Preparing for Electronic, Interoperable Product Tracing

Dan Walles: Good morning to everyone. Thank you for joining us again for the next session in our DSCSA 2023 webinar series. Today we'll be jumping into a topic that I think is one that probably deserves some more attention in the industry as we're rapidly approaching the November date, and that is the requirement around product tracing.

Today I'm joined by one of my colleagues, Elizabeth Waldorf, who, as many of you know, is quite a rockstar in the industry as it relates to setting the standards and guidelines around traceability.She works deep within the industry, within GS1, within the industry organization such as HDA, to really start to drive the discussion, define the use cases, and set the standards around how we all meet DSCSA.

I'm really happy to have Elizabeth with us to walk us through what is going on right now as it relates to product tracing and where we are as an industry. As I had mentioned, this is the last of the manufacturing and wholesalers' scheduled topics. You see all the other topics that we've covered here over the past couple of months.

We will be initiating a new webinar series in the coming weeks with a focus on getting alignment on the requirements. We want to jump more deeply in preparing and organizing your solutions in your deployments.

In the coming weeks, you'll see a new set of topics where we'll be hearing from members of industry. We'll also be bringing in some of our customers who will speak directly about their experiences as it relates to implementing DSCSA. As usual, as Melanie has mentioned, this session is being recorded. All the previous recordings are available, as well, through our website.

Specifically for today, what we would like to do is provide some education on what is the requirement for interoperable product tracing, as is defined by DSCSA as well as PDG, the Partnership for DSCSA Governance.

We'll also touch upon the role of Authorized Trade Partner credentialing. We referenced this topic during our verification webinar a few weeks ago, and this has a role to play in product tracing as well. We want to just reintroduce that topic from a definition perspective.

Elizabeth will take us through what the industry progress is around product tracing. There's been some recent developments coming out of PDG that Elizabeth will walk us through as well.

One of the things that we hope that you keep in mind as we talk about product tracing and the requirement to assemble information across the supply chain essentially on demand, is that we want to make sure folks are understanding the most effective way that we believe to accomplish that is through a network.

Obviously, TraceLink’s network positions you quite well for being able to meet the requirements around product tracing.

Before we get into that, I'd just like to level-set the group a bit on TraceLink in where we are as a company, and where we're going. We have a lot to do this year in the area of DSCSA, and that is our primary focus as an organization.

As you see here, we have just about 1,300 total customers. Many of them are partnered with TraceLink for the requirements of DSCSA, inclusive of serialization and verification. A number obviously with lot-level traceability, but certainly a number of our customers are working with TraceLinks and have already deployed their solutions for the exchange of EPCIS information.

This number here of point-to-point integrations, in the active ServiceLinks and the point-to-point integrations, is something that we established across our network with our customers and their partners to help them meet the 2015 DSCSA requirements.

It's important to recognize if you are a TraceLink customer: the bulk of the work, the heavy lifting has already been done as you establish those integrations and connections for the lot level. Those are the same integrations and connections that we will be using to exchange the EPCIS information. It's an important takeaway for our customers to recognize.

We continue to invest heavily in our R&D and services organization. We believe as an industry where we've been through this now a number of times with different DSCSA milestones.

We really want to impress upon you that having a team at the ready both from a solution and product perspective, as well as a service perspective must be in place now in order to be able to support customers as they go live with their deployments, their go-live. Then that critical period beyond November 2023, as the industry acclimates to DSCSA and item-level traceability.

If you're not a TraceLink customer and you're working with an organization, it's important to understand what their ability is to service you as your solution provider. If they do not have the staff in place, it's really that window of being able to identify people, ramp them up, train them is closing quite rapidly.

In this final column here, talking about our experience with just managing serialized products as well as transaction histories. We're going to start to see more requirements around transaction processing in operational real-time requirements than we've ever seen before.

DSCSA, for all the good that it will do for the industry, really has the potential to grind our operations down. It's important that we were able to scale, and our solutions and our systems are able to scale to meet the requirements. TraceLink has certainly been investing in that for 10 years since 2009.

Through our experience, what this has really led to is that although we're very hyper-focused on DSCSA, DSCSA is really one thread of a number of business imperatives that are happening within these organizations, within our customer base.

Traceability, whether it be from a requirement perspective, a regulatory requirement perspective, or from a good business practice, is increasing. Not just in pharmaceuticals, we see it in medical devices, nutraceuticals, and cosmetics too. Just the ability to be able to recognize where my products are, and where products have been—it is increasing to board-level discussions within our customer base.

Key terms like traceability, transparency, visibility, collaboration, sustainability, all leads to just being able to digitize your supply chains. This is really the challenge that TraceLink is setting out to help address and work with our customers to address.

What we believe is that this challenge speaks to a new paradigm or a new model which we refer to as the Internet of Supply Chains. In order for us to be more transparent, to be more reactive to changing conditions, to be more proactive in managing our supply chains, we not only have to digitize our internal processes, but we have to do that across a network.

We need to be able to link people, processes, systems, and enterprises together. That is at the heart of what we are building within the TraceLink network. We certainly have talked a lot about the integration benefits of the TraceLink network. There's much more to it than that. It's really this platform that allows our customers to create digital networks for all processes.

