In order to arrive at the unit-level traceability sought by the Drug Supply Chain Security Act (DSCSA) by its 2023 deadline, the pharmaceutical industry as a whole must tackle the issue of interoperable systems to share data with trading partners.
The overall goal of DSCSA legislation is to verify product legitimacy, make recalls more efficient, and enhance detection of illegitimate products in the supply chain. A major component of this is the requirement of serialization, the practice of assigning a unique serial number linked to product data—product origin, batch number, and expiration date—to each saleable unit of each prescription drug product.
|Just starting out? Read Serialization 101.|
“But the exchange of master data today is a manual process,” explained Allison Sheldon, senior manager, Pfizer Digital Serialization, Pfizer Inc. at a recent HDA Traceability Webinar event. Serialization data is manually pulled from internal systems, and spreadsheets are maintained and emailed back and forth to trading partners.
Part of what manufacturers are trying to sort out now is how their trading partners are managing data on their end. “Are they taking HDA’s forms and applying changes that are required in their systems? How do we keep that data up to date? We'll see that when there's any type of mismatch, that creates failures when we're exchanging our serialized data. It's certainly not sustainable—we need to come to an automated approach,” said Sheldon.
Brad Pine, vice president, brand pharma & regulatory at Smith Drug Company, Div. J M Smith Corporation, agreed. “Everybody gets HDA spreadsheets and adds the GTIN [Global Trade Identification Number]—it's still not very well-adopted. You’re constantly sending them back to manufacturers and saying, ‘You didn't have the GTIN on here.’ Then loading information from a spreadsheet is painstaking and it's prone to errors because of the formatting. If I don’t capture lead zeros correctly, there are issues with that.”
|Read more on GTINs and case packaging here.|
The answer, panelists said, lies in pharma manufacturers using a common framework to exchange data: EPCIS (Electronic Product Code Information Services) files.
EPCIS is a global GS1 Standard for creating and sharing visibility event data, both within and across enterprises, to enable users to gain a shared view of physical (or digital) objects. Physical objects include products, logistics units, documents, and more, while digital objects can refer to items such as music downloads, e-books, and e-coupons.
Adoption is off to a rocky start. “Our biggest challenge is finding manufacturers that are willing to send us EPCIS events and get that onboarded,” said Pine. In a best-case scenario, Sheldon offered a chart showing that it takes around six weeks to onboard, covering three main activities:
- Exchanging master data
- Moving into production
The six weeks represents a “happy path” where everyone is talking consistently and maintaining momentum. It involves a variety of stakeholders between the trading partner and internal personnel from marketing, IT, logistics, and warehouse operations. “And this could be for just one trade partner. So keep that in mind as we look at the volume of onboarding work that we need to do over the next year and a half or so,” advised Sheldon.
Working with wholesale distributor or dispenser partners, pharma manufacturers are running into a number of issues once they are testing or live in production. There are errors in master data files that cause failures, or a trade partner didn't have a particular GTIN—possibly due to scanning an “inner pack.”
Following standards is key. There may be timestamp issues in a file, and as Sheldon pointed out, it's one thing to determine the file failed because of a timestamp issue, “but then from the manufacturer side, we need to go back and look at, ‘Why was there a timestamp issue?’ and then you might uncover other process changes that need to happen to address that going forward. As I'm sure everyone knows, process changes, don't happen overnight.”
Pine echoed the need to follow standards and start soon: “You find that there's a lot of syntax errors and aspects that are glitchy. When you talk to the bigger manufacturers, they are certainly in test phases with the big three—a few of them are testing with us—but the big three are definitely pushing the issue. It's really important that we start testing and putting together production as soon as possible, because there's a lot to be done before November 2023,” said Pine.
|Read 3 EPCIS Data Exchange Issues in Pharma Traceability.|
Jeff Falardeau, manager, pharmaceutical information technology at Cardinal Health, Inc., said that in working with their manufacturing partners, another challenge is readiness. “We cite in our onboarding guide things that the company must be proficient at before starting. Communication is another area where time could be compressed. We might get a test file and we'll respond usually within a business day. But we don't know what happens once we send that response out—it may go into some kind of rework and come back. I'm not sure how closely mailboxes are monitored, but there's an awful lot of time lost just in exchanging messages back and forth,” Falardeau said. “Proficiency is all over the place. Some companies are very proficient, some are less so. That leads to situations where we might get chronology errors with the EPCIS event times—probably the largest source of errors that we get. We might be missing master data altogether, missing master data elements, or have extra master data inserted where it doesn't belong. Quite a wide variety of things.”
One audience member asked if there a difference in the EPCIS formats being used by various solution providers. The answer is no according to Michael Ventura, vice president, solutions & innovations at LSPediA. EPCIS standards have evolved over time from 1.0 through 1.2 (ratified Sep. 2016). “There is a 1.3 in development... it's fluid on its timeline. There's no guarantee that it would be done and adopted by November 2023. I'll get up on my soapbox here… you need to be able to do version 1.2 to go live. That should be an expectation, because we see this all the time. One of the biggest problems we have right now is there are people running on 1.1 or even 1.0 at the beginning of the supply chain that are failing files and broken files, and they can't figure out why. Everybody needs to be working with their solution providers to be up and running on 1.2 and testing with their supply chain partner,” he said.
|Watch this video on lessons learned in track and trace.|
From a solution provider perspective, he added that they have the advantage of viewing partners sending and receiving data: “We're watching the type of errors that are going on that will be experienced by the entire supply chain as they get up to that space. It becomes a matter of knowing that the quality and the viability of your files are meeting the needs of your partners. Do you have some sort of monitoring and alert to know that when you fail a file? Somebody needs to be acting on it. What is the automation or the process you built to resolve that so that product isn't sitting around and you're maintaining that supply chain continuity.”
