TrackTrace Rx

Month: August 2015

A Comprehensive Checklist for DSCSA Compliance

By No Comments

With some DSCSA regulations already in effect, and the FDA enforcing the law since May 1, it’s very important to make sure you’re compliant. If you’re unsure about what’s required of you, take a look at our checklist and see if you’re missing anything.

1. Find a single format to store your T3 documentation.

T3, your Transaction History, Transaction Information and Transaction Statement, must be exchanged every time you purchase or sell on drug product (except at patient level), and that data must be stored for six years from receipt – a regulation that went into effect on July 1st, 2015.

This documentation is not required when moving product within your own organization, but there are many benefits to keeping it all in the same place as your product is stored – not only would it make it easier for any inspections that might come through, but it saves having to later send documentation to staff at another facility.

So given the importance of T3 information, it makes sense that it should be recorded in a single format and potentially be centrally accessible to all the staff in your business so that they can have the responsibility of keeping traceability data updated.

While paper is still a valid and lawful method of storing and sending T3 documentation, it comes with risk and several downsides. Not only does it take up a lot of physical space, it’s also expensive – an estimated $3500 of paper gets used per business every year when printing T3 documents, and there also have to be dedicated staff to file it correctly. As well as that, shipment errors are harder to correct and records difficult to obtain for requests within the 2-day time limit.

Electronic ASNs are your best bet, but of course they come with their own set of problems, being that there are over 200 different formats for ASNs to choose from, and your upstream suppliers are allowed to use any of them without regulation, as the DSCSA has left it up to the industry to regulate themselves.

So you need to make sure that when you receive your documentation for storage that you have a system that can handle compiling any number of ASNs formats into one, as well as converting paper documentation. Your system also needs to be long-term – remember that your T3 documentation must be stored for six years – and it needs to be efficient enough that it can produce any document for an information request at a moment’s notice.

2. Decide with trading partners on the way you exchange info. 

All that being said about T3 storage being said, it’s really a good idea to develop your network of trading partners, both up and downstream, and decide on a strategy for exchanging T3 documentation that works for everyone. Rather than trying to manage paper from one supplier and three different ASN formats from another, it’s worth talking to your partners about using one single format to streamline your data exchange processes and prevent headaches on both sides of the supply chain.

Under DSCSA, collaboration between trading partners is more important than ever. New regulations are stringent, and if you’re a dispenser, you have the responsibility to make sure your partners are authorized under DSCSA and licensed at a state or Federal level. This law went into effect on January 1st 2015, so you should already be compliant with it.

3. Make sure you can respond quickly to RFIs.

RFIs are requests for information by regulators, i.e. the FDA, and you need to be able to respond to them within a 2 day timeframe. This is why you need a T3 storage system in place that can handle such requests in a short amount of time. Your traceability data needs to be searchable and you need to be able to see its entire lifecycle, because if a request comes through on a certain product – this could happen if it’s been pinged as suspect or illegitimate, if batches of the product need to be recalled from the market, or if someone needs to know where that product was sent – you’ll need to provide the lot number, the expiration date and whether or not you manufactured it.

Your system ideally should have the option for verification in real-time, meaning that your upstream and downstream suppliers can verify information themselves while still giving you the ability to oversee and audit anything that happens within the system.

4. Know what your business does.

Under the new DSCSA regulations, it’s important to know exactly what kind of business you are so you can make sure you’re complying with the regulations set for that business, and they may not be what you think. DSCSA defines a business by what they do, not what they’re technically defined as, so if your organization is operating within a different scope than its definition, you may not be subject to the laws you think you are.

So are you a dispenser – and are you just a dispenser? Dispensers should only be receiving product that they ultimately dispense to patients. Organizations can still be considered dispensers if they hold product in another location before sending it out, but if your business is receiving product and then reselling it to another supplier or organization not owned by your same umbrella company, you’re probably going to be considered a dispenser and wholesaler – which means you’re subject to different regulations under DSCSA.

Wholesalers are subject to inspection by state officials, the FDA, and the NABP (National Association of Boards of Pharmacy), so it’s doubly important that they have an efficient system for retrieving traceability data quickly. It’s also a good idea for wholesalers to be accredited with the VAWD (Verified-Accredited Wholesale Distributors) program. Some people have wondered if DSCSA has made this previously prestigious and necessary program less important, but the NABP has modified some parts of VAWD to enhance its alignment with DSCSA requirements and believes that VAWD is strengthened by DSCSA’s existence. VAWD members have more visibility and control over their distribution operations, so becoming accredited should be seen as a benefit, though it’s important to note that if wholesalers fail to pass inspections, their accreditation can be pulled an in certain states their licenses can be revoked.

