The Drug Supply Chain Security Act (DSCSA) & How Companies Can Prepare for Compliance

News & Insights

Back to News & Insights

The Drug Supply Chain Security Act (DSCSA) & How Companies Can Prepare for Compliance

After a decade in the making, the Drug Supply Chain Security Act (DSCSA) final phase to exchange serialized data at the package level was intended to be enforced by November 27, 2023, however, the U.S. Food and Drug Administration (FDA) recently released a guidance document where they are delaying enforcement of exchanging serialized data at the package level until November 27, 2024, calling it a one-year stabilization period.

At a high level, DSCSA’s goals are clear. It aims to “enhance the FDA’s ability to help protect consumers from exposure to drugs that may be counterfeit, stolen, contaminated, or otherwise harmful,” as well as “improve detection and removal of potentially dangerous drugs from the drug supply chain to protect US consumers.” (source: But in order to truly understand the reasoning behind this mandate, it’s important to take a look back at history.

In 2007, United States health officials started to notice reports of unexpected allergic-type reactions in patients undergoing dialysis treatment. The reactions were linked to a widely used anticoagulant known as heparin and more specifically, to an adulterant that had been introduced during manufacture of the drug in China. This drug was tested and distributed in the U.S. by Baxter International Inc., and by May 2008, the FDA had received 149 reported deaths related to heparin. It was concluded that this horrific incident was a deliberate breach of the U.S. pharmaceutical supply chain – but it didn’t stop there. In 2008, a total of 203 additional FDA recalls were reported. 2007 and 2008 represent moments in time when it became exceedingly clear that something had to change ( Just five years later in 2013, DSCSA was enacted by congress.

DSCSA requires that all prescription drug products have a unique product identifier and a standardized package label that includes certain information such as the GTIN (Global Trade Item Number), Serial Number, Lot Number, and Expiration Date. It also places responsibility on manufacturers, distributors, and dispensers to track and trace prescription drugs at the serial level as they move through the supply chain. Considering the immensity of this task, the FDA allotted for a 10-year period that would allow for a phased approach that ultimately concludes with the enforcement of an interoperable package-level electronic data exchange.

DSCSA kicked off by mandating Lot Level Traceability – otherwise known as T3 ASN Data Exchange – in 2015. The T3 Transaction Report included Transaction Information (TI), Transaction History (TH), and Transaction Statement (TS) in an Advanced Shipping Notice (ASN) to distributors. This T3 data included the Lot Level information, and manufacturers and their trading partners were prohibited from accepting pharmaceutical products if they didn’t have a Transaction Report. TI is a set of data elements associated with each pharmaceutical product that includes details about the product’s distribution history. TH is a statement of the transactions involving the pharmaceutical product starting with the manufacturer and moving through the supply chain. TS is a statement that the entity transferring ownership is authorized by the DSCSA and has received the product in compliance with the law. TI and TS will continue with the enforcement of serialization, however TH will sunset.

In 2017, manufacturers were required to start serializing their product, meaning that each product, box, vile, etc. gets a serial number that identifies them uniquely. In 2018, repackagers were expected to do the same. By 2019, the FDA required verification of sale-able returns. This is defined by all entities in the supply chain who would have to verify products that were sold and sent back, before they are sold again. That same year, the FDA released a guidance document delaying enforcement of package-level serialization systems in place for sale-able returns until November 27, 2023. Finally, in 2023, the FDA mandated EPCIS data exchange and item level traceability – a standardized format used to exchange supply chain event data in the pharmaceutical industry. However, it became clear that the exchange of serialized data could not start due to a lack of readiness.

The National Association of Boards of Pharmacy released a readiness assessment in July 2023. The assessment stated that while manufacturers were actively transmitting EPCIS files to their trading partners, many of them had not yet implemented the ability to include aggregated data to case/pallet levels, or the necessary connections needed to transmit EPCIS files. Additionally, while many distributors were reporting successful data exchanges and the receipt of electronic files, they were greatly impacted by both upstream and downstream trading partner readiness. In other words, early adopters were hindered in their ability to sufficiently test their capabilities due to limited upstream data constraints. It is also important to note that at that point, some distributors had only just started evaluating systems, meaning they hadn’t yet begun testing inbound file receipts. Finally, many large and medium chain pharmacies and health systems that had begun working with DSCSA solution providers and were receiving EPCIS test files, reported a wide lack of availability of production data. This ultimately drew the conclusion that if the 2023 deadline was enforced, the U.S. pharmaceutical drug supply chain would be negatively impacted and could even result in patient harm. This resulted in the FDA enacting enforcement discretion exactly one year later, to November 27, 2024, calling it a stabilization period.

The 2024 enforcement deadline gives manufacturers, distributors, and dispensers more time to ensure they can safely and effectively meet the DSCSA requirements. It also gives them the opportunity to garner a deeper understanding of why this is so important, and the steps they must take to get there.

The primary reason why DSCSA is important is because it directly impacts the patient and their safety. It ensures that all medications they receive are genuine, uncontaminated, and uncompromised. The heparin incident in 2007 is an example of what can happen if counterfeit drugs make it to the patient, and DSCSA intends to ensure that never happens again. DSCSA also enhances traceability, which makes it easier to recall and remove unsafe or counterfeit drugs from the market, and maintains a higher level of supply chain integrity, which reduces the likelihood of counterfeit or substandard drugs entering the market at all. It also establishes a framework for pharmaceutical companies and other supply chain participants to comply with federal regulations, which ensures that all stakeholders in the drug supply chain adhere to standardized practices for drug handling and distribution. Additionally, despite DSCSA being specific to the United States, it creates international harmonization by aligning with international efforts to secure the supply chain.

