In this article of the dispenser DSCSA (Drug Supply Chain Security Act) compliance educational series, we will address two common questions that dispensers ask, now that we have 18 months left on the 10-year rollout of DSCSA compliance by the FDA.
Who Will Be Policing DSCSA Compliance on Nov. 27, 2023?
Federal and State Government Authorities Validating DSCSA Compliance Data
Federal and State Government Authorities: Most dispensers are unaware, despite repeated FDA presentations, the Office of Inspector General (OIG) February 2020 dispenser compliance report, and numerous state boards of pharmacy quarterly board meeting actions, that there are a series of DSCSA compliance requirements that you and your pharmacy team are responsible to comply with today to be able to provide data and information under a 48-hour clock. See the ComputerTalk May/June 2022 article entitled, “What Is DSCSA and What Do Pharmacists Have to Do Today to Comply?” for an overview of the first five requirements.
While federal and state authorities were performing DSCSA compliance inspections before the COVID-19 pandemic, all government authorities reduced their inspections to emergency situations only during the pandemic to respond to known or suspected illegitimate prescription product issues.
On Feb. 2, 2022, the FDA announced that, effective Feb. 7, 2022, the agency’s normal domestic supply chain compliance inspections would resume.
In this announcement, the FDA stated it would be using “alternative tools and remote assessments,” which means electronic communications with dispensers to perform tabletop audits and inspections would be allowed. Prior to this announcement, all federal inspections had been conducted as physical inspections.
As explained in the second article in this series, which appeared in the July/August 2022 issue of ComputerTalk, the last of five of the 10 requirements are to be met by Nov. 27, 2023, and state and federal authorities will allow the use of tabletop audits and inspections for all 10 requirements.
Three Commercial Parties Validating DSCSA Compliance Data
Commercial Parties: Three commercial parties are validating DSCSA compliance data with dispensers today and will probably use tabletop audit and inspection tools effective Nov. 27, 2023.
The three commercial parties are: manufacturers providing salable returns credit, which will require that three sets of dispenser and Rx product DSCSA compliance validation data be provided to preapprove a salable returns-certified shipment to their verification router service (VRS) provider; PBMs (pharmacy benefit managers) conducting product validation by requesting advance ship notice (ASN) and soon-to-be-used electronic product code information services (EPCIS) data audits for accuracy — that is, the original ASN transmission history/information/statement validation; and credit card remote transactions use validation for dispenser merchant validation by associations such as National Association of Boards of Pharmacy (NABP).
The federal and state government authorities’ and commercial parties’ requirements today and the additional requirements for Nov. 27, 2023, are depicted in this chart.
What Are My Dispenser Options For DSCSA Compliance?
Since the majority of manufacturers and wholesalers have outsourced specific or large portions of their DSCSA compliance tasks to third-party service providers, the dispenser community has not to date followed suit, except for the retail chain market segment. One limitation for all supply chain trading partners is that most of those service providers provide software or standard operating procedures templates only. Dispensers need a full range of services to meet their current five requirements and all 10 requirements by Nov. 27, 2023. Now the question is, what will dispensers do to comply who have not already outsourced to a third party during the COVID pandemic?
The dispenser community has three broad-stroke options:
(1) Internal Model: Internally staff and train to meet all current and Nov. 27, 2023, requirements, which require three to four staff members (not full-time, but part-time) perform daily, weekly, and monthly DSCSA compliance tasks, as summarized in The Pew Charitable Trusts reports starting in 2014, entitled, “Timeline for the Drug Supply Chain Security Act.”
(2) Hybrid Model: Internalize the nonelectronic transmission tasks and outsource the electronic transmission task to a third-party service provider or license software to run the electronic transmission tasks. In a hybrid model you might also choose to blend internal staff-assigned tasks but outsource others, e.g., federal and state suppliers licensure and certification monitoring. The cost and staffing requirements for a hybrid model are discussed in broad strokes in the Pew reports.
(3) Outsource Model: In this model there are two options: outsource all 10 requirements’ monitoring to a third party that can provide comprehensive services — probably 10 to 12 services in addition to the software used; or choose to use a software-as-a-service software provider for the electronic shipping notice transmission documentation receipt, which represents about two of the services needed.
The three models are depicted in the chart at left, with the range of estimated start-up and monthly budget required to be compliant. CT
J. Randall Hoggle, B.Pharm., D.Ph., M.B.A., is the managing director of Advasur, LLC, the Advasur Audit & Supply Chain Resource Center in Rockville, Md. The author can be reached at r.hoggle@advasur.com.