5. Keep to global standards. 

GS1 ECP Information Services (ECPIS) is the default data exchange program to ensure that across the world, all implemented technology systems and software concerning medical supply chains can communicate with one another and use the information provided.

ECPIS was created by GS1 – a non-profit organization responsible for maintaining the most widely used supply chain system in the world – in response to manufacturers and distributors wanting a singular way to exchange transaction data between global pharmaceutical and medical device supply chains. Today, because of DSCSA, GS1 has released an Implementation Guide that is essential in maintaining compliance with serialization and traceability on a global scale. If you are an international supplier, it is important that you understand and stick to these guidelines to stay both DSCSA and GS1 compliant.

DSCSA exists to ensure patient safety. The World Health Organization estimates that between 1% and 10% of drugs on the global market are counterfeit, so complying with the regulations DSCSA has set down is helping to create a much better world. The rules will take some getting used to and because this system is so new there is always a possibility of change on the horizon, but TrackTraceRx is here to help make compliance that much easier for your organization.

7 Things Dispensers Need to Know About the DSCSA

By No Comments

Hello Everyone, I have been MIA for a little while. Reason being is the fact that it has gotten really busy around here for obvious reasons. I will try to keep these blog posts on a weekly or bi-weekly basis. I am sure all of you know that the July 1st 2015 deadline for dispensers has been extended to Nov 1st 2015. Dispensers need to be careful about this extension.

7 Things Dispensers Need to Know About the DSCSA

Under the 2015 Drug Supply Chain Security Act, dispensers (that is, physicians, pharmacies, and hospitals, among others) face new requirements for compliance with drug acquisition and distribution. Because the Act is so new and not all regulations are in effect yet, there have been a lot of misconceptions about what they mean and when dispensers are supposed to start complying, as well as what exactly you are responsible for under the new law.

So, here are seven things you should know about DSCSA compliance that will hopefully clear some things up.

1. November 1st Extension

Yes, the FDA will not enforce and take action against dispensers who accept products without the required compliance documentation during the next few months. However, this does not delay the law from going into effect July 1st. Dispensers are still subject to the DSCSA July 1st compliance requirements. This provision by the FDA simply says that they will not take any effort to inspect your transaction information, transaction statement and transaction history (T3s) outside of legitimate investigations. This is an important distinction: dispensers that are involved in a suspect product inquiry or recall, and cannot produce the required compliance documentation, will face penalties and fines.

Also, if you sell, loan, barter or loan a product to another organization, this discretion will not apply to those transactions. When transferring scenarios occurs, the dispenser must then provide the T3 documentation.

2. Relying on your supplier portal

Dispensers believe that simply hosting their transaction information, transaction statement and transaction history (T3s) within their supplier portal will solve all of their problems. Keep a few things in mind if you decide to do this:

What if you try to retrieve this document and your supplier portal is not available? What if your supplier has an outage? What if your supplier loses all of your documents?

What if you decide to change suppliers? How will you export your data, store and organize it for 6 years?

What happens if you buy a product from another supplier who does not store your data? How will you accept and  store this data?

Having a solution to store this information and having ownership of your data is the safest way to go.

3. Collaboration is key.

You have new responsibilities when it comes to the supply chain. Not only must your compliance documents be in order, but you also need to think about your upstream suppliers; how are they sending documents to you? If they’re electronic ASN, can you receive them? Do you have a contingency plan if you’re expecting paper but they don’t want to use it? Making sure you have a good working relationship with your partners – however many of them you have – is a very important part of staying compliant. And remember: you’re also responsible for the drugs you acquire; they must be bought from companies that are authorized under the DSCSA and licensed in your state or you will be violating Federal law. This regulation has already gone into effect; after January 1st 2015, it is a Federal offense to receive drug from any company without a valid license. If your state doesn’t issue wholesale distribution licenses, then you’ll have to make sure that the supplier holds a valid license at a Federal level.

You’re culpable, so it’s very important to do your research whenever you liaise with a new distributor, and especially if you’ve received an offer from an unknown source – i.e. email, fax, or telephone number you haven’t encountered before. However, the right partners take the risk out of compliance, so it’s worth holding onto them when you find them.

