, a semi-centralized structure may seem very appealing and achievable. For instance, a similar approach is being used in Europe with the Falsified Medicines Directive. In this case, trading partners are connected to central databases at the national level. It is essential, however, to distinguish that FMD is only intended to verify the product’s authenticity via scanning a barcode at the time a drug is being sold or dispensed—it does not provide product tracing as it moves throughout the pharmaceutical supply chain.

DSCSA was drafted to be much more comprehensive and provide more in-depth information about product movement and its lifecycle in the supply chain. As an example, once serialization is fully implemented, product recall processes will be much faster, regardless of having a centralized, semi-centralized or distributed database structure.

Outlook for the future of DSCSA implementation
On November 16, 2021, the FDA held its public meeting in which the Enhanced Drug Distribution Security was a primary topic of discussion.

During the meeting, Connie Jung, FDA’s Associate Director for Policy and Compliance, reinforced the agency’s preference for a semi-centralized database approach, although not as optimistic as earlier in the year: “When we talk about a centralized model, that is everything going into one place, and it does not look like this will happen. And we will not be fully decentralized.” However, Jung also acknowledged that there has been some confusion and misunderstandings about the different models.

Instead of dwelling on database models for DSCSA compliance, the public meeting focused on other important topics, addressing coverage for what types of products fall under the federal regulation. For example:

[B]lood or blood components intended for transfusion, radioactive drugs or biologics, imaging drugs, certain products for intravenous administration, medical gas, homeopathic drugs and compounded drugs are not subject to DSCSA’s track and trace requirements. The law also exempts the transfer of products between distributors, distribution among hospitals under common control, public health emergencies, and drugs dispensed pursuant to a prescription.

The public meeting also debated critical topics, including a forthcoming FDA industry guidance on data interoperability standards for DSCSA compliance and the possible role of GS1 in creating a central hub for product master data management—an issue which has caused considerable delays in interoperability. Perhaps more importantly, Jung reassured that the industry needs to “get serious” and focus on the fast-approaching November 2023 deadline. Although the industry has suffered delays caused by the global Covid-19 pandemic, some progress has been achieved in the last couple of years. Jung acknowledged that the industry will need to ramp up its efforts in order to achieve full compliance in 2023 but expressed optimism for the coming years nonetheless. 

References

1. Enhanced Drug Distribution Security at the Package Level Under the Drug Supply Chain Security Act; Draft Guidance for Industry; Availability; https://www.federalregister.gov/documents/2021/06/04/2021-11734/enhanced-drug-distribution-security-at-the-package-level-under-the-drug-supply-chain-security-act
2. HDA Comments on EDDS Guidance; https://www.hda.org/~/media/pdfs/government-affairs/HDA-Comments-on-EDDS-Guidance.pdf