There is an important debate going on over the last 9 months regarding exactly how many different answers companies should prepare to provide in response to a DSCSA verification request. Some say two: “Red light” or “Green light”. And others say three: “Yes”, “No”, or “It’s Complicated”. This might seem like a minor question, but people on each side are surprisingly passionate about their positions. Let me explain.
WHAT EXACTLY IS “VERIFICATION” ANYWAY?
The Drug Supply Chain Security Act requires drug manufacturers in the United States to respond to requests for “verification” of their drug products. Requests may be submitted by any authorized member of the supply chain who possesses the product, the FDA or other appropriate law enforcement agency (see “DQSA: Dancing Around The Returns Problem”). The words “verify” and “verification” are defined in the DSCSA this way:
“(28) VERIFICATION OR VERIFY.—
The term ‘verification’ or ‘verify’ means determining whether the product identifier affixed to, or imprinted upon, a package or homogeneous case corresponds to the standardized numerical identifier or lot number and expiration date assigned to the product by the manufacturer or the repackager, as applicable in accordance with section 582.” DSCSA Section 581(28).
For serialized product, after November 27, 2017, verification must be performed using the Standardized Numeric Identifier (SNI), which is composed of the NDC and serial number (a.k.a., a serialized NDC, or “sNDC”), when it is provided in the request (see “FDA Aligns with GS1 SGTIN For SNDC”). Starting on November 27, 2019, wholesale distributors must begin verifying every saleable return using the SNI. Recently, the FDA has said that they might delay the enforcement of the manufacturers deadline by one year (see “FDA Delays Enforcement of DSCSA November Deadline: What It Means” and “DSCSA and RxTrace: The Song Remains The Same”) and the verification requirements for downstream trading partners would become a little complex (see “DSCSA Cascading Delays”).
RED LIGHT/GREEN LIGHT
The Red/Green side of the verification response debate is led mostly by wholesale distributors who want to quickly know just two things when they submit a verification request to drug manufacturers. Can I resell this stuff or not? No, or Yes? Red light/Green light? That’s it. Don’t tell me anything else because I don’t want to deal with anything else right now. That seems logical.
The wholesale distributors are very concerned about the speed of the verification response from drug manufacturers because the volume of their returns is so high, and they worry that the 24 hours the DSCSA allows drug manufacturers to take before responding to their request is way too long. They’d like to see it be in the tenths-of-seconds range if possible. Toward that end, they have proposed two ways to meet their saleable returns verification response time problem.
According to the “Big 3” wholesale distributors, manufacturers may pick one or the other. Either manufacturers provide them with aggregation data (or at least a list of SNIs in each shipment), so they can answer the verification question themselves, or, manufacturers should plan to participate in the Healthcare Distribution Alliance’s (HDA) Verification Router Service (VRS) (see “DSCSA: Saleable Returns Verification”, “First Meeting of the HDA Verification Router Service Task Force” and “DSCSA Serialization: What Wholesalers Expect”).
The Y/N/IC side of the debate is not really being “led” by anyone, but the proponents are usually manufacturers, and they are no less passionate. Their position is based on the fact that there are likely to be many extenuating circumstances that prevent a red light/green light response to some requests. Because the response must fit the statutory definition of “verification” (see above), when those circumstances occur, a “red light” response would be wrong because, in these situations, the SNI in the request is one that would have been “…assigned to the product by the manufacturer…”. But a “green light” would be dangerous or otherwise inappropriate. In these cases, more investigation is necessary.
Here are some examples of situations when “it’s complicated” would be the only response that makes sense:
- The manufacturer has received multiple requests for that same SNI from other locations in a time frame that is significantly shorter than the travel time between those locations, indicating a potential duplicate;
- The SNI is under a recall;
- The SNI was previously reported as stolen;
- The status of the SNI cannot be determined at this moment due to system availability.
In all of these cases, the manufacturer did “affix or imprint” the given SNI on a product, so they must not say that “verification” failed, but issuing a “green light” is also wrong. I’ve heard the argument from “red/green” proponents that the response for all of these should just be “Red light”, because it will rightly prevent them from reselling the drug.
But the problem with that is, it will cause the wholesale distributor to simply throw the product into the “non-resellable” bin, which will cause it to be destroyed rather than investigated or otherwise handled properly according to the root cause. The “It’s Complicated” response may cause the wholesale distributor to do the same thing, but at least the manufacturer would respond accurately and offer the requestor the opportunity to react appropriately. If the wholesale distributor chooses not to, it’s not on the manufacturer.
OOPS. DSCSA MAY NOT ALLOW WHOLESALE DISTRIBUTORS TO USE AGGREGATION DATA FOR VERIFICATION
You could argue that the DSCSA itself requires more than just two responses. Section 582(b)(4)(C) says that if, upon receiving a verification request, the manufacturer finds that they did not affix or imprint the SNI listed in the request, they must treat it as “suspect product” and immediately initiate an investigation. And if they find that the SNI is illegitimate product, they are required to “…advise the person making the request of such belief at the time such manufacturer responds to the request for verification.” How can they do that if all they have is “red light/green light”?
This brings up a more troubling question for wholesale distributors. If the manufacturer is required to perform an investigation into suspect product whenever they fail to verify an SNI when fulfilling a verification request, how can they do that if the wholesale distributor is doing their own “verification” of returns using the manufacturer’s aggregation data or list of SNIs supplied much earlier, without even contacting the manufacturer? Does that really fit the definition of “verification” if you read Section 582(b)(4)(C) as part of that definition?
This is one of the many complications you find when interpreting the DSCSA and implementing it in a way that improves supply chain security without killing its built-in efficiency at the same time.
So, which side are you on, Red Light/Green Light, or, It’s Complicated? Your answer may indicate whether you represent a wholesale distributor, or a manufacturer. So the real questions are, ‘which side is the FDA on?’ And, ‘will we ever find out?’