Late last month the Healthcare Distribution Alliance (HDA) submitted a letter to the FDA in response to the docket for the DSCSA Public Meeting held on February 28, 2018 (see “FDA DSCSA Public Meeting #3: A Difference?”). Like everyone who attends these meetings, HDA appreciates the FDA holding them. HDA recognizes the importance of clear and well-reasoned responses to every important discrepancy in interpretation their members heard during these meetings. You can tell from this and all previous HDA letters to the FDA regarding the Drug Supply Chain Security Act (DSCSA). This letter is another masterpiece, following previous HDA masterpieces (see “HDA Schools FDA On DSCSA” and “HDA Questions FDA’s Authority To Mandate A Centralized System For the EDDS”).
HDA’s letter about the third FDA DSCSA Public Meeting was a very effective deconstruction of eight of the ten items in FDA’s list of “Enhanced Security Needs” summarized at that meeting. HDA’s letter can be found here. I strongly encourage you to read it because it is very interesting and because it lays out most of the DSCSA issues facing the supply chain today. I don’t always agree with the HDA, but they really make a good case for all of their arguments.
The main part of the letter is composed of eight “points” about some discrepancy in interpretation of the DSCSA between the FDA and HDA. Each point is concluded with a “Recommendation”. Each recommendation starts with either the text “HDA recommends…”, or, my favorite, “HDA urges FDA to recognize…”. The main body of each point provides the background and reasoning for each discrepancy in interpretation, but the recommendations are where they concisely—and politely—explain what the FDA should do to eliminate the discrepancy.
These eight points, plus a few of the further support and guidance items listed in the last part of the letter (see below), contain the most critical issues that must be resolved before the industry and solution providers can even begin to design solutions that meet the DSCSA Enhanced Drug Distribution Security (EDDS) phase due to begin in 2023 (see “EDDS: The New Data Exchange Requirements”).
Here are the topics of the eight points/recommendations/discrepancies (paraphrased by me):
- Centralized or distributed
Even though FDA has started to use the term “distributed” for the high-level architecture of the overall DSCSA EDDS solution, HDA rightly detects that they are still ascribing centralized characteristics to it in their questions and comments. HDA wants FDA to stop it, and admit that the data will be distributed with no single “catch-all” components; - Data and system security
HDA wants the FDA to stop worrying about data and system security of future DSCSA systems, because companies in the supply chain already have solutions that require comparable security practices. The industry can handle it without further direction by FDA. - Sharing confidential commercial info and trade secrets;
HDA wants FDA to recognize that the DSCSA does not force companies to share all of their sales data all the time, but only some of that data in the event of rare events like recalls and suspect product investigations; - Content of a “prompt response” upon request
HDA cautions FDA that companies will only be able to promptly respond with the TI and TS data that they have in their possession—which will be from their purchase and sale of the product in question. This will not be all of the data going back to the manufacturer or repackager because that will require data in the possession of others. - “Facilitate prompt gathering…” vs “Promptly facilitate gathering…”
HDA detected a subtle but very important discrepancy in the wording of one of the FDA’s enhanced security needs—a discrepancy that may be at the core of their divergent expectations of the future solution architecture. DSCSA Section 582(g)(1)(E) requires trading partners to “…have systems and processes necessary to promptly facilitate gathering the information necessary to produce [the TI for each transaction going back to manufacturer]…”. FDA mis-interprets that requirement for the future system to “…facilitate prompt gathering of the information necessary…”. “Promptly facilitating gathering” is not the same as “facilitating prompt gathering”. In the former, there should be minimal lag in beginning the facilitation of gathering the information. In the latter, there should be minimal lag in obtaining the results of the gathering. The problem is, in a distributed solution as envisioned by the DSCSA, some of the information to be gathered—and the speed with which it can be gathered—will be outside the control of the company receiving the request. The wording in the DSCSA seems to recognize those limitations. The wording from the FDA does not; - Which “authorized” members of the supply chain can verify products
HDA simply requests that the FDA clarify its interpretation of whether or not drug manufacturers and repackagers are allowed to be selective about which authorized members of the supply chain they may respond to when requested to verify a given product. HDA believes they must respond to requests from all authorized members and not just from those who bought drugs directly from them. I recently wrote about this problem and I join in the HDA’s request for clarification (see “What’s So Hard About Unique Identifier Verification?”); - “Red Flag” signals that a drug has been determined to be illegitimate
HDA views an ability to send red flag signals nationwide is not practical and recommends more targeted notifications using existing infrastructure. They recommend that the FDA delete this “need” from their list. - “…the system…”
HDA contests FDA’s continued use of the phrase “…the system…” because it implies that there will exist a single system that will be used by all members of the supply chain in 2023. They want the FDA to recognize that a distributed model will offer more security than a single system.
The last part of the letter provides a list of things for which the HDA requests additional FDA support and guidance. It’s just a simple list so I won’t reproduce it here, but it includes acceptance of things like the use of master data (see “What The TraceLink v HDA Lawsuit Teaches Us About The Value of Supply Chain Master Data”), GTIN in place of NDC (see “Human Readable Text Controversy”), the use of aggregation (see “Aggregation –> Chargeback Accuracy –> ROI”), which parts of a DSCSA system fall under current Good Manufacturing Practice (cGMP) and which do not, acknowledgment that a distributed system is acceptable, and endorsement of GS1 standards.
There is a lot packed into this one letter, but every issue/question HDA covers is vital to the industry’s preparation for the EDDS and therefore, its very success. FDA should take the time to carefully respond to each of the points raised by HDA when they finalize their current draft guidance documents and future guidance.
Dirk.