We are focused on and have been focused on traceability as it relates to serialization and compliance in various government mandates. These are digital networks and processes that we are now starting to expand into other critical supply chain functions such as purchase orders and invoices and exchanging inventory information.

Being able to share those processes and applications across the network to drive that cross-functional and cross-company execution. I'd say different and unique and beneficial to our customers and doing that across the network.

I'll call your attention to this dark green box here in doing it in a way where we've established a common data model for the information across the network results in an incredibly clean and an incredibly actionable data set representing the motion of our supply chains for our products.

That now starts to allow us to do innovative things in the area of what we refer to as collective intelligence where we're able to very quickly detect signals happening in the supply chain, in the area of drug shortages, to be able to quickly assess the impact of recalls.

When you're looking at DSCSA, we have to make sure we meet the regulatory requirement sitting in front of us.

This is a seminal moment for the industry where if we take a step back and we say, "If I take a thoughtful approach to DSCSA and create this asset of serialized product, fully integrated network of my supply chain partners and then a solution platform or a software platform that allows me to do some innovative things with that information," it now starts to become incredibly valuable in these organizations.

One of the reasons we feel so confident in our ability to be able to deliver this type of capability is, we've been doing it for the past 10 years going back to 2009, over 10 years as we've pursued with you the various serialization and regulatory requirements that we faced as an industry whether it'd be in the U.S. with DSCSA or EU FMD in Europe.

Many of you partner with TraceLink for Russia, China, India, the Middle East is moving with a number of countries in the Middle East driving requirements. We've had this global case study for deploying the first Internet of Supply Chains solution area that is in that area of global compliance and traceability.

On the backs of that, you can see some of what we've been able to do from a customer perspective as well as a trade partner perspective. This has led to the growth of our network to over 290,000 network members today. A great foundation to build upon to allow us to start to create new digital processes that help us run a more efficient supply chain.

That is the focus of the Opus platform that you've heard us refer to. It's rooted in this digital supply network and provides the tools and capabilities that you would expect around network administration for the right governance around that network. Our “Integrate Once and Interoperate with Everyone” model. Catalogs of data translation maps and application catalogs that we're building out.

Something that we haven't spent much time on is this low-code application development area that we are starting to build out. It not only allows TraceLink to rapidly develop solutions into the market but allows our customers and their systems to integrate partners to start to build out applications on the Opus platform.

Today, we're going to be focused in on serialization and traceability, and regulatory compliance with a specific lens toward DSCSA. But you can start to see the expansion of the solution set to tackle other problems that are top of mind for our customers, that are all in the area of how do we make our supply chains more responsive, more adaptive, more transparent.

With that as our backdrop, we want to take a deep dive into the requirements around product tracing. With that, I'll hand it over to my colleague, Elizabeth.

Elizabeth, you want to take it from here. I'll drive the slides for you.

Elizabeth Waldorf: Thanks, Dan. I think we'll start off on the next slide going over the DSCSA regulation. I am not going to be going over every passage in our DSCSA app. What you wanted to highlight here is what's going to kick in starting November 27, 2023.

As you can see section 582G, DSCSA talks about what's called enhanced drug distribution security. What it says, that it's 10 years after the date. What kicks in is inoperable, electronic tracing of product at the package level requirement.

Those are big keywords to keep in mind because that's what's actually changing when it comes to November 27. In terms of inoperable and electronic that governs the information and transaction statements that are leading to the exchange by trading partners.

The FDA recognizes that there are a variety of technological approaches. One of the things for which they luckily provided guidance in July of last year, is letting us know that the recommended way or the recommended approach by which we should exchange TI-TS information would be through the GS1 standard EPCIS.

What you could see there on the right hand of the slide is a snippet, a little view of the details of what does EPCIS look like in the messages that we exchange. This is just a depiction of how in EPCIS we express a particular set of serial numbers in an EPCIS that is known as EPC.

It's really what's being termed as the SGTIN, which is the GTIN plus the serial number, which makes that particular package-level product unique. Not to dwell on all the specific details, I just want to give you a sense of what that electronic interoperable tracing information in the form of EPCIS looks like. The next slide, Dan.

What I wanted to highlight as well is beginning November 27, 2023, what is changing in terms of the information that's being exchanged. Before that and currently in the lot level, we have the T3, the Transaction Information, Transaction Statement, and Transaction History.

That is, in terms of November 27, 2023, when we talk about package-level tracing, what that means is that we are picking up additional information, such as the serial number and expiration date on the transaction information.

Everything else in terms of the master data regarding that product as well as the transaction information like date of transaction, date of shipment, and the partners that are exchanging, the front party and the two-party, those are all staying the same.

We're just adding the serial number and expiration date, which gives it the package level. The transaction is still there, but one of the big things is that the transaction history is no longer a part of that exchange. It becomes T3 to what you could say T2, which is basically the TI and the TS.

On the next slide, Dan, what I wanted to focus on in the 582(g) section of DSCSA is what pertains specifically to tracing. I wanted to just read a few of those and highlight some of the requirements.

