Understanding Dispenser Requirements can be Difficult.
ConsortiEX Makes it Easy
Current DSCSA Dispenser Requirements:
The number of dispenser requirements has expanded since the introduction of DSCSA in 2015. Current dispenser requirements are:
Verify all Accepted Product has 2D Product Identifier
Confirm Trading Partner Licenses & Transact only with Authorized Trading Partners
Receive, Validate & Store Transaction Information in an Easily Accessible Database
Have Processes in Place to Identify, Quarantine & Investigate Illegitimate and Suspect Product
Processes to Quickly Alert the FDA & Trading Partners of Illegitimate Product
Ability to Respond to Regulatory Audit or Inquiry Within 48 Hours
How to Achieve DSCSA Compliance:
The number of dispenser requirements has expanded since the introduction of DSCSA in 2015. Current dispenser requirements are:
Verify all Accepted Product has 2D Product Identifier
Confirm Trading Partner Licenses & Transact only with Authorized Trading Partners
Receive, Validate & Store Transaction Information in an Easily Accessible Database
Have Processes in Place to Identify, Quarantine & Investigate Illegitimate and Suspect Product
Processes to Quickly Alert the FDA & Trading Partners of Illegitimate Product
Ability to Respond to Regulatory Audit or Inquiry Within 48 Hours
How Dispensers Comply with DSCSA:
At its core, DSCSA was enacted to secure the US drug supply chain, and ensuring illegitimate products never make their way to a patient. There are a number of measures that must be taken across the industry to achieve this. Dispensers are the last line of defense to ensure patient safety.
There is one practice dispensers can follow to ensure suspect or illegitimate product never reach their shelves or patients – 100% product verification at the point of receipt.
Here’s what You Prevent with 100% Product Verification:
- You prevent short-dated medication from reaching your inventory
- You prevent duplicate serial numbers from reaching your inventory
- You prevent recalled medications from reaching your inventory
- You prevent counterfeit medications from reaching your inventory
- You instantly detect short shipments and prevent incorrect product from reaching your inventory
- You prevent Adverse Events or Medication errors stemming from illegitimate or counterfeit product
Here’s what you risk with partial forms of verification (aggregate scanning, tote scanning, scanning only on certain days):
- The ability to go to vendors refunds/credits for missing or short-dated product
- Accepting ownership of and dispensing product with duplicate serial numbers or product that is otherwise suspect product
- Accepting ownership of and dispensing recalled product
- Adverse Events or Medication Errors stemming from unverified product, opening your organization up to lawsuits and regulatory audits
- Your compliance standing with the FDA, who may request an audit on product that you received but did not verify
Global Location Numbers (GLNs) play a crucial role in complying with DSCSA’s ATP requirements. This is because vendors are required to transmit data in an interoperable network utilizing EPCIS, a GS1 standardized data format. An organization must have GLNs to establish EPCIS data feeds. As we approach November 2024, dispensers should consider internal discussions on which vendors to purchase from, with a preference towards those are capable of providing EPCIS data.
See the GS1 Webpage for more details on GLNs.
Here are some things to ask yourself when gauging your compliance with this requirement:
- Have I provided my GLNs to my solutions providers so EPCIS feeds can be established? See below for our tips on obtaining GLNs.
- Have I confirmed my vendors are sending accurate EPCIS data?
- Have I held internal meetings with my buyers discussing our primary vendors and their EPCIS readiness?
- Am I a Covered Entity under 340B? (In addition to receiving EPCIS data, 340B entities will need to provide outbound EPCIS data when transferring product to Contract Pharmacies.)
A Quick Guide on Gathering GLNs:
- Reaching out to your GPO for a list of known GLN locations within your organization/location.
- Once a list of GLNs has been obtained, they should be passed along to your solutions provider so EPCIS feeds can be established.
Note: If you are a ConsortiEX customer, we take on the communication with your vendors from this point onward. - If you do not have a compliance solution in place, or are not a ConsortiEX customer, you may need to reach out to your wholesaler and other vendors to establish EPCIS feeds using your obtained GLNs.
In 2017, the FDA began enforcing rolled out the requirement that dispensers should only accept product if they can verify that it has a 2D product identifier. The industry standard for this identifier was adopted in the form of a 2D data matrix barcode.
The overwhelming majority of Authorized Trading Partners are currently complying with their requirement of ensuring each product has the product identifier. The data stored in the 2D barcode must be captured by dispensers to comply with additional requirements, which is covered directly below in its own section.Questions to ask yourself when gauging your compliance with the 2D Product Identifier Requirement:
- Do I have a documented SOP detailing how our staff is physically verifying the 2D barcode is on each package?
- Do I have a documented SOP detailing how our staff is verifying the data stored on the barcode against what is on the package?
- Do I have a documented SOP detailing how our staff responds when a product is missing the required 2D barcode, the barcode is not readable, or the data does not match what is on it?
