Wholesale Distributor Annual Reporting Deadline

The Annual Reporting by Prescription Drug Wholesale Distributors and 4 Third-Party Logistics Providers deadline will be on March 31st 2015. This means that if you are pharmaceutical wholesaler you must submit your company information to the FDA. The actual FDA guidance:

This guidance describes FDA’s expectations for prescription drug wholesale distributors (wholesale distributors) and third-party logistics providers (3PLs) for the annual reporting to FDA as required under the Drug Supply Chain Security Act of 2013 (DSCSA). Under section 584(b) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) (21 U.S.C. 360eee-3(b)), beginning November 27, 2014, 3PLs must report certain information to FDA, including State licensure information for each facility and the name and address for each facility. Under section 503(e)(2)(A) (21 U.S.C. 353(e)(2)(A) (as amended by the DSCSA), beginning January 1, 2015, wholesale distributors also must report certain information to FDA, including State licensure information for each facility, contact information for each facility, and any significant disciplinary actions taken by a State or the Federal Government. This guidance outlines the information that should be submitted to FDA, the timing of the submissions, a preferred format 28 for the submissions, and a preferred method for reporting to FDA.

What needs to be submitted:

The DSCSA requires contact information to be submitted by wholesale distributors. FDA considers contact information to include the email address and telephone number of the person who will interact with the FDA. In addition to the specific information required by DSCSA to be submitted to the Agency, FDA has identified additional information that will enhance efficiencies and improve accuracy in the management of the licensing and facility information submitted to the Agency. Therefore, FDA is requesting that certain additional information be submitted to FDA on a voluntary basis. This additional information will be useful to FDA in its enforcement of the Act and to stakeholders as they make decisions about their drug product distribution. Furthermore, FDA is requesting the same information from wholesale distributors and 3PLs. The ultimate goal is for the public database to serve as a single repository of licensing and facility information for wholesale drug distributors and 3PLs conducting business in the United States.

Where do you need to go to submit this information?

If you are a client of TrackTraceRx, we assist you in this submittal. If not please look at these links:
The actual form:

When should you fill out this information?
Wholesale distributors: January 1, 2015–March 31, 2015
What about for newly registered company?
Wholesale distributor and 3PL facilities that are newly licensed after the dates noted above should initially report within 30 days of obtaining a State or Federal license.
When do I have to re-submit my information on an annual basis?
Wholesale distributors: January 1–March 31 annually
What else?
Reports of significant disciplinary actions should be submitted to FDA when a final action or ruling has been made by a State or Federal licensing authority.

Wholesale distributors: within 30 days of final action

A company should notify FDA if a facility goes out of business or decides to voluntarily withdraw a State or Federal license.

How do i submit this report?

FDA prefers the use of extensible markup language (XML) files in a standard Structured Product 268 Labeling (SPL)4 format.


Register and fill out the form here:


Follow our Step-by-Step guide here:


Are Web Portals The Solution For DSCSA Transaction Data Exchange

The deadline of 1st May 2015 for securing compliance with the data exchange requirements laid down in the Drug Supply Chain Security Act is approaching fast. Pharmaceutical manufacturers, whose sale distributors and re-packagers are in a rush to get their operations and business processes straightened up and in line with the guidelines chalked down by the FDA in the DSCSA documentation.

The FDA has suggested that companies make use of secure web portals for achieving data exchange compliance. A number of companies are now considering web portals as a viable option for implementing data exchange requirements. It is worth digging deep into what web portals are and how they function.

So, what exactly is a secure web portal? By definition, it is a website provided by the seller of drugs to the trading partners within the medical supply chain that conduct mutual business. The website facilitates the buyers with access to the required Transaction Information, Transaction History and Transaction Statement documents. These documents are provided by the seller to the buyer. The same web portal then function to fulfill the data exchange requirements that are obligatory on the seller’s part.

While choosing on a DSCSA compliance web portal, the most important thing to ensure is the existence of an underlying core data-exchange mechanism. It is this very data-exchange mechanism that enables the seller to provide the buyer with the required TI, TH, and TS documentation whenever needed. At times, the same may also be offered by the supplier to fulfill the buyer’s DSCSA requirement, mostly in the event of an investigation, but this is NOT the main purpose the web portal is built to serve.

In addition to meeting the data exchange requirements, the DSCSA requires the web portal to be secure. By being secure, it is implied that the portal offered by the seller must be fortified with standard internet security features, and must allow the buyer to log on to, and access relevant transaction documents describing the procurements from that specific seller. There exists no standard requirement for a user interface though, and web portals for different sellers are bound to be different from one another. The common core characteristic that prevails in all the portals, however, is the capability to manually login and access transaction documents.

It is also imperative that the seller keeps your DSCSA transaction documents safe for a good six years, so that they are retrievable over the said time span effortlessly. It would be foolish to assume that the seller will be doing this by default – it is not at all mandatory upon the seller to provide such a level of service. Instead, the storage and retrieval for full six years is the responsibility of the buyer. As a seller, it is of utmost importance the web portal you select has this capability of extended document storage and retrieval. Similarly, as a buyer, it is only logical to engage in business with a buyer that offers not merely a web based data exchange platform, but a thorough document storage and retrieval system. After all, manually downloading each and every transaction document, printing it and then storing it physically for six years is the last thing you would want.

Dispensers will opt to and rely on their suppliers to store their T3s for them. There are few things to make sure your organization is ok with.

  1. Is the supplier providing the portal access reliable? What happens when you are audited and the supplier portal is not responding to your request? Is this risk worth it?
  2. Is your supplier going to be ready for serialization? Wouldn’t it be better to start building your serialization strategy now?
  3. How well are you having visibility to your incoming T3s with your inventory?
  4. When there are issues with your shipment, does their portal allow you to log this issue? How is the audit trail created?
  5. What about the other requirements of the DSCSA? How are you managing doing business with suppliers that are DSCSA “authorized”.
  6. Is your supplier going to be on top of the many changes in the law?

