Understanding Dispenser Requirements can be Difficult.
ConsortiEX Makes it Easy
2024 DSCSA Requirement Deadline:
How to Achieve DSCSA Compliance:
The number of dispenser requirements has expanded since the introduction of DSCSA in 2015. Current dispenser requirements are:
Confirm Trading Partner Licenses & Transact only with Authorized Trading Partners
Only Accept Product with a Verified 2D Product Identifier
Receive, Validate & Store Transaction Information in an Easily Accessible Database
Have Processes in Place to Identify, Quarantine & Investigate Illegitimate and Suspect Product
Processes to Quickly Alert the FDA & Trading Partners of Illegitimate Product
Ability to Respond to Regulatory Audit or Inquiry Within 48 Hours
How to Ensure DSCSA Compliance
GLNs and EPCIS files play a crucial role in complying with the ATP requirements. This is because vendors are required to transmit data via EPCIS file, and participate in an interoperable network that utilizes EPCIS. To put it simply, a vendor that can not deliver accurate data is not a vendor your organization should transact with if it wants to be compliant with DSCSA.
Here are some things to ask yourself when gauging your compliance with this requirement:
- Have I provided my GLNs to my solutions providers so EPCIS feeds can be established? See below for our tips on obtaining GLNs.
- Am I a 340B entity?
- Have I confirmed my vendors are sending accurate EPCIS data?
- Have I held internal meetings with my buyers on our plan for replacing vendors who can not provide EPCIS data?
In addition to receiving EPCIS data, 340B entities will need to provide outbound EPCIS data when transferring product to Contract Pharmacies.
See the GS1 Webpage for more details on GLNs.
To Gather GLNs, ConsortiEX Recommends:
- Reaching out to your GPO for a list of known GLN locations within your organization/location.
- Once a list of GLNs has been obtained, they should be passed along to your solutions provider so EPCIS feeds can be established.
Note: If you are a ConsortiEX customer, we take on the communication with your vendors from this point onward. - If you do not have a compliance solution in place, or are not a ConsortiEX customer, you may need to reach out to your wholesaler and other vendors to establish EPCIS feeds using your obtained GLNs.
In 2017, the FDA began enforcing rolled out the requirement that dispensers should only accept product if they can verify that it has a 2D product identifier. The industry standard for this identifier was adopted in the form of a 2D data matrix barcode.
The overwhelming majority of Authorized Trading Partners are currently complying with their requirement of ensuring each product has the product identifier. The data stored in the 2D barcode must be captured by dispensers to comply with additional requirements, which is covered directly below in its own section.2D Barcode Example:
Questions to ask yourself when gauging your compliance with the 2D Product Identifier Requirement:
- Do I have an SOP in place documenting how our staff is physically verifying the 2D barcode is on each package?
- Do I have an SOP in place documenting how our staff is verifying the data stored on the barcode against what is on the package?
- Do I have an SOP in place documenting how our staff responds when a product is missing the required 2D barcode, the barcode is not readable, or the data does not match what is on it?
The receiving, capturing, and storage of transaction data was one of the first DSCSA requirements, initially emphasizing the capture of paper T3s — a paper document containing the Transaction History, Statement, and Information. The industry has largely shifted towards electronic transfer of this data, originally via EDI, but now primarily utilizing EPCIS.
The electronic footprint only tells half of the story, and the product itself must have a barcode with corresponding data to verify the package, or unit, is legitimate. This barcode contains corresponding product and transaction data, including: product name, NDC, Lot number, expiration date, applicable addresses, and the serial number.Today, the data captured on the 2D barcode must be verified against what is labeled on the package.
In November 2024, this data must be verified against the EPCIS data provided by the vendor.
Once verified, this data must be stored in a way that remains easily accessbile should there be an audit or trace request.Questions to ask yourself when gauging your compliance with the requirement to Receive, Capture & Store Transaction Data for Six Years:
- Do I have an SOP in place documenting how our staff receives transaction data, when sent either electronically or via paper?
- Do I have an SOP in place documenting how our staff captures that transaction data?
- Do I have an SOP in place documeting how our staff verifies that transaction data against what is on the package?
- Do I have an SOP in place documenting how our staff stores that transaction data?
- How do we plan to verify the package-level data against EPCIS data to remain compliant in November 2024?
The intended purpose of the Drug Supply Chain Security Act is enhance FDA’s ability to help protect consumers from exposure to drugs that may be counterfeit, stolen, contaminated, or otherwise harmful. Because of this, having documented policy and procedures to follow in the event of a received suspect or illegitimate product is critical.
Questions to ask yourself when gauging your compliance with the requirement to Investigate Suspect/Illegitimate Product:
- SOP for identifying suspect product
- SOP for investigating suspect product
- SOP for quarantining suspect product
- SOP for communicating with applicable trading partners in the event of an illegitimate product
- SOP for filling FDA Form 3911
Where identifying suspect/ illegitimate product is step one, notifying trading partners is step two. The FDA recently introduced the CDER NextGen Portal which is to be used by industry partners to respond to track/trace requests.
Questions to ask yourself when gauging your compliance with the requirement to Receive, Capture & Store Transaction Data for Six Years:
- Do I have a Login for the FDA NextGen Portal?
- Does my DSCSA SOP instruct my staff on how to receive information requests from regulatory agencies or Authorized Trading Partners?
- Does my DSCSA SOP include steps on responding to regulatory agencies or Authorized Trading Partners?
In addition to all of the requirements listed above, dispensers must be able to provide drug transaction information for any requested product within a 48-hour response window. The response time requirement serves as evidence that your facility is following its set of policies and procedures, and that transaction data remains easily accessible.
Questions to ask yourself when gauging your compliance with the requirement to Receive, Capture & Store Transaction Data for Six Years:
- Audit response SOP
- Recommendation: Run a mock audit to ensure your data is easily accessible within the 48 hour time frame. – We can help you run a mock audit ConsortiEX
Links to Additional Resources:
What Makes Compliance as a Service the Industry Leading DSCSA Compliance Solution?
Learn What Makes DSCSA Compliance as a Service the Industry Leading DSCSA Compliance Solution