As November 2023 relentlessly approaches, compliance officials in health-system pharmacies across the country are counting down to the implementation of new policies that will significantly affect their day-to-day operations. No, we’re not referring to the latest USP compounding updates, although that Nov. 1 deadline is looming as well. But on Nov. 27, just four weeks after those updates become compendially applicable, pharmacies also will have to ensure they have implemented an “enhanced system” for tracing drugs under the final phase of the 10-year rollout of the Drug Supply Chain Security Act (DSCSA).
Enacted in 2013, DSCSA outlines steps to achieve interoperable, electronic tracing of products at the package level to prevent harmful drugs from entering the supply chain, detect them if they do and respond rapidly when they’ve been found.
“From the day the drug is born to the day that it gets administered, expired or wasted, you have to be able to track it,” said Jennifer Belavic, PharmD, the director of customer experience for ConsortiEX, one of the vendors offering a technology solution, Verify on Receipt with Scancast, for DSCSA compliance for use by hospital pharmacies. Others include Inmar, Systech and TraceLink. The National Association of Boards of Pharmacy is also releasing its own DSCSA compliance solution, called Pulse.
Enforcement of DSCSA rolled out in waves; first manufacturers had to place lot numbers on the packaging for all prescription drugs and include the unique National Drug Code (NDC), serial number, lot number and expiration date in a 2D matrix barcode. Then, wholesalers had to accept those products and have traceability. This November, 10 years after the law was enacted, pharmacies must also now be in full compliance.
Compliance with DSCSA requires pharmacies to:
- ensure they are only doing business with “authorized trading partners” (wholesalers that are properly licensed and registered);
- electronically receive, store and provide product tracing information, and only accept prescription drugs that are accompanied by the transaction information, transaction history and transaction statement; and
- establish procedures to investigate and properly handle suspect and illegitimate drugs.
“Whatever system you use, the requirement as of November is that ... you should be able to electronically find the required information, but the law does not define how you have to do that,” Dr. Belavic said. “Theoretically you could have a homegrown system and have a technician type in every serial number you receive, although that doesn’t sound very practical.”
Adding to the challenge: The 2D barcodes coming from the manufacturer don’t all contain exactly the same information. “There are certain pieces of data they have to have, including lot number, serial number, expiration date and NDC, but other information can also be in there, such as modifiers.”
Some automated inventory vendors put modifiers on their drugs, Dr. Belavic noted, “so your system needs to know how to ignore the unneeded numbers.”
All hospitals have their own drug databases, managed either via their electronic health records (EHRs) or inventory systems, she added. However, prior to DSCSA, those databases “were based on individual manufacturing packaging and associated 1D barcodes.” Now, “the 2D barcode is a mandatory standard and the GTIN [Global Trade Item Number] representation of the NDC is not populated in these databases.”
Moreover, “many of these systems do not read the 2D barcodes at this time,” Dr. Belavic stressed. “There is not a cookie-cutter response to meet this needed change, requiring each hospital to update their databases with each new 2D barcode that comes into their system.”
Are health systems ready to navigate these complexities by November? Some say they already are in compliance, while others are confident they are on track with time to spare. Others, Dr. Belavic noted, are definitely behind. (ASHP included DSCSA in its National Survey on Pharmacy Practice in Hospital and Health-System Settings fielded over the summer, but results were not yet available at press time.)
“Are you just going to run until you’re apprehended and ask forgiveness rather than permission?” she asked. “It’s true that the FDA has not specifically defined the exact penalties that will be imposed if you don’t do this. We know that there are likely to be fines levied and that you may be prone to more inspections, but the fines aren’t published. They might not even know how they want to handle it yet.”
For the DSCSA implementation experiences of both small and large health systems, see boxes below.
‘I Think We’re Ready for November’
Smaller institutions with fewer than 100 beds may have an advantage in moving to DSCSA compliance because their daily volume of drugs coming in is relatively low, so the additional scanning required is not likely to take as much time. “We typically receive between 10 and 30 totes of incoming drug inventory a day,” said Jackie Ferreira, CPhT, a pharmacy technician supervisor at Martha’s Vineyard Hospital (MVH), a 21-bed critical access hospital in Oak Bluffs, Mass., affiliated with the Mass General Brigham health system.
Beginning in February 2023, MVH started using Verify on Receipt from ConsortiEX for DSCSA compliance. “Everything with an NDC that comes into our pharmacy is tracked and traced through that system,” Ms. Ferreira said. “The drugs come in from our wholesaler, AmerisourceBergen, and our dedicated pharmacy technicians scan the license on the tote and every item in that tote separately.”
Even at this small hospital, that’s a lot of scanning. “We already have to scan in the OR, into Epic [EHR system] and into our inventory carousel,” Ms. Ferreira said. “This adds a good 60 minutes of additional scanning into the day. It’s definitely time-consuming, but I feel like it’s worth it if we are ever audited or have a recall. And I think we’re ready for November. I conduct regular audits, randomly checking a drug for the T3 information, and ensure the manufacturer is an authorized trading partner. So far I haven’t found anything to be concerned about.”