4. Investigating is on you.

Another new provision that went into effect on January 1st 2015 is the requirement to investigate any suspect or illegal product that you receive. “Suspect” product is defined in the FD&C (Federal Food, Drug, and Cosmetic Act) as product believed to be counterfeit, diverted, or stolen; part of a fraudulent transaction; potentially contaminated, modified or otherwise unfit for distribution in such a way that it poses a risk to anyone taking it.

“Illegitimate” product is defined similarly, but requires credible evidence to warrant it as such – anything else remains under the “suspect” category.

The only dispensers who are exempt to this rule are individual practitioners like private physicians and dentists. Now, it’s not expected that you will need to be concerned about encountering illegal product any time soon, but if you don’t comply with regulations, you are once again culpable. Federal action will be taken if you haven’t followed procedures, and also even if you don’t have a course of action in place for if you do happen to find suspect drugs in your possession. The system you create should cover quarantining the product if there’s any question as to its legitimacy and notifying the FDA and any immediate trading partners.

And how do you decide whether a product is suspect or illegitimate? If it’s delivered  in packaging that seems untrustworthy – spelling errors, difference in appearance from the last shipment, absence of NDA (National Drug Code), lack of anti-counterfeiting measures like holograms, etc – or there’s a lack of an Rx symbol, or the wording is in a foreign language with little to no English, or the lot and expiration numbers don’t match on both the inner and outer containers, there’s probably cause for concern and you will need to notify the FDA of your determination.

Basically, if something seems out of place to you, don’t hesitate to investigate further – the consequences aren’t worth the risk. For more comprehensive information on investigating suspect or illegitimate product, you can refer to this FDA guide (

5. Paper is risky.

You are allowed to manage your DSCSA compliance with paper, but there is a lot of risk involved because some of your suppliers may only use electronic ASNs – and refuse you if you use paper. There are also more staffing requirements with paper, because you need someone who can take care of printing and compiling, and the cost of using it to begin with is high (around $3500 a year). As well as that, if you’re printing orders on paper, mistakes are harder to correct once shipments or orders have left your dispensary and retrieving the records before your 2-day time limit is up is hard to do.

Paper also comes with the burden of storing and maintaining traceability data for six years from receipt of product, which not only comes with the real risk of filing mix-ups, but generally just takes up a lot of physical space.

So really, your best option is the electronic ASN system, which is part of the EDI (more information on that here, because it helps to speed up inventory management. An AFPA study found that it takes three times as long to enter information on a paper system than it does through EDI – which really adds up in the long run.

Of course, electronic ASNs come with their own set of complications, which brings us to:

6. You need to get technical.

Electronic ASNs (Advanced Shipping Notices) give notification of impending deliveries, and there are over 200 ASN formats to choose from, so not only might your supplier choose one over paper, they have the option of any of those 200 formats. The DSCSA has made no formal standard for this, choosing to leave it up to the industry to decide, so it’s going to be up to you to learn how to deal with the large amount of diversity possible with your ASNs. This means it’s likely you’re going to need a dedicated IT team in-house to handle the workload, or you’re going to have to outsource it to freelancers.

7. T3 info is not necessary 100% of the time.

Your Transaction History, Transaction Information and Transaction statement are generally required on every purchase.

However, if your foundation or organization stores product at a central warehouse or distribution center, then ships it to individual offices that are also owned by you, you are not subject to the T3 regulations, because the DSCSA doesn’t consider it a transaction. You will still need T3 documentation on all of your product, but it doesn’t need to travel with the product from the center to your offices.

Similarly, hospitals supplying drugs to ambulances are not required to provide T3 documentation – provided the ambulances are not purchasing the drugs from another provider.

You can also choose not to supply T3 information if product is going directly from a supplier to your stores. Again, you will need to have the documentation for the original purchases, but it doesn’t have to travel with the product. You can, however, give your stores the option of having access to your T3 information, therefore giving them the responsibility of making sure that everything is compliant. Of course, this is not a decision that actually affects your compliance, it is just a business decision for you to make on your own.

Given that these DSCSA requirements are so new, and because not all of them are phased in (there are some serialization requirements set for 2020), it’s hard to know exactly what’s being asked of you. The FDA is also not done changing the rules in play, so it’s on you to keep up to date with their fine-tuning and adapt to the changes as they come.

Hopefully the points covered clear up some confusion, and if you need help meeting your DSCSA compliance, TrackTraceRx ( is here to help.