GS1 US Publishes New DSCSA VRS Implementation Guide

Last week GS1 US announced that they have published a new implementation guideline to help companies in the US pharma supply chain make use of the new GS1 lightweight messaging standard for verification of product identifiers to meet the saleable returned drug verification requirement of the Drug Supply Chain Security Act (DSCSA).  The messaging standard itself was ratified by GS1 in January and it can be used to implement a wide range of product verification schemes in any industry.  The new GS1 US guideline is a valuable resource for companies wanting to apply that standard to the problem of verifying drugs that fall under the DSCSA, so it contains a wealth of information needed to ensure interoperability of Verification Router Service (VRS) solutions.

The original standard document is 30 pages long (see “GS1’s Messaging Standard For Verification Of Product Identifiers”).  This new guidance for using it to meet the DSCSA is 59 pages long.  That’s just how packed with useful information it is.  If you are implementing the VRS, you will want to read this guideline.

Not everyone will need to implement the VRS.  The VRS is a verification technology that was proposed by a group of members of the Healthcare Distribution Alliance (HDA) a few years ago and the HDA has helped a larger group of end-users and solution providers make it a reality (see “First Meeting of the HDA Verification Router Service Task Force” and “DSCSA Red Light Green Light: Verification Responses”).  Multiple vendors are now offering VRS solutions that should work together, thanks to the GS1 lightweight messaging standard and now this GS1 US guideline.  The big wholesalers are now frantically doing technical onboarding with those manufacturers that have made VRS investments.  Just to be clear, the law doesn’t require companies to use the VRS approach, but because all of the major wholesale distributors are embracing it and asking their suppliers to connect to it, high volume drug manufacturers should strongly consider it. 

There is one alternative to VRS that the “Big 3” wholesale distributors say they will accept (see “DSCSA: Saleable Returns Verification”).  You just have to supply them with the list of Standardized Numerical Identifiers (SNI’s) in each shipment you send to them (see “What’s So Hard About Unique Identifier Verification?”).  The SNI’s should be in GS1’s Electronic Product Code Information Services (EPCIS) format (see “EPCIS Explained”). 

The problem with the SNI list approach is that you would have needed to start supplying that data with your shipments 9 months ago for it to be a good alternative for the wholesalers.  The reason is that they would need to keep the data you supply and then refer to it when they receive saleable returns of your products after November 27 of this year.  Of course, the returns they receive on November 28 would have been shipped to them by the manufacturer at some point prior to that date.  Returns can come in to a wholesaler any time, and when they do at least 3-6 months before their expiration, they could theoretically still be considered “saleable” (this is a company policy and is sometimes the subject of customer contracts), but the assumption is that the bulk of saleable returns come back to the wholesaler within 9 months of their original receipt by the wholesaler from the manufacturer.

BUT WHAT DO YOU REALLY THINK?

Because this is RxTrace, I need to say here that, in my personal opinion, the “list of SNIs with each shipment” approach to saleable returns verification will probably meet neither the manufacturer’s nor the wholesaler’s legal obligations for DSCSA verification.  That’s because it does not offer the opportunity for the manufacturer to inform the wholesaler that they have reason to believe a given SNI in “the request” may be illegitimate, at the time of the verification request, as required by the manufacturer’s DSCSA requirements (see DSCSA section 582[b][4][C]). 

Further, I am very skeptical that even the VRS, as implemented with the GS1 lightweight messaging standard will meet the requirements (see “Most Companies Will Do DSCSA Verification Wrong”).  GS1 has updated the standard with a small improvement designed to address one of my concerns since I first raised them (I’m not the only person to raise them), but I don’t think they went nearly far enough.  They simply added a “suspect” code that can be stored in the “additionalInfo” parameter of the verification response. 

“Suspect” is not the same as “high risk of illegitimacy” in the DSCSA context, which means the GS1 standard is also incapable of meeting anyone’s legal requirements.  That said, the new guidance document does a good job of explaining what can be done with the standard, as is, with a number of good examples using GS1’s new Digital Link encoding and JavaScript Object Notation (JSON) format for developers to understand how it works (see “The New GS1 Digital Link Standard”).

WILL THAT BE ENOUGH?

Will it be enough for the industry to meet the November 27, 2019 deadline?  Maybe.  Maybe not.  It’s partly up to the FDA’s interpretation of the DSCSA and the industry’s progress toward getting their systems communicating the right data on time.  A lot of ground has to be covered by a lot of companies in the supply chain, and this time, the deadline requires onboarding and testing between manufacturers and wholesale distributors in advance. 

I think there is still a good chance that the FDA will offer enforcement discretion to delay the wholesaler’s 2019 saleable returns requirement, but if they do, they won’t announce it until just before the deadline.  Of course, that’s just a theory, not based on anything I’ve quietly heard about the FDA’s plans or thinking, so don’t stop preparing.  You can read the full reasoning for my theory in my recent essay “Is The FDA About To Delay Enforcement Of The Wholesaler’s 2019 Mandate?”.  We’ll find out soon enough now, with only about two months to the deadline.  Care to make a prediction of your own?  Leave a comment below.

Dirk.

Leave a comment below...

This site uses Akismet to reduce spam. Learn how your comment data is processed.