Over the past 10 years, the U.S. pharmaceutical industry has been working towards one common goal - achieving DSCSA compliance. Simply put, the DSCSA, signed into law by US President Barack Obama, centers on the secure exchange of drug information. The FDA has implemented a flexible stabilization period, delaying the enforcement of DSCSA requirements until November 2024.
We had an insightful conversation with Darren Myher from Blue Link ERP and Gary Lerner from Gateway Checker about the significance of tracking serialized files for pharmaceutical distributors with complete end-to-end software and the potential risks of non-compliance with the DSCSA.
Danielle Lobo: The U.S. pharmaceutical industry is trying to understand why serialized files are important. Darren, can you speak to this and Blue Link ERP’s role?
Darren Myher: Blue Link ERP is first and foremost an ERP system it's the software that you use to run your company as a distributor keeping track of everything from orders, purchasing, inventory management and the actual day to day running of the business is done through that software. When it comes to your requirements under DSCSA, however it's not good enough to just have your own Silo of information. You need and now need to be able to receive files from your suppliers about what's in the shipment that they should be sending to you. You're going to have to verify that the products you received, against those files, match up. As a distributor you're now going to be responsible for creating those files outbound to your customers whether they're in a position to consume those files or not. So that's kind of your high-level overview.
Lobo: It sounds like there needs to be some kind of specific solution for the DSCSA. When distributors are looking for solutions, what would you say are the minimum requirements that they need to be looking for to remain compliant with the DSCSA?
Myher: Yeah, so at a minimum there's some requirements imposed on you as a distributor that I just mentioned, you do have a requirement under the DSCSA to verify that the products that you receive from your suppliers matches up with the electronic files that they've sent to you about what they've shipped. You do have requirements to scan the serial numbers that you're shipping outbound to your customers and be able to produce a file those customers can consume on their side.
There are some other requirements you have around serialized returns as well if you do accept returns in your business - you're going to have to verify that the information on those products that have been returned matches up with what the manufacturer has on file and there's some technologies I will mention during this (later) we're going to talk about that as well.
Lobo: Gary, this question is for you. This process of receiving and shipping of serialized data; can it be performed manually and still comply with the DSCSA?
Gary Lerner: It can't be received manually because the law requires electronic interoperable exchange of information so that is sort of written into the law and it's expected in fact FDA said they're not going to come look for physical pieces of paper they're going to be looking for your electronic records. So, it's really important that you receive the digital representation of the information electronically in an interoperable fashion - those are the key aspects of it.
Lobo: Good to know that the electronic aspect is mandatory. In some cases businesses already have solutions in place so Darren, maybe you can talk about the integration aspect of this. How will this file solution integrate with what they've already got?
Myher: As we have seen some distributors who you know can't afford to switch your ERP systems try to implement kind of a built on solution for compliance reasons. In that case maybe they're purchasing a siloed system that is able to receive those files electronically lets them do their verification and let them produce a file outbound but then you may find yourself in a situation where you have to duplicate all of that information. So, information about your purchase orders, you may have to enter in your main ERP system but also be entered into another system - you might have to duplicate every order outbound to a customer in your main ERP system to run your business.
There is an opportunity if you're able to find a system that can be your ERP and also allow you to comply then there's efficiencies to be gained there.
Lobo: What kind of changes can people expect there to be in terms of their warehouses?
Myher: That’s a really important question because one of the things that some business owners don't realize is the fact that maybe you're checking the boxes in terms of what the software needs to do if you thought about the operations team and what your people in the warehouse actually have to do differently so uh again if you think about it in terms of the inbound operations maybe today a product shipment would show up from the supplier you're just checking for damage and checking the quantities overall and then putting that product away in the warehouse shelving right away.
