A Closer Look At Web Portals for DSCSA Transaction Data Exchange

???????????????These are the last few days of 2014.  During the rush up to Christmas, the FDA gave the industry a gift by announcing that they will not enforce the transaction data exchange requirements of the Drug Supply Chain Security Act (DSCSA) until May 1, 2015—a four month delay (see “FDA Postpones Enforcement of DSCSA Transaction Data Exchange Until May 1” for details).  So things are likely to be quieter this week than they otherwise might have been.  And if you are one of those who are working this week, why not fill out the 2015 RxTrace U.S. Pharma Traceability Survey, sponsored by Frequentz?  It will be closed soon so make sure you click here to fill it out now.

One of the approaches that the FDA mentioned in their data exchange guidance, published on November 26, is the use of secure web portals (see “FDA Publishes Draft Guidance For DSCSA Data Exchange”).  Some companies are planning to make use of web portals to pass their Transaction Information (TI), Transaction History (TH) and Transaction Statements (TS) to their customers as will now be required by May 1, 2015 for manufacturers, wholesale distributors and repackagers, and on July 1, 2015 for dispensers (see “Who Is A DSCSA Dispenser?”).

So let’s take a few minutes for a closer look at what they are and how they should be used, including one of the potential pitfalls that companies relying on them may face.


Briefly, a web portal used to meet the U.S. DSCSA transaction data exchange requirements is a website provided by the seller of drugs to the supply chain company that buys from them.  The website provides the buyer with access to the TI, TH and TS documents that the DSCSA requires the seller to provide to the buyer.  The web portal, then, fulfills the data exchange requirements that are imposed on the seller.  They can also allow the buyer to meet the DSCSA requirement that they receive the TI, TH and TS from the seller, but only if they make proper use of the sellers web portal (see below).

The term “web portal” when used to refer to the definition above is a shortened version of the true name, which is “secure web portal”.  That is, to be of value for meeting the data exchange requirements, a web portal offered by the seller must apply all the typical internet security features, and must allow the buyer to login and access only the transaction documents that describe their purchases from that particular seller.

A web portal is specific to a given seller’s transactions so if a company in the supply chain buys from multiple companies, and if web portals are used to receive the required TI, TH and TS documents, then the buyer will need to have access to the web portals offered by each of those suppliers.

There is no standard user interface for a secure web portal and the operation of the web portals offered by each seller may be different.  The only common characteristics are that the buyer will need to manually login somehow, and will somehow be given access to the transaction documents for their incoming shipments from that supplier.  User account management, navigation, access method, download formatting and what else the user has access to will likely all vary from supplier to supplier.

Some suppliers may offer the minimum required access to the buyer’s DSCSA transaction documents, but other suppliers may integrate the web portal with their existing customer service portals which may offer features such as order entry and tracking, returns authorization and tracking, chargeback resolution and tracking, recall database, shelf label printing, etc.


If you plan to make use of web portals for receiving your supplier’s DSCSA transaction documentation, the most important thing you must keep in mind is that, at their base, web portals are offered as a data exchange mechanism.  That is, they fulfill the requirement for the seller to provide the buyer with the necessary TI, TH and TS documents at the time of the transaction.

In some cases, they may also be offered by the supplier to fulfill the buyer’s DSCSA requirement to store and retrieve the transaction documents in the event of an investigation over the next six years, but this is not the primary purpose of the web portal.

Do not assume that the seller will keep your DSCSA transaction documents for six years and make them retrievable by you for that full term.  The seller is not obligated to provide that level of service.  As a “data exchange” mechanism, the data may only be accessible for some pre-defined duration that is significantly less than six years.  It is the buyer’s obligation to store and retrieve those documents for the full six years after the transaction (see “DSCSA: A Closer Look At The Six-Year Record-Keeping Requirement”).  Yes, the seller has a comparable obligation to store and retrieve those documents in case of an investigation, but their obligation is separate from the buyer’s obligation, even when a web portal is in use for data exchange.

All that being said, you may find that some sellers who offer web portals for data exchange may also voluntarily agree to provide that service to you for the full six years.  My point is, don’t assume they will all do that just because they offer a web portal for data exchange.  You need to be very clear about what your supplier intends their web portal to be used for.  Ask your suppliers and get it in writing.

This service is so important to you, as the drug buyer, my recommendation is that you require a firm contract that clearly establishes the seller’s obligation to retain that data on your behalf for the full six year regulatory requirement.  Six years is a long time to rely on the continuation of “good will” and “benevolence”.  If you can get a signature on a contract covering six years, then I think you can relax and assume that you will meet your DSCSA data storage and retrieval requirement…for purchases from that supplier anyway.

The only problem is, you probably won’t get that for free.  You may find it very difficult to get a supplier to contractually obligate themselves to provide that level of service without additional payment.  The only way to find out, is to explicitly ask them if they would be willing to update an existing contract with you, or establish a new one specifically for this purpose.  This is the best way to find out if the supplier intends to offer the web portal for your use as a DSCSA data storage and retrieval solution, or just a simple data exchange mechanism.

If it turns out that they are only offering the web portal as a simple data exchange mechanism, and not a full document storage and retrieval system, then you will need to make it a regular practice to download every transaction document from that portal and into your own system for long term data storage and retrieval.  If you are small enough, you may be able to simply print these documents and store them physically.  If you are too big to deal with all that paper, then your solution will need to be electronic and must be compatible with whatever document format the seller is offering through their portal.

Web portals sound like a simple solution to the DSCSA transaction requirements—and they are—but only for the exchange of that data.  More than likely, most buyers will still need to pull those documents down into their own systems and store them for the full six year obligation.

If you need a more detailed explanation of the DSCSA and its many requirement and their implications, get a copy of my ebook, “The Drug Supply Chain Security Act Explained”, by Dirk Rodgers.  I think you will find it to be a good investment toward understanding the full regulation.  Get a copy on the RxTrace shopping website here:  https://www.rxtrace.com/shop/


3 thoughts on “A Closer Look At Web Portals for DSCSA Transaction Data Exchange”

  1. Do you think that it would be more appropriate if those web portals provide import/export of respective data in certain standard form such as EPCIS event XML scheme ?

    1. Boris,
      That’s a good question. My current thinking is that companies offering web portals should give their customers the maximum flexibility and choice, including EPCIS events, ASNs and PDF. That is, the customer would be able to configure their account to request one of those formats. However, my suspicion is that most companies using web portals as their only way of passing transaction data will likely choose only a single format. In that case, they should offer HDMA-formatted ASNs if their customers are primarily wholesale distributors, and PDFs if their customers are primarily dispensers.

      In my opinion, most companies are wasting their money investing in EPCIS-based systems for the exchange and storage of transaction data, until around 2022 or so. Of course, I also believe that manufacturers and repackagers should invest in EPCIS-based solutions for management of serialization data in-house.


  2. I wonder who will be reconciling TI/TH with what physically showed up? My guess is most folks are just going to assume the TI/TH data is correct and file it away. For example, imagine the package size listed in TI not matching the package size component on the NDC in the shipment. I wonder what repercussions there would be in an investigation if it turns out the seller’s information was incorrect and you, the buyer, never bothered to check.

Comments are closed.