By Robert Matje, PE, CPIP, principal, RemTech LLC
Too little or too late? That’s the question most of us are asking when it comes to the two new guidance documents recently published by the FDA. The more significant of the two is Standardization of Data and Documentation Practices for Product Tracing, in which the FDA more fully defines the 10 distinct elements of information that are themselves defined in section 581(26) of the Food, Drug, and Cosmetic Act, but also takes the opportunity to address accountability for data collection and management among the common supply partners (generally referred to and throughout this article referred to as trading partners). The other is Definitions of Suspect Product and Illegitimate Product for Verification Obligations Under the Drug Supply Chain Security Act, which provides further definition of drugs that are considered counterfeit, diverted, stolen, intentionally adulterated, unfit for distribution, or the subject of a fraudulent transaction. Together these documents provide more clarity into how the FDA intends to interpret the serialization provisions of the Drug Supply Chain Security Act (DSCSA), signed into law in November 2013, and how it will enforce these provisions. This article addresses what you need to know for your operations, and also takes a look ahead about where we need to focus next.
Standardization of Data and Documentation Practices for Product Tracing
The data standardization guidance addresses what is needed to demonstrate control, and hence compliance, of serialization data and its management across a broad swath of supply chain pathways. The definition of data within the guidance is straightforward and has not changed significantly from the definitions set forth in the DSCSA. There are some references to where the data abbreviations and common nomenclature can be sought and used, but there is no definitive direction on a standard. Further, good information is provided regarding the development and management of the transaction information, transaction history, and transaction statement. While the FDA has previously provided guidance on these, it is now clarifying how to manage these data sets in certain situations by identifying when certain data is not required and how to manage grandfathered products.
Perhaps the greatest insights the FDA gives us in the data standardization guidance are the expectations it establishes within trading partners and acknowledgement that multiple entities may meet the definition of manufacturer within the guidance (the source of the data necessary to be communicated through the supply chain [“tracking”] and definition of where the product will go within the supply chain [“tracing”]). The guidance further clarifies that dispenser to dispenser transfers of ownership in relation to a patient-specific need, most always a prescription, are exempt. Licensed healthcare practitioners prescribing under state law are also exempt from product tracing requirements. Last, there are provisions in the guidance to allow third parties to confidentially outsource serialized data management as long as there is a written agreement to maintain the data on the dispenser’s behalf.
The document also provides guidance on how long the data must be maintained (six years). Like most GMP regulations, the FDA has taken a position in which written procedures must be developed to define responsibilities (and in certain cases, roles) within a particular supply chain, which in certain situations may be fairly straightforward and traditional in nature, but in many cases may reduce to a commercial agreement (such as when an entity, acting on behalf of a dispenser through a written agreement, collects, maintains, and manages serialization data on its behalf). The unfortunate reality is that many manufacturers (generally the branded, multinational firms with multiple SKUs and complex supply chains, but others, too) have already set up their serialization IT systems, which are formatted to capture specific data and communicate it through validated channels, to be ready for the impending serialization compliance dates. Accommodating changes to comply with the perceived “letter of the law” in the Data Standardization Guidance may be very difficult for them, especially if we have to wait for final guidance to be published. Wholesalers and distributors are in the same situation, but they also face the complexity of assuming different trading partner roles to their downstream partners.
Finally, trading partners need to be wary regarding the use and separation of the data within their own business systems. As a very specific example, a strict interpretation of the provision of an NDC number in what is now a transaction information exchange cannot be used for a Medicaid reimbursement, as the numbers themselves are one digit off. Historically, trading partners were able to develop algorithms to adjust transaction data to proper formats to facilitate these financial transactions within a single system. Going forward, this may not be the best way to manage your data communication. The separation of validated data and financial or business data should always be maintained for obvious reasons, but as we begin to require transactional data to be communicated through validated systems, separate systems may be required to enable the separation.
Definitions of Suspect Product and Illegitimate Product for Verification Obligations Under the DSCSA
With regard to the suspect product guidance, provisions are made to allow manufacturers to move product within their control and under their own surveillance systems, which relieves them of multiple potential headaches (e.g., a pallet is misplaced in a manufacturer’s outbound warehouse or internal distribution center, but is verified as having never left the premises, or perhaps it is temporarily misplaced at the airport while in transit, etc.). The only comment to be made regarding this guidance is that perhaps there could be more of an effort to align definitions across regulatory communities, so that we can speak a similar language globally. This would eliminate us having to painstakingly understand definitions from multiple jurisdictions and then match them to our own unique circumstances for proper communication within the context of the various laws, regulations, and board of health guidance.
Looking forward, the U.S. pharmaceutical industry needs to be aware that the despite the FDA’s year-long delay in enforcement, the DSCSA, with its specific compliance deadlines, is still law and that it is only draft guidance from the FDA that identifies an intent not to enforce the DSCSA for one year. The FDA needs to recognize and account for the fact that it has missed several deadlines in publishing guidance (and publishing final guidance, too) to the industry, and as the enforcement date draws closer, trading partners are less likely to be able to react to the FDA guidance. The best pathway forward is for the FDA to allow the industry to prepare in a manner it feels appropriate to meet the laws, regulations, and guidance that have been published. Further clarification of what is being sought by the FDA for serialization may not be in the best interest of getting quality medicines on time to our patient population.
About The Author:
Robert "Bob" Matje, PE, CPIP, is a principal of RemTech LLC and has held increasing levels of responsibility in several branded and generic pharmaceutical companies including general management of two pharmaceutical manufacturing facilities, and recently serving as the vice president of technical operations with Endo Pharmaceuticals. Bob has also lead reliability and maintenance, environmental, health and safety, automation, capital and qualification teams and served as the Serialization Project Management Office (PMO) lead for both Endo and Pfizer. This included responsibility for establishing serialization governance, scope development, schedule, and cost. Bob is a member of the International Society of Pharmaceutical Engineering (ISPE) and has served two terms on ISPE’s International Board of Directors. Bob earned a BS in engineering at Lafayette College and an MS in engineering at Villanova University. He is a Registered Professional Engineer in Pennsylvania and was awarded his Certified Pharmaceutical Industry Professional certification in 2012. You can reach him at firstname.lastname@example.org or connect with him on LinkedIn.