To wrap it up, a secure web portal with data exchange capabilities is not enough – document storage and retrieval features need to be added to the feature mix for real value addition. At TrackTraceRx, we’ve painstakingly incorporated data storage and retrieval capabilities right in our state-of the-art, cloud-based server. With TrackTraceRx, securing compliance with transaction data exchange requirements is as easy as it gets.

TrackTrace ERP – The First ERP Fully Integrated with DSCSA Traceability

Press Release – ORLANDO, Fla. March 9 2015.

TrackTraceRx, a market leader on the development of traceability solutions for the Life Science industry, has launched a new software that encompasses DSCSA Traceability with a full fledge ERP system called the TrackTraceERP.

On November 27, 2013, President Obama signed into law The Drug Quality and Security Act (DQSA). Specifically in that bill, Title II of the DQSA, is the Drug Supply Chain Security Act (DSCSA). The DSCSA, outlines the steps necessary to build an electronic interoperable system that can track and trace types of prescription drugs as they are sold and distributed in the United States.

The biggest challenge in selecting a software that handles the new DQSA law is the fact that other solutions in the market only focuses on providing DSCSA traceability. The problem with this is, once you choose a DSCSA software solution, you must spend weeks, even months, getting your DSCSA solution provider integrated with your ERP, according to TrackTraceRx Operations Manager Christian Souza.

“Imagine getting a one stop solution,” says Souza. “The TrackTraceERP is an entire ERP solution that manages your business, manages your inventory, sales, CRM, and passes traceability data required by the DSCSA. ”

The TrackTraceERP is the world’s first and only solution that fully automates traceability with an ERP system, starting with manufacturing all the way to passing serialized traceability data to your trading partners. No integration needed, the solution is fully automated and works right off the bat.

The TrackTraceERP is currently accepting a limited number of users to beta test this newly launched solution. Please contact us at sales@tracktracerx.com or visit http://tracktracerx.com.


There’s No Escaping the Serialization of the Pharmaceutical Industry

Constituent entities making up the United States drug supply chain – pharmaceutical manufacturers, whole sale distributors, dispensers and re-packagers – are extremely busy nowadays securing compliance with guidelines for transaction data exchange laid down in the recently passed Drug Supply Chain Security Act.

Things have not always been this way though. Before the DSCSA was proposed, the focus of the pharmaceutical industry was around getting the California-mandated serial numbers done on 50% of their packages, and that as well, latest by 1st January, 2015. The mandate, however, quickly evaporated by dint of federal preemption the very moment the Federal bill was signed into law. The result – a shift in focus from serialization to establishing mechanisms that track and trace on a lot-level Transaction Information (TI), Transaction History (TH) and Transactions Statements (TS).

While the May 01, 2015 deadline for enforcement of DSCSA by the FDA should be the prime concern for supply chain constituents, drug manufacturers and re-packagers need to pay special attention to serializing their drug packages and homogeneous cases. And that too, real soon. Why is that? Because the process is too intricate and the deadline (November 27, 2017 for manufacturers and 2018 for re-packagers) is not that far away either.

Regarding serialization, there exist a number of questions that need to be answered directly by the FDA. The first question is around the continuation of the usage of existing linear barcodes for serialization. To be more specific, the FDA needs to educate manufacturers and repackages on whether printing human readable lot number and expiration date as part of the new 2D barcode adequate as the sole information printed on the package or not? Deliberation is due by the FDA on what does and does not need to be printed on packages for streamlining the flow of the said thorough the drug supply chain resulted in improved operations, worker efficiency and stakeholder experience.

There is a spectrum of technical challenges that manufacturers and re-packagers are facing as they shortlist the optimal candidate serialization solution for themselves. Conventionally, while selecting a serialization solution, manufacturers and re-packagers get to choose only two from the set of three desirable features inherent to the solution – speed, reliability and requisite print quality.

Manufacturers and re-repackagers also need to choose how to handle serialization data management and any use of randomization. The DSCSA does not require serial randomization, however there are regulations elsewhere, like in Europe that require randomizatione. In this case, randomization is something to consider.

There are two types of ways for approaching randomization. The first is “randomness”, which is a way to choose the serial number where it is unpredictable. The second way is “sparseness”, which is a way where you have a long list of serial numbers and you are only allocating only using a fraction of the list. You can also use both, which make it more difficult for counterfeiters. Another property of randomization is “monotonically” or “non-monotonically”, monotonically is where an ascending successive serial number is always greater than the one that preceded it. In the end, which ever approach and property you choose will help towards the goal of securing your supply chain.

If companies chooses not to randomize, they run the risk of having someone in the supply chain to guess or estimate your manufacturing volume. This is done by looking at your serial numbers and sequentially seeing a pattern. If a pattern shows numbers 1,2,3, its obvious what comes next. Discovering a pattern, can allow a counterfeiter to put something in your supply chain by following your serial number sequence. By exploiting this, counterfeirs avoid discovery from being detected. One of the purposes of randomizing is to protect against anyone from detecting a pattern.

Some of the other challenges with serialization is considering the unique combinations of numbers and characters and length size. Imagine a serial number twenty characters in length. It is a pretty enormous number to manage for data entry and also consuming a lot of space on a bar code.

Consider also that serial numbers are treated just as a string of characters. The number “5” is not defined as an integer but a character. There is no difference between “5” or “05” these are two different serial numbers. What about uppercase vs lowercase letters? The same applies.

The biggest challenge moving forward for distributors and dispensers is having a system in place that can be open enough to interchange and manage this new data coming into your supply chain. Manual T3s will be gone, as lot level traceability will be “upgraded” to package level serialized data flowing into your supply chain.

