The Differences Between The DSCSA, FDA Rules and Guidance

???????????From reading the responses to the FDA docket requesting public feedback on standards for interoperable information exchange, I think it is time to review the difference between laws, FDA Rules and FDA guidance, like those stemming from the Drug Supply Chain Security Act (DSCSA).  It appears that some people might be confusing these a little.

Dr. Connie Jung, RPh, PhD, Acting Associate Director of Policy and Communications, in the Office of Drug Security, Integrity and Recalls, in the Office of Compliance within the U.S. FDA Center for Drug Evaluation and Research, helped put it all into perspective for me.  During one of the breaks at the recent FDA DSCSA Workshop (see “The 2014 FDA DSCSA Workshop“)  I asked Dr. Jung what the odds are that the Office of Management and Budget (OMB) will block the publication of the FDA guidance document on standards for data exchange which is due by the end of November—just like they did with the Unique Device Identification Final (UDI) RuleOMB actions delayed the publication of the UDI rule for at least a year by requiring changes.

She said that they never know when the OMB will step in and request a review, and it is always a possibility that they will with everything the FDA does.  But she pointed out that the UDI final rule was a regulation, and the document due in November is simply guidance that the industry may choose to follow (I’m paraphrasing here).  I recalled that the Standardized Numerical Identifier (SNI) was also guidance and not a rule, and I remember that the SNI document had the words “non-binding guidance” at the top of every page.  I asked her if those words would likely appear in the data exchange document when it comes out.  She could not say, but she agreed that “guidance” is just that—guidance—and should not be viewed as rigorously as a rule, or a law.

This is very instructive and I hope it puts the anticipated guidance on data exchange into the proper perspective.  The DSCSA is an act of Congress, signed by the President, which makes it a law that everyone must comply with to avoid penalties.  FDA rules—like the UDI Final Rule published last September—are regulations that are backed by law, and therefore, must also be complied with to avoid penalties.  But FDA guidance—like the SNI guidance, and the upcoming data exchange guidance—are NOT laws or even rules.  According to the FDA website, guidance documents represent the “current thinking” of the FDA on a particular topic.  Guidances are non-binding.  You can follow them in you want to, but you don’t have to, as long as you otherwise meet the requirements of the underlying law.

So let’s apply that to the exchange of Transaction Information (TI), Transaction History (TI), and Transaction Statements (TS) that all U.S. pharma supply chain trading partners must do beginning on January 1 of next year (dispensers don’t have to do it until July 1 of next year) (see “DQSA: How Should Transaction Data Be Exchanged?”).  First, the DSCSA that contains this requirement is a law, which means non-exempt trading partners are obligated to follow those requirements or be exposed to penalties.

The DSCSA also obligates the FDA to take certain actions on a particular schedule (see “Decoding The FDA’s DSCSA Timeline”).  Two of those actions are the publication of guidance on identification of suspect product and termination of notifications of illegitimate product, which is due by next Monday, and the publication of draft guidance establishing standards for interoperable exchange of TI, TH and TS in paper or electronic format, which is due on or before November 27 of this year.  Both of these are guidance, which means they will contain non-binding information that represents the current thinking of the FDA on those topics.

As I pointed out in a previous essay, the FDA is working hard to publish the document on data exchange earlier than the deadline Congress gave them, but even if they publish early, most companies will not have time to react if they wait for it before preparing for that exchange.  Please note that the exchange of the data is required by law, but following the guidance provided by the FDA is not a requirement.  So don’t wait for that guidance!

I don’t recommend that you go off on your own and pass the TI, TH and TS in some non-standard or proprietary way, but work with your trading partners to come up with a technique that you all believe meets the law.  As long as it really does meet the law, you don’t have to worry if the FDA does not include that particular technique in their guidance in November.  You are not violating anything.  Of course, if the FDA later says that they consider your approach to be non-compliant with the law, then you might want to work on an alternative at that time, but I don’t think they will do that in their guidance.

We have already seen that companies are moving forward with approaches that they believe comply with the law, as indicated by the recent HDMA guidance on the use of the EDI Advance Shipment Notice (ASN) to carry the TI, TH and TS in certain transactions (see “Just Released – The HDMA EDI ASN Guidance For DSCSA”).  This is exactly what needs to happen.  All companies must create a plan for meeting this, and other requirements in the DSCSA, and confirm that approach will be acceptable to their trading partners.

All three of the big wholesale distributors have now sent out their own guidance letters to drug manufacturers on this topic (see AmerisourceBergen’s, and Cardinal Health’s).  McKesson has apparently not made their letter public but if you are a manufacturer and you have not seen their letter, I recommend you send an email to and request a copy because it contains specific steps and deadlines that they expect you to follow if you expect them to distribute your product after November 1st of this year!

These companies are not messing around, and that makes sense.  Because they handle so much product from so many sources, they do not have a lot of time to spend helping each individual company meet the law.  You either follow their instructions, or risk having your product embargoed on their receiving docks well before the January 1 deadline.  These companies have a good idea what it will take to comply with the law and they plan to meet it.  I suggest you follow their lead and figure it out now.  Don’t wait for the FDA to publish their guidance.  You won’t have time if you do (see “The Flaw That Must Be Addressed in H.R. 3204, The Drug Quality and Security Act“).


I conducted a fun poll over the last two weeks to help figure out the most popular abbreviation for Transaction Information, Transaction History and Transaction Statements when you are referring to all three as a single concept, in written and spoken forms.  Here are the results from the 33 respondents.  As you can see, I have already begun to use the popular written form.  Click on the images to make them readable.

THIS Abbreviation.Written
Click on image to enlarge.

“Other” responses were:

(THIS) – Transaction History, Information, and Statement
T-HIS (Transaction-history, information and statement)


THIS Abbreviation.Speaking
Click on image to enlarge.

The “Other” response was:

T-HIS (Transaction-history, information and statement)


2 thoughts on “The Differences Between The DSCSA, FDA Rules and Guidance”

  1. Agree with your analysis and your advice to start before guidence. While FDA guidence IS only that, investors and litigators demand effort to conform to best practice.

  2. Dirk, I’m still confused over how dispensers will need to comply with the receipt if T-HIS for each and every drug SKU they order, daily, weekly, monthly…order lines are voluminous! So the idea is wholesalers will send e-THIS to pharmacies but how will pharmacies receive, store, catalogue and retrieve upon request? Do they need their Pharmacy IS provider to write a program to do this or will wholesalers store on an account specific cloud platform and facilitate retrieval from there?

Comments are closed.