Spherity and U.S. pharma?
The U.S. Drug Supply Chain Security Act (DSCSA) aims to secure patient safety by increasing supply chain integrity. Hence, all pharmaceutical supply chain actors should ideally only interact with those that meet the DSCSA Authorized Trading Partner (ATP) status when they engage in electronic product identifier (PI) verifications, in particular in relation to suspicious or returned product investigations.
Spherity is a software start-up specializing in enterprise identity solutions. In association with industry players including Legisym, Center for Supply Chain Studies, rfxcel, SAP, Novartis, Johnson & Johnson, Bristol-Myers Squibb, AmerisourceBergen, GS1 US and HDA, we have addressed the challenge of authenticating a trading partner’s identity and authorizing them in DSCSA-regulated electronic PI verifications that are facilitated by Verification Router Service (VRS). The original solution is based on cryptographically verifiable credentials. This credentialing approach has been developed further collaboratively within an industry collaboration called the Open Credentialing Initiative (OCI). The method introduces a new layer of security, efficiency, and convenience to DSCSA compliance for any VRS-enabled pharmaceutical supply chain actor.
The credentialing solution began as a classic technological innovation project in April 2020 with Spherity and other companies representing different segments of the U.S. pharmaceutical supply chain coming together in a cross-functional pilot. Explore the published pilot resources for detailed information. After successful conclusion the team realized that true industry-wide innovation will not happen in isolation. A close partnership emerged from the pilot between Spherity and Legisym, an expert in regulatory compliance technologies for the pharmaceutical industry. To standardize and evolve the piloted solution, Spherity and Legisym spearheaded the foundation of OCI, a non-profit industry collaboration, in April 2021. Thus, the innovation has been threefold — at technological, compliance, and governance level. 2022 was a pivotal year for the Spherity-Legisym partnership and OCI yielding not only matured architectural and governance frameworks for the latter but also a commercially ready solution for the former.
Technological innovation: Spherity leverages decentralized identifiers in combination with verifiable credentials (VCs) as a new layer of trust in digital interactions. Each decentralized identifier is uniquely and cryptographically verifiably associated with a pharmaceutical trading partner. A VC is effectively a translation of existing real-world evidence, including trading licenses, into a specific standardized electronic format. These identifiers and credentials are stored securely in a piece of software called a digital wallet. By presenting an organization’s VC to a counterparty through electronic PI verification messages facilitated by VRS, supply chain actors are able to identify trading partners as intended by DSCSA in secure electronic processes. The key advantage of the described digital credentials is that they can be independently automatically verified unlike other identifiers (see below).
Compliance innovation: Initially, pharmaceutical supply chain actors intended to rely on existing enterprise identifiers for the accurate identification of trading partners in PI verifications, in particular global location numbers (GLN) or data universal numbering system (DUNS) numbers as well as existing manual or semi-automated look-ups of compliance information, such as trading licenses. However, in electronic interactions, the receiving party cannot be sure that an entity providing the aforementioned identifiers is indeed who they say they are because their identity and provided details cannot be independently verified. It poses a challenge to reliably associate such identifiers with separate evidence for trading authorization increasing the complexity of due diligence. In addition, there have been cases where GLN were not well maintained, e.g., they were not active or not associated with the expected entity. Thus, existing means had left a compliance gap that the credentialing method has now plugged. Besides the technological qualities of VC solving the challenges around the assurance of the interacting parties indeed being who they claim to be and possessing the appropriate trading authorization, Legisym’s assessment of the existing compliance landscape has enabled the adaptation of due diligence processes and available pieces of evidence with a high level of assurance for use with this novel technology.
Governance innovation: To bring true value to the US pharmaceutical industry as a whole, ecosystem thinking must be applied. To create not only an isolated solution but allow for industry-wide interoperability and adoption, Spherity, Legisym, and others have co-founded OCI as a governance platform for the credentialing method, forum for industry stakeholders, and to create the foundation of an open market for other service providers to join. Under the stewardship of the Center for Supply Chain Studies, the Spherity-Legisym partnership has been a leading force within OCI in the creation of the technological architecture, conformance criteria, and organizational governance as well as industry-wide alliances and educational efforts.
Gains in productivity, supply chain safety, and efficiencies
Supply chain safety — automation: DSCSA has been enacted to enhance supply chain safety. By enabling the automation of aspects of legal compliance, ATP credentialing directly pays into fulfilling the promise and intent of the law.
Supply chain safety — auditability: Equipped with monitoring and reporting features, the Spherity solution, named CARO, generates automated audit trails enabling timely investigations.
Productivity — staff time: Credentialing involves the conversion of real-world evidence provided by each trading partner to Legisym into electronically verifiable credentials in a one-off enrollment. Any interactions between trading partners leverage these credentials through automated checks. Thus, the due diligence process in the context of PI verifications becomes a passive, entirely hands-off exercise for trading partners on either side of an exchange. This means that (1) an individual company does not need to undergo a separate due diligence process with each new trading partner and (2) that staff are freed up from due diligence-related tasks. For example, a manufacturer does not need to vet every single dispenser before reacting to a product enquiry because the dispensers have already been vetted within the credentialing system. Legisym’s ongoing monitoring keeps verifiable credentials active for as long as trading partners maintain their businesses in good standing.
Productivity — speed: While DSCSA allows for up to 24 hours, there is a drive by trading partners to achieve response times of under one minute to PI verification requests by using automated electronic systems. Consequently, the ATP check must happen in the same timeframe. The credential-based system is able to handle both the ATP and the PI verification requests within far less than one minute.
Efficiency — operations: The credentialing approach alleviates the additional compliance burden on supply chain actors caused by DSCSA, as it maximizes the use of existing processes as much as possible. (1) Legisym leverages existing licenses/registration etc for due diligence and eliminates the need for repetitive checks. (2) Thanks to fully API-based integration of VRS providers with Spherity’s CARO, trading partners have no technical implementation effort. Hence, ATP authentication can be incorporated into existing processes without disruption.
Efficiency — market: The ecosystem approach through OCI opens the market to any company aspiring to be a service provider, as shared information and standards are openly available to lay the foundation for industry-wide system interoperability. This avoids monopoly-like pockets, vendor tie-ins, and encourages competition through value-adds or pricing.
Efficiency — joint innovation: The ecosystem approach through OCI encourages the involvement of various industry stakeholders and, thus, enables the development of solutions that are needed and fit for purpose, as they are born from within the industry.
DSCSA will reach its final enforcement deadline on Nov 27, 2023. If you would like to know how our credentialing solution CARO can support you on your DSCSA compliance journey, don’t hesitate to contact us today and take advantage of our free trial.
We look forward to supporting you on your compliance journey!