The receiving, capturing, and storage of transaction data was one of the first DSCSA requirements, initially emphasizing the capture of paper T3s — a paper document containing the Transaction History, Statement, and Information. The industry has largely shifted towards electronic transfer of this data, originally via EDI, but now primarily utilizing EPCIS.
The electronic footprint only tells half of the story, and the product itself must have a 2D barcode with corresponding data to verify the package, or unit, is legitimate. This barcode contains corresponding product and transaction data, including: NDC, Lot number, expiration date, and the serial number.In November 2024, this data must be verified against the EPCIS data provided by the supplier.
Once verified, this data must be stored in a way that remains easily accessbile should there be an audit or trace request.Questions to ask yourself when gauging your compliance with the requirement to Receive, Capture & Store Transaction Data for Six Years:
- Do I have a documented SOP detailing how our staff receives transaction data, when sent either electronically or via paper?
- Do I have a documented SOP detailing how our staff captures that transaction data?
- Do I have a documented SOP detailing how our staff verifies transaction data against what is on the package?
- Do I have a documented SOP detailing how our staff stores that transaction data?
- Do I have a documented SOP detailing how our staff will verify the package-level data against EPCIS data?
The intended purpose of the Drug Supply Chain Security Act is to enhance the FDA’s ability to help protect consumers from exposure to drugs that may be counterfeit, stolen, contaminated, or otherwise harmful. Because of this, having documented policy and procedures to follow in the event of a received suspect or illegitimate product is critical.
Questions to ask yourself when gauging your compliance with the requirement to Investigate Suspect/Illegitimate Product:
- Do I have a documented SOP detailing how our staff will identify suspect product?
- Do I have a documented SOP detailing how our staff will track, trace and investigate suspect product?
- Do I have a documented SOP detailing how our staff will respond to tracking requests?
- Do I have a documented SOP detailing how our staff will quarantine suspect product?
Where identifying suspect/ illegitimate product is step one, notifying trading partners is step two. The FDA recently introduced the CDER NextGen Portal which is to be used by industry partners to respond to track/trace requests and submit 3911 forms.
Questions to ask yourself when gauging your compliance with the requirement to alert the FDA and trading partners in the event of a suspect or illegitimate product:
- Do I have a login for the FDA NextGen Portal?
- Do I have a documented SOP detailing how we plan to receive information requests from regulatory agencies or Authorized Trading Partners?
- Do I have a documented SOP detailing how my staff will communicate with applicable trading partners in the event of an illegitimate product?
- Do I have a documented SOP detailing how my staff will submit an FDA Form 3911?
Use these links to be taken to the CDER NextGen Portal or FDA FAQ Page:
In addition to all of the requirements listed above, dispensers must be able to provide drug transaction information for any requested product within a 48-hour response window. The response time requirement serves as evidence that your facility is following its set of policies and procedures, and that transaction data remains easily accessible.
Questions to ask yourself when gauging your ability promptly respond to audits:
- Do I have a documented SOP detailing how our staff responds to audits?
Recommendation: Run a mock audit to ensure your data is easily accessible within the 48 hour time frame. – ConsortiEX can help you run a mock audit.
How Dispensers Comply with DSCSA:
At its core, DSCSA was enacted to secure the US drug supply chain, and ensuring illegitimate products never make their way to a patient. There are a number of measures that must be taken across the industry to achieve this. Dispensers are the last line of defense to ensure patient safety.
There is one practice dispensers can follow to ensure suspect or illegitimate product never reach their shelves or patients – 100% product verification at the point of receipt.
Here’s what You Prevent with 100% Product Verification:
- You prevent short-dated medication from reaching your inventory
- You prevent duplicate serial numbers from reaching your inventory
- You prevent recalled medications from reaching your inventory
- You prevent counterfeit medications from reaching your inventory
- You instantly detect short shipments and prevent incorrect product from reaching your inventory
- You prevent Adverse Events or Medication errors stemming from illegitimate or counterfeit product
Here’s what you risk with partial forms (aggregate scanning, tote scanning, scanning only on certain days) of verification:
- The ability to go to vendors refunds/credits for missing or short-dated product
- Accepting ownership of and dispensing product with duplicate serial numbers or product that is otherwise suspect product
- Accepting ownership of and dispensing recalled product
- Adverse Events or Medication Errors stemming from unverified product, opening your organization up to lawsuits and regulatory audits
- Your compliance standing with the FDA, who may request an audit on product that you received but did not verify
Global Location Numbers (GLNs) play a crucial role in complying with DSCSA’s ATP requirements. This is because vendors are required to transmit data in an interoperable network utilizing EPCIS, a GS1 standardized data format. An organization must have GLNs to establish EPCIS data feeds. As we approach November 2024, dispensers should consider internal discussions on which vendors to purchase from, with a preference towards those are capable of providing EPCIS data.
See the GS1 Webpage for more details on GLNs.
Here are some things to ask yourself when gauging your compliance with this requirement:
- Have I provided my GLNs to my solutions providers so EPCIS feeds can be established? See below for our tips on obtaining GLNs.