Delivering all the three features together within a unified serialization solution might sure be difficult, but it is by no means impossible. At TrackTraceRx, we’ve painstakingly incorporating support for serialization in our state-of the-art, cloud-based server delivering on a serialization solution.

Feel free to drop us a line and discover how we can help you with serialization in particular, and DSCSA compliance in general. Again, no more than 3 to 4 working days and you’re up and running – the TrackTraceRx advantage on your side.

How to Handle DSCSA Exceptions: Your Next Nuisance

Pharmaceutical manufacturers, whole sale distributors, dispensers and re-packagers that constitute the United States drug supply chain are busy these days in a thorough restructuring around their core operations. The restructuring is part of country-wide preparations aimed at achieving total compliance with the guidelines for transaction data exchange laid down in the recently passed US Drug Supply Chain Security Act.

The involved companies are expected to establish mechanisms that track and trace Transaction Information (TI), Transaction History (TH) and Transaction Statements (TS) for every shipment. The instated mechanism must have provisions to integrate generation, transmission, confirmation, storage and retrieval of the documentation associated with the exchange, and needs to be in place before the FDA’s deadline of 1st May, 2015. That’s a whole lot of work, and a number of companies are pumping in all resources at their disposal to get done with it, hoping that the intricate transaction data exchange would work like a charm from 1st May onwards.

There’s a catch though – too much of a broad focus on the exchange mechanism might result in companies overlooking an important underlying decision: how to handle exceptions. An exception handling process gone bad is all that it takes to bring your track-and-trace mechanism to a halt.

So, what exactly is an exception, anyway and why should companies care? It turns out that an exception refers to an honest mistake (rather than an intentional malice) during a shipment. Companies makes such mistakes frequently – especially distributors generating exceptions is a commonplace occurring.

An exception can manifest itself in the medical supply chain in either one of the following three ways:

  1. As a drug present on both the packing list and in the DSCSA transaction exchange data that has mysteriously gone missing from the physical shipment.
  2. As a package present in the physical shipment nowhere to be found in the DSCSA transaction exchange data.
  3. The transaction data delivered to the intended destination but the shipment itself delivered to a wrong location.

That said, exceptions are a novel occurrence by no means. Exceptions in the drug supply chain exist since ever. Traditionally, companies had a number of ways of handling and correcting exceptions including return of the extra product, re-shipment of the missing product, additional billing in case of surplus shipment, etc. Most of these quick fixes ensured the customer was not being overcharged in case of an exception. Upon due satisfaction exhibited by both the selling and the buying parties, an exception was mutually agreed upon as being handled. In essence, the process of exception handling was not standardized and varied across different companies at a transactional level. All that was needed was the involved parties agreeing upon a fair solution to the then prevalent situation.

Times have changed now. Once companies have established data exchange mechanisms that enable conformity to the DSCSA guidelines, exception handling is going to become a system-wide headache if not addressed properly.

Consider the example of a wrong product in a shipment sent out to a pharmacy. The TI and TH in this case would exhibit a mismatch when stacked against the products received. The pharmacy would be stuck with a drug it didn’t order in the first place and missing on an important drug that was originally ordered. Handling this simple exception is not going to be as easy as it was prior to the introduction of the DSCSA. Why? Because both TI and TH will need to be corrected at the end of multiple trading partners involved in the supply chain. This, in turn, would most likely require reopening the electronic data exchange, advance shipment notice and performing associated edits. The same would need to be done with the transaction data maintained by all trading partners involved – way easier said than it’s actually done.

And now the good news. We’ve painstakingly incorporated exception handling capabilities in our state-of the-art, cloud-based server, making compliance with transaction data exchange requirements laid down in the DSCSA ridiculously simple. Here are some examples on how we handle this:

1. Most of the EDI solutions out there won’t allow you to search and correct your old ASN’s. The TrackTraceRx EDI capabilities will allow your organization to correct any previously received ASN’s.

2. Correcting outbound T3s can be a challenge. One of the challenges is to make changes and work with downstream trading partners to apply the necessary corrections. In a scenario where an outbound T3 was sent, having communication with a downstream trading partner is essential in making these changes in a corporative manner. TrackTraceRx streamlines this process so when changes are made, the entire supply chain is aware and onboard with the needed corrections.

3. When handling exceptions, it’s important to keep a trail of the original T3 and what was changed in case an audit verification is requested. Showing proof of your previous changes are a must. Our logging capabilities excels all other solutions by time stamping every change that is done within the system and by whom.

Feel free to drop us a line and discover how we can help you with exception handling in particular, and DSCSA compliance in general.

Choose the Right ERP System to Meet DSCSA Compliance

In this article we will discuss how to choose the right ERP system that can work with an external DSCSA solution provider. This integrated solution in passing transactional data (T3s) per the DSCSA requirement is really important in order to be fully automated with your supply chain to save on a lot of manual work.

First let’s go over what an ERP is:

A Enterprise Resource Planning (ERP) is a business management software that manages your business core data related to different activities such as:

Product planning – Cost
Marketing and Sales
Inventory Management
Shipping and Payment

Someone asked me once, “If i have an ERP, why do I need to select a DSCSA Solution Provider? Couldn’t my ERP system handle everything required under the DSCSA”.

The answer is, “probably not”. The reason being is that an ERP system is optimized to manage the core functionality of your business. Managing the requirements of the DSCSA is very complex, (see: Understanding the DSCSA). A good DSCSA solutions provider will be versatile enough to talk to multiple trading partners, communicate with the FDA, perform audit logging, correct traceability errors, and add business continuity to your data. An ERP system is not really built to handle this efficiently. An example is, even though an ERP provides good Inventory Management, it can never be as efficient as a Warehouse Management System (WMS).

So which ERP system should I select? Well it depends, a few popular ERP systems available on the market are:

SAP Business One
QuickBooks Enterprise
Microsoft Dynamics

Each one of these solutions have their pros and their cons. What is important is that before you start your search for the right ERP, it is important that you come up with an ERP system selection methodology. This is a formal process for selecting an ERP system.