That's not good enough under the DSCSA - you actually have to do the scan verification or comparison of the serial numbers against the inbound file that's going to maybe alter your workflow in the warehouse and take additional time. You need to stage it differently or have computer equipment in the back that wasn't previously in your staging area or your receiving area that now needs to be there, likewise on the way out in terms of shipments outbound you have to make sure that you've got at a moment in time in your picking workflow where you're scanning these items to gather the serial data that need to be included in those files so if your current workflow doesn't include scanning verification on the way out then your current system is only grabbing lot information and not grabbing serial data then maybe you need to if you're using a separate system you need to duplicate a second scan in the second system or if you're using an integrated system like Blue Ink now that one scan is achieving both of those objectives getting your serial data and your lot data up to date.
Lobo: I'm going to head over to you (Gary) again and talk about the actual EPCIS files. That's what's going to be holding the serialized data. So, what requirements do distributors have to receive an EPCIS file from a supplier?
Lerner: Well from a receiving standpoint, the best way to do it is through some secure protocol we use the AS2 protocol but there are different ways files can be exchanged there can be some direct connections there can be manual uploads and things like that. In terms of handshaking, pretty much GS1 identifiers are required on both ends and you need to establish GS1 company prefixes or GS1 SGN identifiers to uniquely identify each entity and that's really important from our application standpoint because we automatically route of inbound files directly into subscribers accounts based on that information so we do spend in the setup and staging process a little bit of time trying to capture and verifying that those pieces of information. So, if you have a GS1 identifier that identifies your site you're in good shape if you don't know what it is or haven't established one you better go ahead and get that in place at this point in time.
Lobo: Why can't Blue Link just accept this automatically on its own, why do we need to have a 3rd party solution?
Myher: This is a good example of you know companies doing what they do best so Blue Link is primarily an ERP software developer we’re focused on the inventory management, order management - the tools that your employees would actually interact with in the warehouse. What we don't do is, we're not an expert on AS2 data transmission and secure file transfers and doing all of the things that Gary and the Gateway Checker team are experts in. So, we let them be the experts in moving data around, parsing the data, validating that the format of the data that they've received is actually valid and is well constructed so that when Blue Link connects and we ask the Gateway tracker system ‘hey give us the latest information that's come in’ and we've got a nice already clean file that is in a format that we can understand and present to the users through the (Blue Link) software and likewise on the way out. We're presenting the Gateway Tracker system with the contents of what your team did i.e. the scans that you performed and then they're translating that into a compliant file format that's been validated in the right structure that other systems are going be able to consume.
So, we're able to take advantage of the years of experience that his team has in terms of both how the files are structured but also how to interact and communicate between systems.
Lerner: If I may add one thing to that - one of the things that we're doing uniquely, first of all we're very focused on the EPCIS standard having been involved in the initial drafting of the standard going back to 2016 and being a GS1 certified Conformance Testing Service, we’re the only one practicing GS1 Conformance Testing service in the United States and that means that GS1 has examined our application and made sure that we are following the standards and can assess a good file from a bad file.
We took that experience and expertise and integrated it in with our application and hence Blue Link as well so collectively we represent I think one of the only companies that's doing 100% trace ready assessment. Every file that comes in, we're automatically assessing it for its compliance and conformance to GS1 application standards as well as the HDA requirements we do that on inbound and outbound to assure that we've got good data integrity but also compliance and that we're not missing critical pieces of information. I think that's important for the audience to realize is that having an all-in-one solution, or you know a solution that can kind of do everything is necessary at this point.
Lobo: Why is the process being used between Blue Link and Gateway Checker different than other processes?
Myher: I guess (this is) where we can just reemphasize that the hand off of information, the Gateway Checker systems receiving those files, they're pulling them apart, they're handing off nice clean data about what the serial numbers are that were transmitted including the aggregate information.
For example, imagine a palette of product shows up, that palette, the entire palette is going to be identified with a serialized shipping container label and SSCC label. It's possible in the Blue Link system to scan that label and then we can look up in the file that we receive from the gateway system all of the serial numbers and cases and information that's on that palette so you could end up with a much more efficient process in terms of you know receiving those files inbound.