While all of this is incredibly positive, it doesn’t mean companies across the country aren’t intimidated by the massive effort it will take to ensure they meet the requirements – especially considering there are penalties for non-compliance. This is why it’s important to understand the process of DSCSA from beginning to end.

DSCSA starts with serialization. In other words, pharmaceutical manufacturers are required to serialize individual drug packages by assigning a unique identifier (usually a 2D barcode) to each unit of sale or individual package. The unique identifier includes the GTIN, Lot Number, Expiration Date, and Serial Number, which is unique to each unit of product. From there, products are aggregated into a Serialized Shipping Container Code (SSCC), which is a unique identifier assigned to a shipping container that tells you the serialized products of the aggregated package. Then, using EPCIS-compliant software or systems, the manufacturer generates the EPCIS documents that contain the supply chain event data. The manufacturer and distributor then agree on a secure communication protocol for exchanging the EPCIS files and before sending live EPCIS data, they conduct testing to ensure that the data is formatted correctly and that both parties can successfully exchange and process the information. Manufacturers will then send the EPCIS data to the distributor for products they purchased from the manufacturer. Eventually, distributors receive the product into their track and trace software by scanning the SSCC barcode. This allows the system to automatically verify the serialized product against the EPCIS data the manufacturer sent – otherwise known as Product Verification. The distributor will scan the serial numbers on the individual products and aggregate them into a SSCC shipping container, ultimately sending the EPCIS file to the customer. All of these individual steps lead to customer healthcare entities receiving serialized data for the pharmaceutical products they purchase, through various mechanisms including track and trace systems, portals, and more.

Now that you have a deep understanding of DSCSA, why it’s important, and how it works – we can get into BioCare’s approach.

As a distributor, BioCare serves as the intermediary between pharmaceutical manufacturers and healthcare providers, meaning they are essential when it comes to ensuring the integrity and safety of the pharmaceutical supply chain. Many companies – especially small or midsize – will have to hire a third party to navigate through the complex landscape of DSCSA regulations. BioCare eliminates that step in the process by having the expertise in-house that ensures its trading partners are supported every step of the way.

BioCare’s internal DSCSA team is compromised of IT, Quality, and Regulatory and has spent the last several years educating themselves on the new regulations in order to provide its partners with all the necessary regulatory, compliance, and technical insight they need. This includes offering practical advice on serialization, tracing, and verification processes, as well as facilitating communication with regulatory agencies. By acting as a knowledgeable and supportive bridge between manufacturers and customer healthcare entities, BioCare effectively enhances compliance and contributes to the overall safety and trustworthiness of the pharmaceutical supply chain.

That said, it’s important to note that different size companies require a different approach. BioCare ensures that all size companies comply with DSCSA by customizing how they send data to their customers. BioCare has already begun working with large companies that have their own track/trace systems – even those that are “home grown” – connecting the two systems and testing it robustly in preparation of turning on serialization. For midsized companies that don’t have a track/trace system but do have a Global Location Number (GLN), BioCare is able to connect them through the SAP ICH portal, sending them an invitation to validate themselves and turning on serialization from there. Even small companies that might not have a strong grasp on what DSCSA is, are supported. BioCare gives those companies an option through SAP ICH called “View Transaction” that sends them an invite and allows them to connect and pull down their data. These companies, some of which don’t even have a GLN, are most likely to benefit from BioCare’s internal expertise. They are often the ones that find DSCSA the most daunting, but don’t have the budget to hire an outside resource to guide them through.

In addition to being a supportive partner, BioCare enhances customer benefits through DSCSA by implementing improved product traceability and real-time information about the location and status of their pharmaceutical products. This allows the customer to verify the authenticity and legitimacy of the pharmaceutical products they purchase based on serial numbers. It also enhances inventory management as serialized products can help customers optimize their inventory levels and order fulfillment process, reduce the risk of product shortages, and ensure they have the right products on hand. All of this ensures that lines of communication with customers remain open and transparent – ultimately building a higher level of trust.

The next 12 months will be a busy time for the pharmaceutical industry. As BioCare continues to onboard manufacturers and customers to its track and trace systems and serialized data exchange (SAP ICH), much of the upcoming year will be spent establishing protocols for exception handling, as well as establishing connections to accommodate serialization. This will be followed by thorough testing and exchanging of serialized data to work out any kinks that could hinder successful compliance. As other companies look ahead, the biggest thing they can do to ensure they are set up for success is to educate their teams on DSCSA compliance and make sure their employees – especially those involved in supply chain and regulatory compliance – are well-informed. This will allow them to evaluate their existing systems and identify areas that may need upgrading or modification to meet DSCSA compliance standards. In addition, it’s important to establish effective data management systems that securely collect, store, and share product information as required by DSCSA, as well as develop protocols for verifying the authenticity of products as they’re received.

Distributors have a responsibility to ensure they are supporting their customers in successfully achieving this compliance. This means staying informed about any updates or changes to DSCSA regulations and adjusting compliance strategies accordingly; maintaining accurate and accessible records to demonstrate compliance for audit purposes; and participating in industry associations and working groups to exchange best practices.

These new regulations can seem overwhelming – and understandably so. This places more importance on trusted partners to share their knowledge and expertise in order to maintain a successful transition. In the end, meeting DSCSA compliance will ensure a secure pharmaceutical supply chain and – most importantly – a higher standard of patient safety.

Back to News & Insights