Primarily, try to match an ERP system based on what your business requirements are. There are some ERP systems that are more geared for manufacturing and have lack  of customer relationship management and e-commerce. Selecting the right one depends on your needs. Most ERPs have additional add-ons you might need to purchase, so doing your  research beforehand will help in selecting the right ERP for your needs.

There needs to be full involvement by all personnel within the organization. This decision must be made by all stakeholders within the organization, especially by the leadership team. All stakeholders must participate in gathering requirements and attending vendor demonstrations.

90% of implementations are either late or over budget. Most of the time this happens when an organization did not fully understand what the vendor offering was. An example, when it comes to data migration, most organizations don’t realize that to transfer data from one system to another, requires that the data to be exported, cleaned, and put it into a file format easily read by the new system. To have a successful migration requires a high level of data integrity; example: (bill of materials, formulas, recipes, routings etc). are usually needed to be far higher then what most companies have ever achieved. This is a typical challenge that causes delays on implementation and increase in cost.

A Possible Scenario

In your supply chain, what happens when you receive the same products from different vendors but with the same lot numbers? A solution for this, is to have your ERP system use the same lot numbers but add a period followed by a specific serial number that will be related to their respective trading partners. example:


Make sure your ERP system can handle this type of scenario and also your DSCSA solution provider.

Integrating with a DSCSA Solution provider

Once the new ERP system is installed and the data is intact, your next phase will be integrating with a DSCSA solution provider. The biggest challenge is defining the business of process of what needs to be achieved to fully automate the data coming from the ERP and  communicating what is necessary in creating your T3s. It is important that your DSCSA solution provider can handle receiving shipment data and outgoing shipment data. The TrackTraceRx manages this data by associating receiving shipment data and tying its inventory to a  “inbound state” and your outgoing shipment data by a “outbound state”.

Here are a few scenarios of what needs to be done to receive an inbound T3:

1. An ASN, (Advanced Shipment Notice) will be received via EDI from your upstream trading partner which will generate a T3 on your DSCSA solution provider. Doing it this way will not require your organization to manage a EDI/AS2 server or work with a outside VAN to manage this. A VAN is a Value-added Network external company that can manage your EDI services for you. Make sure your DSCSA solution provider can support handling EDI. In this scenario, all of your costs will be incurred using your DSCSA solution who handles everything.

2. A second scenario is having your ERP system to support EDI via an external VAN company. Once this data is received, you will communicate this data to your DSCSA solution provider to generate an inbound T3. You will incur the cost from your external VAN company and possibly your ERP vendor as they are handling your EDI documents. You will also incur cost from your DSCSA solution provider as they will be managing your T3s. The biggest challenge by not letting your DSCSA provider handle your EDI documents for you is that you will need to make sure that your external VAN company will be able to make changes to your ASNs in case there are errors with your shipments. Also, make sure that your external VAN company re-certifies their EDI server on a yearly basis as some trading partners only integrates with companies that are certified.

3. The purchase order (PO) you generate to your vendor may have the necessary data to create your T3s. But this scenario is only possible if you have a rock solid agreement with your trading partner to send you the correct information. In the real world, most likely your trading partner will never send you exactly what the purchase order shows. Most companies will probably not use their purchase orders to generate T3s.

Now for the Outbound Process:  This happens when you are ready to ship your product.

Depending on what your business process looks like will determine when the right data is sent to your external DSCSA solution provider. This could be when you generate your invoice or generate your packing slip. Most likely the data will be correct when you generate your packing slip. Once the packing slip is generated, this data needs to be passed to your DSCSA solution provider. With this data sent, your DSCSA solution provider will then be able to generate a outbound T3 for your records.

All and all selecting the best ERP system takes a lot of work, teamwork, and support from your organizations leadership team. The most important aspect of selecting the best one is carefully evaluating all of your business requirements necessary from start to finish.

How to Use the Extension in Deadline for DSCSA Data Exchange Enforcement to Your Advantage

Consider it a New Year gift, a modern-day miracle, or prayers being answered – the FDA, earlier this month, announced its intent not to take action against manufacturers, wholesale distributors and re-packagers who are still struggling to implement a robust transaction data exchange system within their respective portion of the medical supply chain. The grace period for achieving backward compliance now extends till the 1st of May, 2015 – a good four months beyond the original deadline the 1st of January, 2015.

So why did the FDA announce the postponement in this first place? Grave concerns about the practical consequences of incompliance – drug shortage and medical supply chain disruption – were initially expressed by the Healthcare Management Distribution Management Association. The same was echoed by a number of manufacturers, wholesale distributors and re-packagers highlighting the unforeseen complications associated with the exchange of the three T’s namely Transaction Information, Transaction History and Transaction Statements. To minimize possible disruptions in the dissemination of the prescription drugs as highlighted by the stakeholders, the FDA realized it is only logical to lend the trade partners some extra time.

And what exactly is it that makes the data exchange process so complicated? Well – just about everything. The Transaction Information component of the data, albeit the most straight-forward of the lot, consists of product name, unit numbers, strength, dosage, size, container size, lot number, transaction date, shipment date, business name from and to. The Transaction History includes the Transaction Information for each transaction going all the way back to the manufacturer. Finally, the Transaction Statement ensures that a number of exhaustive ownership transference checks are strictly followed.

It is, however, important to understand that the announcement by FDA is, in essence, an extension in the compliance-check deadline, and not an extension in the actual implementation of the transactional data exchange mechanism. A plethora of companies are unaware that even though the FDA is not enforcing the law until May, the law is in full effect since 1st January, 2015. This means that coming May, the FDA has every right to inspect T3 data all the way from the month of January 2015 to any given point in time. What companies ought to be doing right now is generating, accumulating and storing transactional data right away. This is bound to do away with backlog that might plague the company operations at a later stage.