There's also other functionality related to the inventory management and ERP side of things is that if you happen to be using an ERP system and not just a separate system then that data about the products that have shown up now can flow into your purchase order receiving process and then that can make for a more efficient PO receive there's no chance of duplicate data being miskeyed by an end user for example when you're using everything in one system.
Lobo: Gary, moving back to you, can you put multiple purchase orders on one transaction?
Lerner: Yes you can and I think you need to do that and people increasingly are doing that it doesn't happen that often but it is definitely starting to happen. The key there is to make sure the serial numbers are associated with the particular PO.
Myher: Yeah that's definitely one of the areas we spent development time on as well is to ensure that if a mixed palette were to show up for example that actually represents multiple purchase orders your team in the warehouse can just scan what they have in front of them and then we're worrying about matching it up with what the data coming in is behind the scenes for the user so they don’t have to worry about sorting for order one or order two.
Lerner: You know I think the beauty of what we put together collectively is that you often don't see the integration because it is so seamless. You can work pretty much entirely within the Blue Link application, and someone actually asked me today well how will we know that the date is there what is it that we have to do? Well, once we're connected to your trading partners or your customers, the information is instantly available to Blue Link. So, there isn't another layer of testing and certification and that kind of stuff that you have to do once we've made the connection once the information is flowing it's readily accessible within Blue Link and then anything that happens to that data anything throughout the life cycle of that serial number that Blue Link may update, like opening up a ship case or what not that's automatically known to our application as well so that when you come to ship to your customers we already have the accurate up to date information and there's no extra steps that you need to take to communicate from one application to the next.
Lobo: And what about accuracy Gary, how do we ensure that the EPCIS data file structure and contents are correct and accurate?
Lerner: We run literally hundreds of checks, that is our core capability this, conformance testing that we’ve put together and in fact that's one of the ways that Darren and I got to know each other because he's sat in on some of the committees and things that they were doing so we're actually reading every file that comes in and we're reading every file that comes out and we actually assess its readiness so when information is missing or perhaps not exactly correct, we'll flag it as either being a failure or an alert or a warning so that people can take corrective action on the very spot.
Myher: It's been interesting while we've been implementing this as well where Gary's actually his team has received a file from a distributor in some cases from relatively large distributors and noticed that the aggregate data is missing for some items or they'll send the data for a case but not what's inside the case so we don't know what the bundles are inside or the serial numbers of the each is and you know that's going get caught automatically by the trace ready system and get flagged and not result in bad data ending up in the ERP system and then Gary's team has been successful in going back to those files and you know waving up “by the way you know that file that you sent us, had these the following errors” and it's made it a lot better in terms of you know during the stabilization period that we're in right now to identify those issues and get them corrected before you know the FDA brings down the hammer and actually expects everything to work.
Lerner: We even look for sequence of events you know things are supposed to happen in sequence we've had some to your point Darren, we've had some files that have been packed after they've been shipped right which physically can't happen. But we know that people obviously aren't reading and checking their files cause we shouldn't be able to find these things as often as we do so it's good for our customers I think we're uh helping to ensure integrity both inbound but also outbound so we think that's really important and we will be a gateway certifying those customers that we work with that fully comply on sort of a good housekeeping seal of approval that we'll be adding as part of our joint application to the Blue Link environment.
Lobo: Some distributors received products before EPCIS (DSCSA) came into law. So those distributors who have cases which don't have inbound data, how do they ship them in compliance with the DSCSA?
Lerner: Well, our system would know right whether we have a record for that information or not based on our life cycle approach so if we receive the serial numbers in we know and we can approve and send it out but by contrast we also know when we don't have that information so when we don't have that information we present that to the user and we give them the opportunity to substantiate that indeed it is a good product - we can verify the product cause we have product verification capabilities built-in so we can go back to the manufacturer and verify its product identifier but we also can provide the ability to commission the product on behalf of the supplier the distributor I should say and keep records of the fact that they have bought other products on the same lot. They may not have been able to substantiate this particular order but they can do that. The one downside that Darren reminds me of this often is that you if it's a factory sealed case there's no way to know what the contents are so unfortunately for any of the legacy product you need to open up the cases and scan at the each level which is one of the reasons why we're trying to get people to be proactive and get on boarded now to get their inventory captured even before Blue Link comes online because as long as we're receiving the data in as soon as the Blue Link connection is established we can make all of those serial numbers available to the Blue Link user.
