By Jerry Martin, pharmaceutical and life sciences consultant, PMMI, The Association for Packaging and Processing Technologies
Pharmaceutical manufacturers cannot limit responsibility for DSCSA compliance to just the engineers and operators involved in processing and packaging.
In my last column, we took a look at the effect the Drug Supply Chain Security Act (DSCSA) is having on the pharmaceutical industry. Now, we turn our attention to the actual steps manufacturers need to take to ensure compliance.
Eventually, the DSCSA is going to enable the U.S. Food and Drug Administration (FDA) to track drug products down to the individual unit of sale, and it will improve the detection and removal of counterfeit goods from the supply chain. Another benefit of the law is the facilitation of efficient drug recalls. Currently, when a pharmaceutical company has a recall, it is quite difficult to actually go back and trace the effected product and make sure every unit is returned.
More and more often, the FDA is putting that responsibility on the pharmaceutical manufacturer. It’s not like when you get a recall on your car, and the manufacturer sends you a letter because your name is on a list of purchasers of that car. If you haven’t ensured that your name is on that list, they’re not responsible for getting the recall information to you, and even if they do send you a letter, they’re not held responsible if you fail to bring the car in for repair. Their responsibility ends with the fact that they notified you. In the pharmaceutical industry, there have been cases where, despite the notifications that have gone out, the drug companies have still been held liable because they didn’t go into every single pharmacy and check the shelves.
With DSCSA, packaging must have traceability down to the unit from the manufacturer, and even repackagers and reformulators are going to be held accountable. Ideally, drugs will be traceable right down to the patient, which will be very significant both for safety and business economics.
Manufacturers are not only required to include a product identifier with a serial barcode and the human-readable form on the package or the homogeneous case of packages, but they must also maintain the product identification information for at least six years following the date of the transaction. In terms of the systems for verification, the manufacturer must be able to verify the status of the product and whether it’s valid or counterfeit within 24 hours. It is not just a matter of putting information on the label. Manufacturers need to have systems that allow downstream customers to query the data and confirm whether product is counterfeit or not.
Establishing a packaging line with line-level printing and verification systems is only the first link. Then the printer receives the information on serial numbers from line-level controllers, and the verification system reads the labels and reports back to the controller. This feedback loop confirms that everything is correct. Now, the information needs to go up through servers and controllers, ending up in a cloud- or server-based repository that’s backed up, enabling authentication and traceability through the supply chain.
Manufacturers must validate the master data and show that it’s all correct. Because it’s now electronic data, it also has to comply with 21 CFR Part 11. The Code of Federal Regulations (CFR) is a codification of the general and permanent rules published in the Federal Register. Title 21 is reserved for rules of the Food and Drug Administration. Part 11 provides standards on the security of electronic data, ensuring that the systems can’t be hacked into or changed in any way.
This all sounds quite in-depth and complicated — and it is. However, one advantage is there are existing global location numbers for the manufacturing sites, global trade item numbers that relate to the drugs, and the National Drug Code number that can be incorporated into a lot number without the need to start from scratch.
Aggregation is an area where a solution is still very much up in the air. There are still questions about how best to accomplish this without disrupting traceability. Often, drugs are individually packaged before they go into a homogeneous labeled box. At this point, depending on the manufacturing or contract packaging site, the boxes become commingled with other lots, or even with other products on a pallet. That makes it harder to trace at the pallet level, as a pallet could have several codes on it. This is where aggregation starts to get complicated, and frankly I do not think a universal solution exists as of yet.
Ultimately, you need to have validated software to handle aggregation, and that’s usually something manufacturers obtain from outside their operations. Not only do you want someone who is experienced with validation software — as validation studies for the electronic data can be costly — but it is extremely time-consuming for an internal IT group to attempt.
Because of all these factors, it is imperative that pharmaceutical manufacturers realize that serialization is more than a processing or packaging procurement decision. Compliance with DSCSA is not just a matter of selecting and purchasing capital equipment, integrating the serialization provider, and redoing packaging and artwork to accommodate the serialization label. It is a corporate-wide endeavor that includes management involvement at the highest level. Manufacturers who attempt to pigeonhole it and say, “Well, that’s for the engineering, manufacturing, and IT people to handle” are doomed to fail. It must be a cross-functional team effort to bring the various stakeholders together, which requires an executive sponsor, a program governance committee, and a supply chain security team. Together, these parties then need to recognize all of the subprojects that are involved, down to the individual groups that are working on it.