At the heart of seamless transactional data exchange lies the core transport method used to relay information to corresponding trade partners. The DSCSA law is quite flexible in terms of the recommendations for the transport method and even allows for conventional methods to be used – paper, legacy invoices, pdf receipts, emails are all acceptable means of transport under the act.

There is a catch to these dated methods though – the DSCSA act required transactional data to be kept safe for a span of six years per transaction. And the said condition is set to transition from the per-lot basis of today to a per-packaging basis in the coming decade. Simply printing and storing these documents physically is bound to be a menace, especially for full six years. Let alone the timely retrieval of records if such a print based solution were to be implemented, the storage alone poses stern environmental threats and ridiculously high financial overheads. The most appropriate modern-day solution is to make the most out of secure, cloud-based web portal for transaction data exchange – a server where transaction information is secure, stored in a disaster-proof, eco-friendly manner and available for retrieval within fraction of a second, 24/7 round the year.

The extension in the deadline for DSCSA compliance is a blessing in disguise for manufacturers, wholesale distributors and re-packagers who are yet to implement transaction data exchange mechanism within their operations. Accomplishing compliance is not easy, and this is where we, at TrackTraceRx, come in. Our state-of the-art, cloud-based server meets all the transaction data exchange requirements laid down in the DSCSA act, securing compliance for your organization within merely 3 to 4 working days. TrackTraceRx server allows for advance features including seamless partner integration and transactional, e-commerce portal setup all at an amazingly affordable price plan.

Make sure you make the most out of the awarded grace period. Rather than procrastinating the implementation till the very month of May, the best thing would be to accumulate and store transactional data right away. Feel free to drop us a line and discover how we can help you with accomplishing exactly that all within a matter of 3 to 4 days.

How to Notify the FDA of a Illegitimate Product

Screen Shot 2016-02-14 at 6.17.21 PM

One of the questions we get at TrackTraceRx is, “how do I notify the FDA if i discover a counterfeit product within my supply chain?”

The DSCA section 582(h)(2) requires the FDA to issue guidance to aid trading partners in identifying a suspect product. Let’s first identify what the FDA considers a suspect product.

a – is potentially counterfeit, diverted, or stolen.

b – is potentially intentionally adulterated such that the product would result  in serious adverse health consequences or death to humans.

c – is potentially the subject of a fraudulent transaction.

d – appears otherwise unfit for distribution such that the product would result in serious adverse health consequences or death to humans.

Pretty clear guidelines for you to classify a product as a suspect product. Once you have determined that the product is a suspect product, here is what you need to do next.


Quarantine the product and conduct an investigation to determine if the product is a illegitimate product.

The DSCSA defines a illegitimate product as:

a – counterfeit, diverted, or stolen.

b – intentionally adulterated such that the product would result in a serious adverse health consequences or death to humans.

c – is the subject of a fraudulent transaction.

d – appears otherwise unfit for distribution such that the product would be reasonable likely to result in a serious adverse health consequences or death to humans.

Identification of a Suspect Product

Trading partners must have systems in place that enables them to start investigating a suspect product either by determining that the product is suspect or by a request from the FDA. The trading partner must then quarantine the product and work with their respective trading partners within the supply chain. Here are some best practices you should follow to identify a suspect product:

1. Exercise vigilance

2. Maintain awareness about suspicious activity

3. Look our for potential threats to your supply chain

4. Devote attention and effort to detect suspect products

Product Sourcing:

Receiving sales offers from a new trading partner or unknown source unwilling to provide a transaction history with the product being purchased.

Suspicious Appearance, label misspellings or not following usual color, font and images. Also packages that are missing key information such as a lot number and a different identification number rather than the National Drug Code (NDC)

Trading partners should closely examine the package and look for signs that is has been opened, broken seal, damaged, repaired and altered. Trading partners should also look for missing information such as a lot number, lot identification, NDC or strength of drug.

Notifying the FDA

Once you have identified that a product is “illegitimate”, the trading partner has 24 hours to notify the FDA and their respective trading partners.

Trading partners should have a system in place that can automatically send out a notification to the FDA (like the TrackTraceRx Portal). If not, the trading partner will have to perform this manually by accessing the FDA’s web site: http://www.accessdata.fda.gov/scripts/cder/email/drugnotification.cfm and follow the instructions to construct their own form. (The form on the FDA web site is only a draft.)

Trading partners will then have to create and manually fill out a form (roughly four pages long). This form will include:

Type of Notification:

This form will require initially that you identify what type of report this is:

a – Initial notification – first notification to the FDA of an illegitimate product or product with a high risk of illegitimacy.

b – Follow-up Notification – subsequent notification to FDA, related to an initial notification already submitted to the FDA.

c – Request for Termination – request for consultation with the FDA to terminate a notification of an illegitimate product or production with a high risk illegitimacy.

Classification of Notification:

Counterfeit – A product in your possession or control is determined to be counterfeit.

Diverted – A product in your possession or control is determined to be counterfeit.

Stolen – A product in your possession or control is determined to be a stolen product.

Intentional adulteration – A product in your possession or control is intentionally adulterated such that use of the product would result in serious adverse health consequences or deaths to humans.

Unfit for distribution – A product in your possession or control appears otherwise unfit for distribution such that use of the product would be reasonably likely to result in serious adverse health consequences or death to humans.

Fraudulent transactions – A product in your possession or control is the subject of a fraudulent transaction.

Description of Product:

A description of the illegitimate product will need to be added. The following description will need to be added such as, Generic name, Trade name, Drug use, Drug description, Strength, Dosage form, Quantity, NDC, Serial, Lot, and Expiration.

Company and Facility Information

The Company name of the Trading partner and address will need to be provided that is responsible for the product or for the notification. A unique identifier for the facility should be provided. For now, the only identifier that the FDA accepts is A D-U-N-S number. If the facility does not have a D-U-N-S number then this field should be left blank. A D-U-N-S number can be obtained for no cost from Dun & Bradstreet for free.

