Amsterdam to Washington: On a DSCSA mission
It’s a sunny Sunday afternoon. I board the plane in Amsterdam. Four documentaries and a couple of meal breaks later, and I find myself in Washington DC.
Monday morning… jet lag doesn’t seem too bad. Off I cruise for a bit of sightseeing before setting up the booth with my Spherity colleagues at the HDA Traceability Seminar.
No news is…
Following HDA’s welcome note, FDA is on first. In the run-up to this moment, there may have been some uncertainty among the audience and other observers about a course-changing announcement. But no! FDA stands fast by the originally announced end of the DSCSA Stabilization Period on Nov 27 this year. The agency has been keeping its ear to the ground, though, to keep track of industry readiness, for example, through RFI and its public-private Partnership for DSCSA Governance (PDG).
Leigh Verbois emphasises that this isn’t Groundhog Day. We’ve moved forward. There are new faces in the room. More and more people are realising that this is real. However, there are still many challenges, especially around data quality, lack of awareness amongst the uninitiated and too little initiative from those who might still hope that the last 10+ years were just an uncomfortable dream. All you’ve gotta do is wake up. FDA certainly gives a resounding wake-up call.
You’ve got 3 months left. Use them!
For those who really struggle, FDA reminds us of the small dispenser exemption and touches on the Waivers, Exceptions, and Exemptions (WEE) request process.
Of note for me is that one of the key takeaways from their midway checkpoint at the PDG-FDA Joint Public Meeting in June was that the industry wants “additional guidance on how to confirm the identity and status of an authorized trading partner” (ATP).
“Hello, OCI-specified verifiable ATP Credentials”, says that little voice in my head excitedly. And then this other little voice pipes up.
Nobody cares, Chris.
Wait, what’s that?!
People are so preoccupied or even bamboozled by all the struggles with EPCIS data exchange and consequential exception handling that Verification Router Service (VRS) and adjacent technologies like verifiable ATP Credentials are considered a distraction.
Of course, let’s sort out the data flows. That’s right. When the data flow, the products flow. Good supply to patients is also FDA’s priority.
Yet, VRS can be set up in parallel. Service providers try and make it as smooth as possible. It doesn’t need to wait for all the EPCIS fixes, which — as a whole — will likely take considerable time anyway.
I keep hearing more often now that a Product Identifier (PI) Verification sent through VRS may even be used as a backup check when EPCIS data files have not been received or contain errors. One of the checks to create confidence in the product on your shelf.
VRS-facilitated PI Verification as part of exception handling, basically.
Mind, PI Verification is not a check of the EPCIS file. It checks whether the PI and, thus, the hopefully untampered product right in front of you truly originated from the manufacturer. It’s like those provenance checks that some fancy tech-affine wineries let you do with scannable codes on their bottles. Thus, PI Verification won’t give you a whole dataset. But at least, it’ll tell you whether the PI is legit.
Even better, if the PI Verification messages have verifiable ATP Credentials attached to them, both trading partners have instant assurance that the other side is duly authorised, i.e., an Authorized Trading Partner as defined by DSCSA. That’s not just another tick in the DSCSA compliance box. It’s real-time assurance at transaction level — whether you’ve dealt with them before or not. Fully automated ATP checks that happen while you blink instead of emails, phone calls and whatnot… like a TSA PreCheck that spares you the long queues on each journey.
VRS is up-to-date
An important point made at the VRS Roundtable is that there’s some product information you won’t get from the EPCIS file, such as expiry date extension, recall information, or decommissioning. Manufacturers leverage the lookup directory (LD) that underlies the VRS network to convey such information.
I hear a couple of manufacturers say during the Roundtable discussion that they’d prefer if even primary wholesalers used PI Verifications instead of direct-to-replicate checks, as the wholesaler’s database might not always have current data.
What’s a lookup directory?
It’s like a PI phonebook for the GTINs or NDCs of participating manufacturers. In order for a VRS provider to route your PI Verification request to the correct manufacturer, they need to look up the data associated with a GTIN or NDC to know where to send your request. That’s what the LD helps with. In reality, there isn’t just one central LD, but several… about half a dozen active ones, maybe a couple more. Originally, the beautiful idea was to have one blockchain-based LD but, unfortunately, this didn’t impress at the operational level. So, service providers went off to build their own. Some of those newer LDs are shared, others are only used by their creator. However, all LDs sync with each other to create a shared truth, that is, one industry-wide PI consensus list.
The VRS network is not a closed club
In the final discussion panel we hear that LD synching can be challenging, which is one reason why HDA has become a home for VRS providers and has started to create governance around the required collaboration between those competitors. While not every provider of VRS or associated services (like credentialing) is a paying HDA Verification Router Service Provider Network member, anyone active in that scene keeps an eye on its developments, contributes to discussions and helps resolve issues.
Of note, OCI has been maturing its governance and conformance guidance over the past three years to align service providers involved in ATP credentialing. These service providers are also involved in the VRS network, and OCI and HDA collaborate as required.
It’s a matter of time and practice
Once upon a time, EPCIS was the new kid on the block. Now it’s THE recommended standard for product transaction data exchange. Especially upstream trading partners have been adjusting their systems to be able to send and receive EPCIS data. Improved data flow downstream will get more and more trading partners EPCIS-ready.
VRS and ATP credentialing are in earlier stages of the technology adoption curve with the latter depending on the former. Nevertheless, current estimates are that about 10% of LD-logged GTINs are covered by OCI-specified ATP Credentials. This means that manufacturers have already acquired ATP Credentials to streamline compliance operations. That’s decent, considering we’re in a very early adoption phase. But it doesn’t stop there. OCI has also specified credentials for regulators (Authority Credentials) and ATP-like entities (ATP Equivalent Credentials) that can be used in VRS-facilitated product verifications.
See you around!
I leave Washington DC with my head spinning from all the insights and impressions gained, and happy that I got to catch up with at least some familiar faces and some new acquaintances. It was a trip worth the jetlag. Take care!