Lower volume manufacturers
EPCIS-formatted messages are usually generated through L4 enterprise systems. But there are options for generating EPCIS messages for low volume or low frequency shipments to avoid the additional costs related to new L4 modules. Falardeau explained that for those who don't have an internal IT group that can extract information and formulate EPCIS files, there are solution providers that will take data in most any form and convert it.
|Watch this interview with an MIT PhD on supply chain resiliency.|
There is a standard template for master data that manufacturers can send to wholesale distributors to avoid sending different Excel files formatted for different wholesalers. Justine Freisleben, vice president, industry relations at HDA noted, “We have an HDA Standard Rx Product Information Form that manufacturers can fill out. We also have a short form for GTIN updates that manufacturers can utilize.”
Distributors noted they have Excel forms or CSV files that specify the elements they need to load master data.
3PL vs. manufacturer responsibilities
Audience members were curious if manufacturers will need to have all their distributors or wholesalers onboarded to their serialization system to track transaction information directly, or whether their 3PL can send that information if they have it. Pine explained, “If you read the law, the law just says that the manufacturer has to send the information to us [a distributor]. So that's descriptive in who’s going to be sending it to me. But I'm just as happy to get data from the 3PLs as I am from the manufacturer. I think each manufacturer is thinking that through a little bit differently. Some of them want to have control and others are happy with allowing their 3PL do the work for them.”
Just don’t forget that while a 3PL facilitates many activities on behalf of the manufacturer, when an FDA auditor comes in and asks for information, the manufacturer is ultimately responsible.
Verification router service
When Pine’s company surveyed manufacturers about whether they would be using a verification router service (VRS) system for the DSCSA’s saleable returns verification requirement, many mentioned they wanted to use EPCIS files instead. “A lot of them were using 3PLs. I think that they’re thinking that they can get around the VRS by using EPCIS, and in a lot of events, that's probably going to be true. But VRS is the only viable thing that we can think of for really verifying products upon return when we don't have the EPCIS events,” said Pine.
Ventura said this brings up an important point about VRS and industry preparedness: “Something as philosophically simplistic as ‘I put a number on a product, I put it into the supply chain, it's on a barcode somebody can scan, and with a network, hit my database and verify its authenticity’ should be clean and simplistic. We received that FDA enforcement discretion [for returns verification] in 2020 for an obvious reason. There was a concern that it wasn't that simplistic and that it could cause supply chain disruptions. [Master data exchange] is exponentially greater in its magnitude and its detail to get right, so obviously the challenges are real here.”
- At present, there are downstream trading partners saying that they haven't had distributors approach them about data exchange. Panelists said they would be turning their focus to dispenser interactions in 2022.
- How will data flow work for drop shipments in the future? This is a topic the panelists have just begun working on with an HDA work group or in their organizations. Pine noted that in the DSCSA, that action is a manufacturer-to-dispenser issue. They’re just beginning to see if there are ways that wholesalers can be a conduit in a meaningful way. The work group is the HDA Traceability Implementation Work Group, which is a member-exclusive group. For more information, contact email@example.com.
The main point panelists hammered home is (1) to ensure you have processes (resources, tools, and SOPs) for exception management and (2) to get help with data exchange as soon as possible if you need it. “Full and timely adoption for exchange with manufacturers and distributors is key. Risk and impacts are very high and extreme if we can't ship product for which we don't have the data. So when files come in, if they fail, we need to react quickly,” said Falardeau. “Cardinal Health looks to invest in automation to help with that, to work with manufacturers, and to reduce that turnaround time. But as I alluded to earlier, there's a wide range of proficiency levels right now and manufacturers, if they're not already, really need to start pulling themselves in here to get up to speed more quickly or seek help from solution providers. We also highly recommend conformance testing companies that will help you learn EPCIS or help you be able to test rapidly. For now, we're just really concerned about the runway left and the number of manufacturers that still need to jump in the pool here and start testing with us before 2023.”
Questions to ask yourself
- Timeliness of exception management: Do you have a process in place that will alert you when there's a failed file? Do you have resources, tools, and SOPs in place to manage this? “The worst thing that can happen here is product piling up on the receiving dock without a good file to receive it against,” said Ventura. “Obviously that exception management is going to be critical to not only get everybody onboarded and understand what they're supposed to do, but also what to do when things don't go right.”
- People: Are you ready for the learning curve in the warehouse to ramp them up? Depending on the size and volume of an operation, you may need additional resources or time. “We talk a lot about the technology and some of the processes, but there's also that big people component in enabling this,” noted Sheldon.
- Data: Once you have data, are you able to send it to partners? 3PLs are getting onboard and now realizing that they're probably going to have do a lot of the work for the smaller manufacturers. “I was talking to one the other day and they said, “Yeah, we’ve got all the information and it's going great.’ I asked how they’re going to get it to me. And it was kind of like, ‘Oh, I'm supposed to be sending this down to you, too?’ That's where 3PLs I think are really going to help out these smaller manufacturers,” said Pine.