The name of the person needs to also be reported that submitted the notification. This person will also need to provide their email and telephone information.  Finally, a category for the company needs to be submitted. This category will need to be one of the following:

Manufacturer, Wholesale distributor, Dispenser, Repackager.

Emailing the FDA

Once the form is complete, the Trading partner will have to email the form to  DrugNotifications@fda.hhs.gov

Free DSCSA Evaluation

With the deadline fast approaching, contact TrackTraceRx today to receive a free evaluation of your DSCSA current policy and procedures. This free consultation will allow you to have a piece of mind that you are following the correct procedures in order to meet ALL DSCSA requirements. TrackTraceRx will also provide you with a FREE Standard Operating Procedure (SOP) template which is required by the DSCSA during a FDA inspection.

DSCSA Q/A With Dirk Rodgers from RxTrace

Recently I contacted Dirk Rodgers from RxTrace  (rxtrace.com) and asked him a few questions. He was kind enough to get back to me.

Chris –  If a wholesaler purchases directly from the manufacturer do they need to pass down the 3Ts even if they are an exclusive distributor?

Dirk –  In my opinion, exclusive distributors must receive the 3Ts from the manufacturer.  The HDMA appears to disagree with my opinion.  You will need to figure out who you agree with.

Chris – To be an exclusive distributor does it mean that  you just purchase directly from the manufacturer? or do you need an agreement signed between both parties?

Dirk – If you are acting as a manufacturer’s exclusive distributor, you would have a contract with that manufacturer stating that fact.

Chris – So in this case you would need to let your downstream trading partners know the reason why some TI/TH are not being passed?

Dirk – Yes, you will need to inform your customers that you are the exclusive distributor for a given product so they know what to expect from you and how they must construct their 3Ts.

Chris – When a wholesale distributor is simply exporting internationally? Do they need to pass any 3Ts?

Dirk – The FDA needs to provide guidance on this question.  The DSCSA does not have an explicit exemption for this type of transaction so you should assume you need to document those sales and keep a copy of the 3Ts just like any other sale.

Chris – A lot of companies are complaining that they are showing their customers who their supplier sources are when passing the 3Ts. They fear their customers will stop buying from them and start sourcing from their suppliers. Is this just a reality of the industry or is there anything they can do to protect this information?

Dirk – It may be a valid complaint, but there is nothing you can do about it.  The law requires everyone to receive the full supply chain transaction history going back to the manufacturer, repackager, or exclusive distributor of the manufacturer.

Chris – If a trading partner finds a product illegitimate, based on the law they need to report to the FDA. How is this process done?

Dirk –  See the FDA guidance document about suspect products here: http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM400470.pdf

Understanding the Drug Supply Chain Security Act (DSCSA)

On November 27, 2013, President Obama signed into law The Drug Quality and Security Act (DQSA). Specifically in that bill, Title II of the DQSA, is the Drug Supply Chain Security Act (DSCSA). The DSCSA, outlines the steps necessary to build an electronic interoperable system that can track and trace types of prescription drugs as they are sold and distributed in the United States. The companies that sell prescription drugs are commonly known as a Trading Partner, which are entities or organizations such as a Manufacturer, Repackager, Dispensers and Wholesale Distributors.

Before we begin let’s define what these entities are:


(A) a person that holds an application approved under section 505 or a license issued under section 351 of the Public Health Service Act for such product, or if such product is not the subject of an approved application or license, the person who manufactured the product;

This falls in line of a NDA holder – (New Drug Application)
A ANDA Holder – (Abbreviated New Drug Application)
A BLA Holder – (Biologic License Application)


A company that repacks and relabels a product or a package for sale or for distribution. This also includes in-house repackaging departments within hospital networks.


A company that dispenses drugs directly to human patients:

A retail pharmacy, hospital pharmacy, a group of chain pharmacies under common ownership and control that do not act as a wholesale distributor, or and other person authorized by law to dispense or administer prescription drugs, and the affiliated warehouses or distribution centers of such entities under common ownership and control that do not act as a wholesale distributor.

Wholesale Distributors:

Is a organization or company that engages in wholesale distribution of prescription drugs.

Third-Party Logistic Provider (3PL):

Is an entity that coordinates logistics services of a product on behalf of other organizations but does not take ownership and disposition of the product.

Trading Partner

Is the manufacturer, repackager, wholesale distributor and dispenser from who accepts direct ownership of a prescription drug. 3PLs do not take ownership of the product.

So what does this mean? Well, before this bill was signed, a few states had to comply with product traceability known as a pedigree (e-pedigree or electronic pedigree) requirements. Epedigree is an electronic document which provides a history trail of particular prescription drug. This trail shows transactions for every change of ownership in a supply chain.

Manufacturer -> Distributor -> WholesalerA -> WholesalerB -> Pharmacy – (Transfer of ownership in a supply chain)

Only a few states like Florida and California required ePedigrees. After a few years of state level ePedigree changes, the government decided to do away with epedigrees and create a new form of ePedigree 2.0. The main difference is now this new form of traceability is nationwide instead of state level.  At first glance, when someone reads Title II of the DSCSA and its requirements, one would think that this is almost the same requirements as an epedigree document, but now an epedigree on steroids.

Back to my original question, “So what does this mean?”. Well, If you sell, distribute, repackage or manufacturer prescription drugs in the United States, you will need to follow certain guidelines depicted in the section of the DQSA Title II called the DSCSA section 202 related to tracing.

How do you determine if you have to comply with the DSCSA? First question to ask:

Are you a manufacturer, wholesale distributor, repackager or a dispenser?


is your product a prescription drug?

A PRESCRIPTION DRUG is a drug for human use that is subject to FD&C section 503(b)(1). If the law makes it mandatory to mark your product Rx Only, then your product is a prescription drug and falls within the DSCSA.

