Manufacturers who make use of third-party contract manufacturers, contract packagers and/or third-party logistics providers (3PLs) may wish to off-load their 2015 and 2017 obligations under the U.S. Drug Supply Chain Security Act (DSCSA) to those contract organizations. These obligations include providing Transaction Information (TI), Transaction History (TH) and Transaction Statements (TS), and collecting and holding that data in case of future investigations starting this coming January; and applying the necessary 2D barcode with serial numbers starting in November of 2017.
This may seem perfectly logical. After all, absorbing responsibilities is one of the big benefits that contract organizations offer their customers. But by passing on certain obligations under the law, DSCSA manufacturers may end up with higher risks in the future.
First of all, DSCSA manufacturers cannot really pass any of their obligations on to a third-party. That is, the DSCSA manufacturer has certain specific obligations that they will always be held accountable for by State and Federal regulators. The only thing a DSCSA manufacturer can do is to include specific language in their contract with the third-party to obtain additional help toward meeting those obligations. If a regulator eventually finds some deficiency in meeting one or more of those obligations, it will be the DSCSA manufacturer who will face the consequences, not the contract organization. (Of course, if there is criminal wrong-doing on the part of the contract organization, they too are certain to face consequences.)
The regulator is not going to accept a claim that it was the contract organization’s fault that the law was not met. So the best you can do is to make the vendor share in those consequences through the contract you sign with them. The regulator is not likely to “recognize” your contract, but at least that contract should ensure that the contract organization will help you correct the situation and perhaps share some percentage of any fines that may be imposed by the regulator on you.
Contract language such as this is a two-way street. The DSCSA manufacturer might be able to sleep better at night knowing that their contract makes it more likely that their contract organization will correctly perform the necessary duties on their behalf, but now the price might go up. That is because the contract organization has new obligations and unknowns in their contract. How they price those obligations and unknowns will be up to each company, but odds are, the prices will go up. DSCSA compliance should be viewed as an expansion of the service that contract organizations provide and that addition should be priced accordingly.
HOW MUCH TO OFF-LOAD?
But how much of your DSCSA burden should be off-loaded to a contract packager or 3PL? During a session at the recent LogiPharma conference (see “Pharma Serialization: Going Totally Global Soon”), a person from a virtual manufacturer asked the members of a panel (which was composed mainly of large branded drug manufacturers) if there was anything in the DSCSA that could not be off-loaded to contract partners. The panel members couldn’t think of anything, which seemed to confirm what the questioner was thinking.
Well here is what you risk if you let your contract partner perform the following duties on your behalf:
Serial Number Management
One of the great new services a contract packager can offer is to print the required 2D barcodes on each package on behalf of the DSCSA manufacturer. That barcode will need to appear on all drug packages—encoding the NDC, unique serial number, lot number and expiration date—by November 27, 2017. But who decides which unique serial number is put on which package? And how are those specific numbers chosen? This is serial number management.
If the DSCSA manufacturer lets the contract packager perform that function, their risk goes way up. Not only will their compliance be subject to the contract packager’s ability to keep track of which numbers have been used and which are available, but this will also open the door to vendor lock-in. That is, it will be harder for the DSCSA manufacturer to switch to a different contract packager in the future if decisions about the management of their serial numbers on their products are left entirely up to the contract packager. Once that happens, you may be likely to see price increases just because the contract packager knows it will be hard for you to switch to a competitor. This is especially true if you let the contract packager hold the serial number and lot history on your behalf.
The way to avoid this risk is to at least get a batch-level upload of the serial numbers that have been used, and better yet, you yourself should also maintain and assign the range of potential serial numbers to be applied and provide at least a number range to the contract packager as part of the lot planning process. That way you control how your serial numbers are assigned and that will allow you to switch to a different contract vendor at any time. It will also make it easy to use two or more different contract vendors for the same product at the same time if you have capacity issues with your first vendor.
This is not as hard as it sounds. Talk to the various solution vendors to learn the costs and additional benefits. Your up-front investment should result in a lower ongoing cost from your contract packager. Watch out for contract organizations who claim there is no cost difference for serial number management. They are either just trying to lock you in, or they don’t know exactly what they are doing yet so they are pricing everything high. Even at the same price, your risks will be significantly lower if you do your own number management.
Transaction Data Retention
Almost the same thing happens when you let your 3PL hold all of your shipping/transaction data on your behalf. Here I’m referring to the DSCSA TI, TH and TS data that must be held and retrievable within 48 hours starting in January (July for DSCSA dispensers) (see “DSCSA: A Closer Look At The Six-Year Record-Keeping Requirement” and “Who Is A DSCSA Dispenser?”). Can your 3PL meet the six year retention requirement? What happens if/when you switch to a different 3PL at some point? Does your original contract obligate the original 3PL to continue holding your older transaction data for the full six year period and respond to verification requests related to that older data even after you have stopped using them? Or, are they going to help you move that data to your servers or your new 3PL at the end of their contract? Or, will your contract allow them to just delete all of your transaction data as soon as your contract expires? Sounds like vendor lock-in to me.
The way to avoid this is to hold that data yourself, or with a DSCSA solution provider. If you go with a DSCSA solution provider, make sure they have a clean way to export that data to you or to your next DSCSA solution provider in the event you want to switch that vendor as well. There is potential for vendor lock-in there too.
In my view, it is dangerous in the long-run for a company to off-load all of the work imposed by the DSCSA to third-parties. Companies should be actively involved in at least their own serial number management and transaction data retention and retrieval. Solution providers offer a number of ways these can be accomplished. Please leave a comment if you view it differently.