The Drug Supply Chain Security Act (DSCSA) is a federal law that was enacted in 2013 to create stricter regulations on the prescription medication supply chain. For healthcare facilities that dispense medications, DSCSA compliance is critical for safeguarding patients from harmful prescription drugs and avoiding violations and penalties.
The Act established guidelines for implementing a national, electronic, interoperable system for tracking and tracing all prescription medications. Because compliance entails the setup of specific IT infrastructure, the Food and Drug Administration (FDA) allowed a 10-year rollout. While some deadlines were delayed, most healthcare facilities that dispense prescription medications must now meet all DSCSA requirements — and the FDA is actively engaged in inspections for violations.
Given the extended timeline and complexities of the law, many facilities have been left wondering if their medication-handling practices check all the boxes. In this FAQ, we'll address your questions about DSCSA compliance requirements and how they apply to healthcare facilities. We'll also answer your questions about DSCSA deadlines, violations, and exemption requests.
Drug Supply Chain Security Act: History and Overview
The FDA is a federal agency with a long history of enforcing safety regulations for a range of products, including medications. The Food, Drug, and Cosmetic (FD&C) Act of 1938 is the primary, overarching law that the FDA enforces. This parent law has been amended many times, as the FDA reacts to changing technology and incidents in the industry (such as patient deaths).
The Drug Quality and Security Act (DQSA) is an amendment that was enacted in 2013 in response to a fungal outbreak caused by unsanitary medication compounding conditions, in addition to mounting concerns about the safety of the global drug supply chain. The DQSA contains two parts:
- Title I, the Drug Compounding Act deals with compounding medications.
- Title II, the Drug Supply Chain Security Act is intended to prevent harmful drugs from entering the prescription medication supply chain.
FAQ About DSCSA Compliance
Below, we'll answer common questions about compliance with the DSCSA and the technology and systems involved.
What is the DSCSA?
In healthcare, "DSCSA" stands for the Drug Supply Chain Security Act. When it was enacted in 2013, the DSCSA established a roadmap for creating a nationwide medication track-and-trace system. This comprehensive electronic system is intended to safeguard patients from counterfeit, contaminated, or otherwise harmful prescription drugs. The standards involve the use of specific technology to safeguard the medication supply chain from the moment the drug is made to when it's dispensed for patient use.
What are the key components of the Act?
It establishes that specific businesses and individuals along the healthcare supply chain must adhere to regulations for handling prescription medications (or "products"). More specifically, the Act addresses:
- Product tracing.
- Product identification.
- Product verification.
- Engagement with others in the supply chain.
- Notifying others about illegitimate and harmful products.
What types of medications does the act cover?
The DSCSA only covers prescription drugs in a finished dosage form (such as a capsule or tablet) for human use, referred to in the law as products.
The Act does not apply to:
- Blood or blood components.
- Radioactive drugs or radioactive biological products (which are typically regulated by the Nuclear Regulatory Commission).
- Imaging drugs.
- Some intravenous products.
- Medical gases.
- Some homeopathic drugs.
- Over-the-counter medications.
- Medications intended for animals.
What is DSCSA compliance?
Under the law, healthcare facilities with in-house pharmacies (or other means of dispensing and administering prescription medications) are typically considered dispensers. There are multiple DSCSA requirements for dispensers, and compliance involves meeting each standard. For example, a dispenser must:
- Only accept a prescription medication that arrives in tandem with transaction information (TI), and a transaction statement (TS).
- Keep a record of each medication's TI and TS for at least 6 years.
- Furnish records promptly when a medication is under investigation.
- Only engage with authorized trading partners.
- Only accept, sell, or return serialized products.
- Only engage with products that are marked with appropriate product identifiers (e.g., a National Drug Code (NDC) that may be embedded in a barcode, a lot number, and an expiration date).
- Establish systems to identify suspicious medications.
- Establish a system to notify the appropriate parties of receipt of a suspicious or illegitimate medication.
What technology is involved in the federal prescription drug track-and-trace system?
Establishing a cohesive system for tracing all prescription drugs across the country required standardization of the related digital information. To achieve this, the FDA recommends the use of the Electronic Product Code Information Services (EPCIS) standard.
EPCIS provides a shared language for tracing and verifying products and associated events (such as movement and sales). Healthcare facilities may work directly with EPCIS data, or use compliance software or a third-party vendor to interpret and manage the data.
What are some indications of noncompliance with the DSCSA?
Noncompliance can take the form of faulty packaging verification, or engagement with unauthorized drug manufacturers and vendors. Specific red flags to watch for include:
- Discrepancies in the amount of a medication purchased and the amount dispensed to patients (can indicate unrecorded transactions with an illegitimate supplier).
- A lack of documentation that all purchases are made from authorized trading partners only.
- Acceptance of products that don't carry proper product identifiers (e.g., an NDC, lot number, and expiration date).
What are some examples of potential DSCSA violations?
The latter phases of rollout focused on the electronic data exchange requirements of the DSCSA, meaning many of the manual methods of handling prescription medications are now noncompliant. However, the FDA did grant certain "small dispensers" an exemption from these requirements to provide some extra time for adaptation.
For larger facilities that have passed all of the DSCSA deadlines, activities that could lead to a violation include:
- The use of paper-based tracking methods.
- Inadequate organization of electronic medication purchase and dispensing records.
- Acceptance of medication shipments without corresponding electronic transaction data (TI and TS files).
What is DSCSA exempt status?
A facility may be considered exempt from the regulations once they receive a waiver, exception, or exemption from the FDA. This is typically done by filing a request via the FDA's CDER NextGen Portal that details the specific requirements the entity wishes to be released from, the reasons why, and the steps that will be taken to ensure patient safety if the request is granted. For example, a dispenser could request a waiver for reasons related to the economic hardship involved in meeting specific DSCSA requirements.
Learn More Ways to Strengthen Your Compliance Efforts
Proactively strengthening your DSCSA compliance efforts could protect your facility and the patients who come to you for care. Want more compliance tips? Lean on our expert-backed healthcare resources and guides to navigate changing regulations with confidence.