What are the exemptions? 

Blood or blood components intended for transfusion
Radioactive drugs or radioactive biological products that are already regulated by the Nuclear
Regulatory Commission or by a State
Imaging drugs
Medical gases
Appropriately marked homeopathic drugs
Compounded drugs
Intravenous products that are intended for the replenishment of fluids and electrolytes or calories
Intravenous products used to maintain the equilibrium of water and minerals in the body, such as dialysis solutions
Products intended for irrigation, or sterile water, whether intended for such purposes or for injection.

Very Important, if you have ANY doubts that your product will be subject to the DSCSA law, please check with the FDA.

Are you performing a transaction between trading partners? The DSCSA defines:

A transaction to be the transfer of prescription between persons in which a change
of ownership occurs.

Here are the exemptions:

i. Intracompany distribution of any product between members of an affiliate or within a manufacturer;
ii. The distribution of a product among hospitals or other health care entities that are under common control;

iii. The distribution of a product for emergency medical reasons, except that a drug shortage not caused by a public health emergency shall not constitute an emergency medical reason;

iv. The dispensing of a product to fill a prescription;

v. The distribution of product samples by a manufacturer or a licensed wholesale distributor;

vi. The distribution of blood or blood components intended for transfusion;

vii. The distribution of minimal quantities of product by a licensed retail pharmacy to a licensed practitioner for office use;

viii. The lawful sale, purchase or trade of a drug or an offer to sell, purchase or trade a drug by a 501(c)(3) charitable organization to a nonprofit affiliate of the organization;

ix. The distribution of a product that is acquired as part of the sale or merger of a pharmacy or pharmacies or a wholesale distributor or wholesale distributors, as long as any records required to be maintained for the product are transferred to the new owner;

x. The dispensing of an approved product for use in animals;

xi. Products transferred to or from any facility that is licensed by the Nuclear Regulatory Commission (NRC) or by a State under an agreement with the NRC;

xii. The distribution of a combination product that is regulated by the FDA as a device primary mode of action (PMOA),37 including “medical convenience kits” as described below

xiii. The distribution of “medical convenience kits”, a collection of finished medical devices, which may include a product or biological product, assembled in kit form strictly for the convenience of the purchaser or user, if:

I. the kit is assembled in an establishment that is registered by the FDA as a device manufacturer;

II. the kit does not contain any controlled substance; and

III. the kit manufacturer purchased the product contained in the kit directly from the pharmaceutical manufacturer or from a wholesale distributor that purchased it directly from the pharmaceutical manufacturer, and the primary container label of the product contained in the kit is not altered;

IV. and the product contained in the kit is:

  • An intravenous solution intended for the replenishment of fluids and electrolytes;
    A product intended to maintain the equilibrium of water and minerals in the body;
    A product intended for irrigation or reconstitution;
    An anesthetic;
    An anticoagulant;
    A vasopressor; or
    A sympathomimetic;

xiv. The distribution of an intravenous product that, by its formulation, is intended for the replenishment of fluids and electrolytes or calories;

xv. The distribution of an intravenous product used to maintain the equilibrium of water and minerals in the body, such as dialysis solutions;

xvi. The distribution of a product that is intended for irrigation, or sterile water, whether intended for such purposes or for injection;

xvii. The distribution of a medical gas; or

xviii. The distribution or sale of any biologic product that meets the definition of a device.

What do i call this data? Is it a document like the ePedigree document? Not at all…

The goal was always to have an exchange of tracing data. Data needs to securely be passed on from one trading partner to the next. Some refer it to Interoperable exchange of “transaction information”, “transaction history” and “transaction statements.”

eg. the three “Ts” *Tees (TI/TH/TS)

The Three T’s:

Transaction Information
Transaction History
Transaction Statements

The exchange of data needs to be a paper or electronic format. The exchange of data must contain the Three T’s. Personally i don’t like to refer to the data as the Three T’s, I like to call it, “Transactional Data”.

For the first 10 years this data must be:

At a Lot level.

The transactional data must be stored and retrievable within 48 hours for a period of 6 years.

Let’s look at what each Transactional Data means:

Transaction Information

The proprietary or established name or names of the product;

• The strength and dosage form of the product;
• The National Drug Code (NDC) number of the product;
• The container size;
• The number of containers;
• The lot number of the product;
• The date of the transaction;
• The date of the shipment, if more than 24 hours after the date of the transaction;
• The business name and address of the person from whom ownership is being transferred; and
• The business name and address of the person to whom ownership is being transferred.

The Transaction Information is pretty clear cut. It is informational data of the product, name, unit numbers, strength, dosage, size, ndc, container size and numbers, lot number, transaction date, shipment date, business name from and to.

Transaction History

A statement in paper or electronic form, including the Transaction Information for each prior transaction going back to the manufacturer of the product, …except, when provided by a wholesale distributor who bought the drug directly from the manufacturer, the Transaction History may not include the lot number of the product, the initial transaction date or the initial shipment date from the manufacturer. In that case, the Transaction Statement from the wholesale distributor must indicate that the drug was acquired directly from the manufacturer.

The Transaction History includes the Transaction Information for each transaction going all the way back to the manufacturer.

Transaction Statement

A statement, in paper or electronic form, that the entity transferring ownership in a transaction:

A. is “authorized”;
B. received the product from a person that is “authorized”
C. received “transaction information” and a “transaction statement” from the prior owner of the product;
D. did not knowingly ship a “suspect product” or “illegitimate product”;
E. had systems and processes in place to comply with DSCSA “verification” requirements;
F. did not knowingly provide false “transaction information”;
G. did not knowingly alter the “transaction history”; and
H. In some cases, an indication that the entity, or an affiliate, purchased the product directly from the manufacturer, exclusive distributor or repackager that purchased the product directly from the manufacturer

The Transaction Statement goes down the list of checks to make sure all checks are followed.

