In previous articles, I explained what the Drug Supply Chain Security Act (DSCSA) is and what pharmacy teams must do today to meet the current five requirements listed below (of 10 requirements) as I categorize them in the absence of FDA CDER (Food and Drug Administration Center for Drug Evaluation and Research) requirement categorization.
Current Five DSCSA Compliance Requirements
Requirement #1: Authenticate and validate authorized trading partners (ATPs).
Requirement #2: Receive and validate Rx product electronic advance shipment notifications.
Requirement #3: Quarantine suspected illegitimate drugs.
Requirement #4: Notify the FDA and trading partners of suspect illegitimate drugs.
Requirement #5: Provide a timely response to government authorities and trading partners.
Five New DSCSA Compliance Requirements
I also outlined the five new requirements that must be implemented by Nov. 27, 2023, as summarized below:
Requirement #6: Serialization codes validation, authentication, and documentation management
Dispensers may only buy and sell products encoded with product identifiers.
Requirement #7: Lot number validation, authentication, and documentation management
Dispensers must verify every product at the product package lot number level, including the SNI (serialized numerical identifier).
Requirement #8: Electronic advanced shipment notification — 10 data sets for internal system integration
Dispensers must validate the electronic shipment notification’s 10 data elements for accuracy of that data matched to suppliers’ 10 data elements, and where there are gaps in supplier Rx product data sets, the dispenser must correct those deficiencies for products they receive for all suppliers.
Requirement #9: Interoperability of DSCSA compliance data exchange
To meet requirement #9, the dispensers must have internal interoperability between ordering, pharmacy management system, and invoicing systems, and external operability with trading partner data exchanges.
Requirement #10: Comprehensive DSCSA compliance reporting capabilities for government authorities
While the FDA had a self-assigned deadline for providing this Section 203 guidance with issuance by Nov. 27, 2021, for this requirement, this guidance has not yet been issued. The dispenser will probably see the FDA uses tabletop audits with electronic email notices for the production of material to validate data, DSCSA compliance SOPs (standard operating procedures), and the EDDS (electronic drug distribution security) compliance requirements.
The best option was clear to Advasur from the beginning, to focus on building our system capabilities from 2013 to date as an outsource model as the best value, lowest cost, and least risk for the pharmacy to “protect your patients and your business.”
I then described who will be policing DSCSA now and starting Nov. 28, 2023, and described the risk factors for the dispensers. Government inspectors requiring DSCSA compliance data and information are federal agencies (FDA, Office of Inspector General, Drug Enforcement Administration) and state boards of pharmacy.
From the private sector look for requirements by verification router service (VRS) providers for salable returns and PBMs (pharmacy benefit managers) for transaction information data now, and after Nov. 27, 2023, transaction statement data for Rx claim clawback audits.
DSCSA Compliance Costs
Now, in the final article of this series, I will be defining the range of options to be compliant, and the costs.
Option #1, Internal Model: The pharmacy decides to educate and train the internal pharmacy team to perform all 10 requirements, manage the DSCSA data, and store the data for retrieval within 48 hours upon demand.
In the Pew Charitable Trusts assessments in 2013 and 2014, the staff requirement was 1.7 FTE (full-time equivalent) pharmacy team member allocation at a monthly cost of $5,000 to $7,000 per month, but with the three new EDDS requirements, that staffing cost rose to 2.3 FTE pharmacy team members and $6,765 to $9,470 per month.
Option #2, Hybrid Model: In this model the pharmacy outsources the electronic transmissions and communication components but still internally collects and maintains the data. This model requires 1.5 FTE pharmacy team members today with SaaS (software as a service) licenses costing $500 to $1,400 per month at a monthly cumulative cost of $4,911 to $7,576.
In this model the three new EDDS requirements still require an additional staff allocation of 0.7 FTEs, so cumulative personnel of 2.2 FTEs and personnel costs of $6,470 to $9,058, plus the SaaS license of $500 to $1,400, mean cumulative monthly costs with EDDS capabilities of $6,970 to $10,458 per month, with setup fees of $500 to $3,500 per month.
The SaaS systems would be better than home-growing the data spreadsheets to record, retain, and report the DSCSA compliance data, but would be only an incremental improvement, since the same staff would be loading the data in both option #1 and option #2.
Option #3, Outsource Model: In this model the SaaS and other software systems are used by trained DSCSA experts, and the only pharmacy function is inspecting and documenting suspect product or product data.
So 0.2 FTEs and the SaaS and other software systems (e.g., managed file transfer systems) are programmed to automate more than 90% of the requirement functions. These outsourced turnkey system and service solutions cost $115 to $350 per month.
Therefore, the resulting cumulative cost today is $703 to $1,174 per month with no setup fee. With the three new EDDS requirements, the staff cost increases to 0.4 FTEs, so the cumulative monthly cost, including the EDDS new requirements, is $1,291 to $1,997 per month.
The best option was clear to Advasur from the beginning, to focus on building our system capabilities from 2013 to date as an outsource model as the best value, lowest cost, and least risk for the pharmacy to “protect your patients and your business.” With the unforeseen COVID-19 pandemic, this decision was magnified for our business as the right decision.
All three options can work. Decide what makes the most sense for your pharmacy and your personnel resources. CT
J. Randall Hoggle, B.Pharm., D.Ph., M.B.A., is the managing director of Advasur, LLC, the Advasur Audit & Supply Chain Resource Center in Rockville, Md. The author can be reached at email@example.com.