‘The Biggest Problem Is Workflow’
For larger institutions, the additional scanning time that DSCSA requires can multiply exponentially. Tom Moniz, PharmD, the director of pharmacy business and finance for Brigham and Women’s Hospital, in Boston, a 793-bed international referral center that is the second-largest teaching hospital of Harvard Medical School. “We tried to go live with our system as early as we could, but we still aren’t completely ready,” Dr. Moniz said. “The biggest problem is workflow. Even if you use your inventory management software as a proxy for your EHR, which is what we are doing at this point, we’re still going from one scan to two. That slows down the receiving process.”
Even using ConsortiEX’s ScanCast DSCSA compliance tool, which integrates with most EHRs, medication inventory management and wholesaler systems, compliance still requires additional scanning, Dr. Moniz said. “We’re now running our Omnicell inventory management software and DSCSA software on two different computers using the same scanner. It’s kind of like a 1980s music video where you are playing two keyboards at the same time. ScanCast is incrementally more efficient, but we can’t get through the primary wholesale order each day with current resources. Previously we’d be done around 10:30 or 11 a.m.; now it’s around 2 p.m. or later.”
One of the biggest DSCSA workflow issues for a high-volume pharmacy such as Brigham’s, Dr. Moniz said, is the real-time alerts. “There are all of these pieces of software aimed at alerting you in real time that what you just scanned doesn’t match what is expected from the wholesaler or not known to inventory management or EHR software, but receiving is a batch process. If I’m receiving 200 items at a time, it would be easier if the system could just tell me at the end which ones don’t match, not every time I scan.”
At the top of Dr. Moniz’s wish list is a DSCSA workflow that truly integrates with the inventory management platform. “Whoever creates a software application which does not create additional workload, such as one scanner and one application with a smooth workflow, and gets our inventory person back to focusing on what they are receiving will likely emerge as the market leader. ScanCast is a great incremental step toward this ideal, but DSCSA should be a more silent process, alerting you when necessary. I understand that software is proprietary, and it’s really tough to be allowed to interface directly with another system.”
Slower May Be Better for Larger Health Systems
Indiana University Health (IU Health) encompasses 17 hospitals, including an academic health center covering more than 1,500 beds, as well as multiple infusion centers and retail sites. Its pharmacy team began working on DSCSA preparation in early 2022.
“We wanted an integrated system and searched for a partner to create a platform to prevent unnecessary receiving work. We did not want to do all scanning of our products into an inventory management system, followed by a separate scan into a trackable system, and then even a third system such as EHR or ADCs [automated dispensing cabinets] to ensure barcode readability,” said Josie Klink, the pharmacy business operations manager at IU Health’s University and Methodist hospitals, who noted that Verify on Receipt helps to streamline that process.
“We took a four-month period to build a compatible system at one location complete with analyzing, testing, time studies, equipment assessments and creation of standard work documents to be later adopted across IU Health facilities. Go-lives across the system are intentionally going slowly, with a handful of sites every week, complete with on-site support and an internal compliance consortium.”
The system is nearly ready for compliance on the inpatient side, said Jonathan Brown, PharmD, the director of pharmacy-system operations and logistics. “We are scanning down to the lot level at about 90% of inpatient facilities. We have created standardized processes and written operating procedures for receipt and reaction to what would be suspect or illegitimate product, and are working with our supply chain ERP [enterprise resource planning] software team on making authorized trading partner status a required part of the vendor sign-up process.”
So far, the biggest hurdle to implementation for IU Health has been its inventory management system. “For example, we still don’t have 100% readability of the 2D barcodes, which is a sizable gap,” Dr. Klink said. “While road bumps are expected with any implementation or technology, we’ve struggled with workflow issues where the DSCSA governance is silent. Therefore, local determination is necessary, such as whether or not we separate products that have DSCSA tracking from those that do not, or do we trace internal product distribution within our entity?”
Some time has been added to the inventory management process as a result of DSCSA, Dr. Klink said. “We don’t have the luxury of adding team members, so what we’ve done is added time. Once you get used to the platform, it isn’t exponential, but first exposures to the system increased receiving process from 30 minutes to two hours at some sites depending on initial workflow, which is not consistent across the organization, therefore presenting its own set of challenges. But that improves with familiarity.”
For retail sites that use a different inventory system, she added, “it sped up the process as manual keystrokes were replaced with quick scans. All in all, the program will add additional steps, but team member savviness and using barcodes to represent keyboard strokes has reduced the burden significantly.”
Equipment “is another weird snag that has come up,” Dr. Klink added. “We didn’t fully anticipate the scrutiny of additional expenses, IT requirements, sourcing barriers and space constraints. Once you have chosen a partner, I recommend you make a comprehensive list of exactly what the system requires and why it requires it to distribute. Items such as specific cables, computer types, monitors, printers and/or long-range barcode scanners may seem straightforward but can halt a go-live in its tracks if not exact.”
Larger systems likely need between four and five genuine experts working on their DSCSA compliance team, Dr. Klink said. “Take advantage of anybody you already know who’s got the system in place. We’ve opened our doors to external groups to come in and watch us. Training videos are great, but there’s no substitute for directly engaging someone in this process.”
The sources reported no relevant financial disclosures other than their stated employment.
This article is from the September 2023 print issue.