- Have I confirmed my vendors are sending accurate EPCIS data?
- Have I held internal meetings with my buyers discussing our primary vendors and their EPCIS readiness?
- Am I a Covered Entity under 340B? (In addition to receiving EPCIS data, 340B entities will need to provide outbound EPCIS data when transferring product to Contract Pharmacies.)
A Quick Guide on Gathering GLNs:
- Reaching out to your GPO for a list of known GLN locations within your organization/location.
- Once a list of GLNs has been obtained, they should be passed along to your solutions provider so EPCIS feeds can be established.
Note: If you are a ConsortiEX customer, we take on the communication with your vendors from this point onward. - If you do not have a compliance solution in place, or are not a ConsortiEX customer, you may need to reach out to your wholesaler and other vendors to establish EPCIS feeds using your obtained GLNs.
In 2017, the FDA began enforcing rolled out the requirement that dispensers should only accept product if they can verify that it has a 2D product identifier. The industry standard for this identifier was adopted in the form of a 2D data matrix barcode.
The overwhelming majority of Authorized Trading Partners are currently complying with their requirement of ensuring each product has the product identifier. The data stored in the 2D barcode must be captured by dispensers to comply with additional requirements, which is covered directly below in its own section.
Questions to ask yourself when gauging your compliance with the 2D Product Identifier Requirement:
- Do I have a documented SOP detailing how our staff is physically verifying the 2D barcode is on each package?
- Do I have a documented SOP detailing how our staff is verifying the data stored on the barcode against what is on the package?
- Do I have a documented SOP detailing how our staff responds when a product is missing the required 2D barcode, the barcode is not readable, or the data does not match what is on it?
The receiving, capturing, and storage of transaction data was one of the first DSCSA requirements, initially emphasizing the capture of paper T3s — a paper document containing the Transaction History, Statement, and Information. The industry has largely shifted towards electronic transfer of this data, originally via EDI, but now primarily utilizing EPCIS.
The electronic footprint only tells half of the story, and the product itself must have a 2D barcode with corresponding data to verify the package, or unit, is legitimate. This barcode contains corresponding product and transaction data, including: NDC, Lot number, expiration date, and the serial number.In November 2024, this data must be verified against the EPCIS data provided by the supplier.
Once verified, this data must be stored in a way that remains easily accessbile should there be an audit or trace request.Questions to ask yourself when gauging your compliance with the requirement to Receive, Capture & Store Transaction Data for Six Years:
- Do I have a documented SOP detailing how our staff receives transaction data, when sent either electronically or via paper?
- Do I have a documented SOP detailing how our staff captures that transaction data?
- Do I have a documented SOP detailing how our staff verifies transaction data against what is on the package?
- Do I have a documented SOP detailing how our staff stores that transaction data?
- Do I have a documented SOP detailing how our staff will verify the package-level data against EPCIS data?
The intended purpose of the Drug Supply Chain Security Act is to enhance the FDA’s ability to help protect consumers from exposure to drugs that may be counterfeit, stolen, contaminated, or otherwise harmful. Because of this, having documented policy and procedures to follow in the event of a received suspect or illegitimate product is critical.
Questions to ask yourself when gauging your compliance with the requirement to Investigate Suspect/Illegitimate Product:
- Do I have a documented SOP detailing how our staff will identify suspect product?
- Do I have a documented SOP detailing how our staff will track, trace and investigate suspect product?
- Do I have a documented SOP detailing how our staff will respond to tracking requests?
- Do I have a documented SOP detailing how our staff will quarantine suspect product?
Where identifying suspect/ illegitimate product is step one, notifying trading partners is step two. The FDA recently introduced the CDER NextGen Portal which is to be used by industry partners to respond to track/trace requests and submit 3911 forms.
Questions to ask yourself when gauging your compliance with the requirement to alert the FDA and trading partners in the event of a suspect or illegitimate product:
- Do I have a login for the FDA NextGen Portal?
- Do I have a documented SOP detailing how we plan to receive information requests from regulatory agencies or Authorized Trading Partners?
- Do I have a documented SOP detailing how my staff will communicate with applicable trading partners in the event of an illegitimate product?
- Do I have a documented SOP detailing how my staff will submit an FDA Form 3911?
Use these links to be taken to the CDER NextGen Portal or FDA FAQ Page:
In addition to all of the requirements listed above, dispensers must be able to provide drug transaction information for any requested product within a 48-hour response window. The response time requirement serves as evidence that your facility is following its set of policies and procedures, and that transaction data remains easily accessible.
Questions to ask yourself when gauging your ability promptly respond to audits:
- Do I have a documented SOP detailing how our staff responds to audits?
Recommendation: Run a mock audit to ensure your data is easily accessible within the 48 hour time frame.
Links to Additional Resources:
Links to Additional Resources:
What Makes Compliance as a Service the Industry Leading DSCSA Compliance Solution?
Learn What Makes DSCSA Compliance as a Service the Industry Leading DSCSA Compliance Solution