The Drug Quality and Security Act (DQSA) was constructed back in 2013 by Congressional staff, with input from the FDA, members of the industry and who knows who else. There was one bill in the House of Representatives and a different bill in the Senate. Once these bills passed their respective houses, they formed a conference committee who merged the two bills into the final text that we know today as the DQSA (see “It’s Official, President Obama Signs H.R. 3204, DQSA, Into Law”). Chapter 2 of that act is the Drug Supply Chain Security Act (DSCSA). Most readers of RxTrace haven’t forgotten that history but it is important to look back at that history to explain why most companies can ignore certain requirements in the law. That’s right. There are requirements in the law that you can ignore because they will not be enforced by anyone. They are the result of the disjoint way the DQSA was written. Let me explain.
But before I explain, I need to point out that you should not ignore these requirements just because I said you could. You should convince yourself that my logic is correct and that you and your regulatory compliance department agrees with it. This is not legal advice. It is just logic.
IGNORABLE REQUIREMENT #1
The DSCSA says that you must apply a unique Standardized Numerical Identifier (SNI) to every package and every homogeneous case. Under certain circumstances, you can ignore the “unique” part of this requirement. Under those circumstances, it is OK to have two different DSCSA-regulated things that have the identical SNI. Are you shocked? You should be. How is it possible for such a system to work if two different objects can be in the supply chain with the identical SNI? Won’t it all fall apart? No, but verification systems will need to recognize and work around this situation.
The SNI is composed of the drug’s 10-digit National Drug Code (NDC) plus a serial number, which can be up to 20 alphanumeric characters (see “Anatomy Of The National Drug Code” and “Anatomy Of An FDA SNI”). Back in 2010, before the DSCSA was conceived, the FDA published the final SNI guidance (see “FDA Aligns with GS1 SGTIN For SNDC”). In that document, they said that when you need to encode an SNI into a barcode, you are allowed to encode it into a different identifier, and they used a GS1 Global Trade Item Number (GTIN) as an example (see “Depicting An NDC Within A GTIN”). For the most part, the entire industry is treating this to mean that whenever the law talks about an “SNI”, you can read it as “SGTIN”.
When you do that, the GS1 General Specifications take over. It is vitally important to recognize that a GTIN is not an NDC, and a GTIN plus serial number (often referred to as an SGTIN) is not an SNI, but you can encode an NDC within a GTIN structure and an SNI within an SGTIN structure.
The GS1 General Specifications and GTIN Allocation Rules dictate that two different serialized trade items with the same GTIN must have two different serial numbers. This guarantees uniqueness. They also dictate that two distinctly different trade items must have different GTINs. This seems to ensure that no two DSCSA-regulated items will have the identical SNI, but it doesn’t. It only ensures that no two DSCSA-regulated items will have the identical SGTIN. There is an important difference.
I am confident that some manufacturers who are currently shipping serialized drugs into the US supply chain have already shipped a case that has the identical SNI as one of their units. In fact, unless they have taken steps specifically to avoid it, odds are very good that every case identified with an SGTIN will contain the SNI that is also on a unit somewhere. That’s because serialization solutions are most likely to be configured to ensure uniqueness with SGTINs, and not SNIs like the letter of the law requires.
As I said, the only time this is an issue is when companies attempt to “verify” a DSCSA product identifier (see “The DSCSA Product Identifier On Drug Packages”). Remember, the DSCSA product identifier is defined as the SNI (which is the NDC plus serial number, not the GTIN plus serial number), the lot number and the expiration date. As long as DSCSA verification is not based on the SNI but, rather, is based on the SGTIN, everything should work fine. It won’t conform to the letter, but it should conform to the spirit of the law, so, you can probably ignore it.
IGNORABLE REQUIREMENT #2
Under the DSCSA, all homogeneous cases must be serialized by the application of a DSCSA product identifier. The law defines a “homogeneous case” this way:
“The term ‘homogeneous case’ means a sealed case containing only product that has a single National Drug Code number belonging to a single lot.”
By this definition, a full case of 24 units of a given prescription drug where all of the units are the same NDC and the same lot, is a homogeneous case and must be serialized. The problem is, a partial case of 23 units of the same prescription drug is also a homogeneous case under this definition, as long as they are all the same NDC and belong to the same lot. Wholesale distributors will insist that this partial case be serialized with a GS1 Serial Shipping Container Code (SSCC) rather than an SGTIN.
The reason for this is very practical. Wholesale distributors do not want to mistake a partial case for a full case. To them, a partial case is NOT a really homogeneous case because it must be handled differently in their environment.
When a manufacturer follows the wishes of the wholesale distributor and serializes partial cases with an SSCC, they are ignoring the law, and I am pretty sure the FDA will not step in and change that, because that would be impractical. What is being done, is practical.
IGNORABLE REQUIREMENT #3
As I said above, the DSCSA requires drug manufacturers to affix a DSCSA product identifier to each homogeneous case. The law says these product identifiers “…shall be included in a linear or 2-dimensional data matrix barcode when affixed to, or imprinted upon, a homogeneous case.”
However, the barcode guidance from the Healthcare Distribution Alliance (HDA) instruct manufacturers to spread the contents of the DSCSA product identifier placed on homogeneous cases across two linear barcodes, or in a 2D Datamatrix barcode (see “HDA Guidelines For Bar Coding In The Pharmaceutical Supply Chain”). If only the linear barcodes are used, it appears that two barcodes will not meet the letter of the law.
Now I will agree, this is pretty picky. The text “…a linear…barcode…” can easily be interpreted as literally “one barcode”—and two barcodes are not “one barcode”—but the number of barcodes is not the main point of this part of the law. The main point is that the law allows companies to put the contents of the DSCSA product identifier into machine-readable barcode form, in either linear or 2D data matrix forms. Putting all of the data elements of the typical DSCSA product identifier into a single GS1-128 linear barcode would result in a barcode that exceeds the limits of readability. And it would take a very long label to accommodate it that way (see “Why NOW Is The Time To Move Away From Linear Barcodes”). So I think it is entirely practical to ignore the letter of the law in this instance and definitely go with two linear barcodes, or just go with one Datamatrix barcode. Either way, just make sure you follow all of HDA’s barcode guidance so that the larger wholesale distributors will accept your packages.
These are just three requirements of the DSCSA that you can probably ignore. Because of the disjoint way the law was put together, there are probably many others. Do you know of one? Leave a comment below.