Transport methods for the Transactional Data: (How do i send this data to my trading partners?)

Web Portals
Electronic Data Interchanges (EDI) standards- such as Advance Ship Notice (ASN)

All transport methods above are valid as long as the information is captured, maintained, and provided in compliance with section 582.

The FDA requires that the exchange of tracing information must encompass “interoperability” which is the ability to exchange tracing information accurately, efficiently and consistently among trading partners to maintain product tracing information in paper or electronic format.

Timeline for Implementation – Timeframes of the DSCSA: (click to enlarge)

DQSA - DSCSA Timeline

To summarize:

Jan 1st 2015, Everyone must provide Transactional Data (3 Ts) of their drug product at a lot level. This info can be in paper or electronic method as long as it is “interoperable”.

The FDA has one year after the enactment of the DSCSA to publish a draft guidance document that sets standards for interoperable exchange at lot-level. This will help companies in the supply chain in exchanging electronic information.

I feel that in the first few years companies will start with paper documents in order to be compliant.

November 2017 manufactures will need to encode their products with a unique identifier paving the way for serialization and verification at the package level.

November 2023, products will need to be serialized for track and trace.

Changes for 2023

Serialization will need to be added and included in the Transaction Information. Transaction Histories will no longer be required.

Transaction Information and Transaction Statements must be exchanged in a secure and interoperable electronic format that is currently to be determined by the FDA. This data now must be retrievable in 24 hours.

Current Products in the Supply Chain

For any product that are in the supply chain before January 1, 2015, trading partners are exempt from providing transactional information. A transaction history must begin with the owner of that product. Manufacturers and Authorized Trading Partners:

Managing Trading Partners Licenses

Manufacturers, Wholesalers, Repackagers, Dispensers that work with their authorized trading partners must make sure that they have some sort of system to manage their trading partners licenses and that they are kept valid and are not expired.

Illegitimate, Suspect Products

If a product is a suspect product, the entity responsible must immediately quarantine the product until it is either cleared or dispositioned. This can be determined internally, via trading or partners or from the FDA.

A suspect product is a product that in the supply chain that might potentially be a illegitimate product. A coordinated investigation with your trading partners should take place validating your transaction history and transaction information. If the product is found that it is not illegitimate then you must notify the FDA, if applicable that the product has been cleared. At this time it can be removed from quarantine.

A record of the occurrence must be kept for at least 6 years.

If a product has been determined to be illegitimate then the following must take place:

The product must be quarantined.
The product must be dispositioned.
Assist your trading partners
Keep samples of the illegitimate product in case needed by the FDA or the manufacturer.
Notify the FDA, manufacturer and immediate trading partners within 24 hours of your

Disposition definition:

The removal of such product from the pharmaceutical distribution supply chain, which may include disposal or return of the product for disposal or other appropriate handling and other actions, such as retaining a sample of the product for further additional physical examination or laboratory analysis of the product by a manufacturer or regulatory or law enforcement agency.

After consulting the FDA, the manufacturers and trading partners that the issue is resolved.

A record of the occurrence must be kept for at least 6 years.

Wholesale Distributors, Repackagers:

For Wholesale Distributors, Repackagers, Dispensers. Must not accept ownership of a product unless the upstream trading partner provides them with a transaction history, transaction information and a transaction statement.

Unless, the wholesale distributor and Repackagers directly purchased from the manufacturer and is the exclusive distributor or purchased from a repackager that purchased directly from the manufacturer. If this is the case then they do not need a transaction history, transaction information and a transaction statement from the manufacturer.

However, when selling this product…the wholesale distributor must provide the purchaser with a transaction statement indicating that the product was purchase directly from the manufacturer. That they are a exclusive distributor, or the repackager that purchased directly from the manufacturer.


For Dispensers when selling to another trading partners they must provide a transaction history, transaction information and a transaction statement. However, if they are selling to fulfill a specific patient need or directly to a patient or returning the product to the trading partner who originally supplied them.

Nonsaleable Returns

A returned nonsaleable product maybe returned to the manufacturer, repackager, wholesale distributor without a transaction information, transaction history and a transaction statement.

A returned saleable product maybe returned to the manufacturer, repackager, wholesale distributor without a transaction information, transaction history and a transaction statement until November 27 2019. On November 27 2019, a transaction history must begin with the current owner. When a request of information is sent, the entity will have 1 business day to respond with the appropriate information and not exceed 48 hours. This request can come from the FDA or any other State or Federal agency in an event of a recall.

Wholesalers, Repackagers and Dispensers that work with their authorized trading partners must make sure that they have some sort of system to manage their trading partners licenses and that they are kept valid and are not expired.


Currently each state has their own licensing program for Wholesale distributors. If a state does not have an established licensing program then the State must hold a license issued by the FDA once the FDA established their licensing program.

Beginning on January 1, 2015, any person who owns or operates an establishment that engages in wholesale distribution of drugs shall:

Report to the FDA on an annual basis as scheduled by the FDA:

The States in which the person is licensed and the State license number for those states; o The name, address, and contact information of each facility from which the person conducts business, including all trade names used. Report to the FDA any significant disciplinary actions, such as the revocation or suspension of a license, taken by a State or Federal Government during the reporting period against the wholesale distributor.

No later than January 1, 2015, the FDA must establish a database of authorized wholesale distributors. This database shall:

Identify each authorized wholesale distributor by name, contact information, and each State where that wholesale distributor is appropriately licensed to engage in wholesale distribution;
Be available to the public on the FDA website; and
Be updated regularly on a schedule determined by the FDA.

Challenges moving forward

Many challenges facing companies today to deploying a traceability solution is finding one that will not break the bank. Enterprise solutions are costly. At TrackTraceRx, our mission is to disrupt this industry by providing Enterprise level software at an affordable price.