Myher: Yeah it's a really important real world risk to your business operations is if you find yourself come November of this year with a warehouse full of product that you don't know what the aggregate data is for what's inside those boxes, to comply with the law you have to provide the serial information at the lowest saleable unit of measure which means exactly what Gary mentioned you have to open those cases imagine you have a case of 100 units you have to open that case of 100 units you can't just scan the case now because it goes, looks up what’s in the system it says ‘oh sorry we don't have inbound data we don't know what's in that case’ so you have to open that out take 100 products line up the barcodes and then do 100 individual barcode scans just so you can ship that case of 100 units. We don't want you to end up in that situation so getting the data flowing inbound as soon as possible is really important.
Even if you weren't live on the Blue Link system yet if you've got your inbound connections configured with the Gateway team and they're receiving that data when you do go live on the Blue Link system later all of that backflows into the system and we can make use of anything you've gathered over the last several months. For example, it's an important operational thing to realize and you may if you find yourself with a system that doesn't do that you may need to start staffing up now like think about ‘how many employees am I going to need come November to be able to handle this potentially massive increase in the amount of work that has to be done to just comply with the law’.
Lobo: What are the risks to a distributor if they don’t comply?
Myher: I mean ultimately the worry in the, I guess the transition period right now; the FDA, the law is actually technically already in effect and the FDA is using their discretion to you know they’re calling the period between now and November of 2024 as a stabilization period they're expecting that if they went to visit any distributor they would be able to see your team actively engaged in the process of making these systems communicate, making it work, modifying your business procedures to actually engage come November, if you don't have those systems in place you're not actually transmitting the data now you actually are in violation of the rules of the law so you know I'm not an FDA person so I can't speak exactly to how they're going to penalize you just realize that you don't want to put yourself in that position as a business owner.
Lerner: If I can add one thing that's emerged literally within the last one to two months has been two different phenomena’s that both are probably another aspect of risk. One is the major wholesalers have set April 1st as a deadline for all manufacturers to be onboarded but that actually impacts some of our distributors who might be authorized a single entity or an authorized distributor that may be selling product to the Big 3, so to avoid big penalties you really need to be onboarded ASAP or at least talk to or get registered with the big 3 wholesalers. The other phenomenon that we've seen is that a number of large pharmaceutical I'm sorry pharmacies or chains of pharmacies, they've started to threaten to cut off buying from certain entities if they can't demonstrate that they're compliant so whereas there's a lot of regulatory pressure in the FDA some real penalties that they could apply I think the larger issue for a lot of us is business people is we're going lose revenue or it or it could really be a risk and the flip side is also true which is, if you were compliant and you were ready to go today you might actually win incremental business because there are definitely both pharmacies and a large chains that are looking to only buy from those that can provide them with serialized transaction (information).
Myher: Yeah I mean it ties nicely into kind of one of the other questions around you know costs and connections like we talked about electronic transfer of information as a requirement but there's more than one way to accomplish electronic transfer of information so for example if you're selling into pharmacies who don't have electronic or systems that can receive these files through AS2 connections, you would be able to have that pharmacy log into a website for example and then look at their sales history and download the file that you make available so the files are you know the Blue Link example the file still being generated by the Blue Link Gateway checker system but now it's being made available through a web portal to your end customers so even if your customers aren't all in a position where they can receive those files now you're at least still complying with the law and you can show an FDA auditor, this customer just needs to log into this website and look like now they've received their file in a secure and operable manner.
Download your FREE System Evaluation Questionnaire to help you determine if your current systems and processes are compliant with the DSCSA.