Under this particular 582(g)(1)(D) and (E), it states that you have to be able to promptly respond with a TI and TS, the T2 that I mentioned earlier, for a product upon request by an appropriate federal or state official in the event of a recall, or for the purpose of investigating a suspect or illegitimate product.

This particular 582(g)(1)(B) section gives us many things. The ones that I highlighted is how quickly should that request be initiated. How quickly, and it says promptly. For what purpose can it be done, a tracing request, in the event of a recall or for the purpose of suspect or illegitimate product investigation?

Then (E) gives us again, the word prompt in order to be able to facilitate gathering of that information. In a sense, we're collecting that information to produce the TI for each transaction going back to the manufacturer.

While we don't need to be providing transaction history every time we exchange TI-TS information, should there be a tracing request? There is a regulatory requirement for the party receiving the request to be able to promptly gather that and get that information that goes back to the manufacturer.

The information is going to flow off through because the regulators, which is stated in (I) as the appropriate federal or state official, will need to be able to get the information for the purpose of a recall or investigation of suspect or illegitimate product.

There is also provision, in addition to the federal or state, that in the request by an Authorized Trading Partner, so there is another party that could initiate that request. When that request is initiated, that must be done in a secure manner, protecting the confidential commercial information for the purpose of investigating a suspect product or for assisting federal or state officials.

There is a lot of emphasis and keywords on the promptness, who can make that request, and for what purpose. On the right, you will see that there is a model explaining who could make that request, and you see that it's bi-directional.

When a regulator or an Authorized Trading Partner makes that request for the specific reason stated by the law, then that request is received by either manufacturer, wholesaler, or dispenser, anybody in that supply chain in that chain of ownership change, could possibly be getting a request. There would be a response back to the requester.

As you can see here, you would make a request and do a response. In terms of responsibility of that information that you're giving, it is what you have. The transaction information that you have. Between a manufacturer and the tracing requester, it's that information. The information that this product as a manufacturer was made and sold to the next party.

If it's a wholesaler, who's now involved with sourcing the product from the manufacturer and then selling it to the dispenser, given a tracing request, then they have those two pieces of information to provide. They have the TI and TS that captures their transaction with the manufacturer. Then they TI-TS that captures that information for the dispenser.

The dispenser when requested, they have the information, the TI-TS for the transaction that they have from their supplier, the wholesaler, or if they supplied it directly from a manufacturer, that would also be a TI-TS that they received from the manufacturer. This is what's called the one-up/one-down model. We'll cover that a little bit more on the next slide.

As I mentioned, this tracing model is what's being discussed in a series of many months that we have spent as an industry through the PDG working groups. The tracing workgroup is one of the interoperable workgroups in that. What we have modeled is a one-up/one-down.

While we would have liked to have a definitive way, but as you could see from the law, there are some generalities that's provided. It says electronic and interoperable, and it says promptly, but the specifics of what those characteristics and what that really means is really left for the industry to decide.

At this moment, from a tracing perspective, there are multiple ways that are being discussed in terms of how that communication, how that tracing requests and tracing response would flow through the various trading partners. Among those choices are doing it through an API call, email, or portal.

Now, API is the most sophisticated of that from a technology perspective, because that is what's enabling each system to communicate with each other. It would be standardizing a particular tracing request with a set of parameters and then responding, again, a standard message of what that response would look like.

As I mentioned, that is the most advanced and requires more technology development and connectivity. As the tracing requirements and tracing choreographies are still evolving, the industry has also put forth investigating the possibilities of potentially satisfying it through emails or portals.

Some of these are not as ideal, but as the maturity of the tracing requirements and choreography evolves, then we would see more likely a drive towards a more sophisticated technology approach. One of the things for consideration are the different capabilities of the supply chain.

As you could see, a tracing request and response affects not just one segment or stakeholder, but it affects all parties. Part of the decision to build a tracing solution is to consider the capabilities of not just the big supply chain players, but even the capabilities of the smaller businesses.

One of the things, for example, with the portal, the portal helps provide that information centrally. One of the considerations, for example, for dispensers is that if they are buying from multiple wholesalers, if they're sourcing it from multiple wholesalers that provide the portals.

When a tracing request comes in, it's possible that they would have to connect to multiple portals, being able to manage those complexities are some of the things that need to be considered, the pros and cons of each of the approaches.

Like I said, the industry is going to continue to explore it as more and more information in terms of serialized TI-TS is exchanged, and as more and more experience comes about in terms of the tracing request.

In terms of the format, when a tracing request or tracing response is provided, again, there are several technology choices. It could be through JSON or XML. Those are basically the structured way of identifying the particular attribute that's being requested. There's also the CSV providing that ability to initiate that request and list out all of the serial numbers.

For example, the SGTIN information being requested, and then being able to get that response back for the TI-TS accompanying what's being requested in a CSV format or in a PDF.

Again, the industry hasn't really prescribed a particular way, but as you can see further study and exploration are going to be done. As it matures and as there's more volume and complexity, it's likely that we would have to be going towards a more structured method.

The other piece that is very ambiguous in terms of the law, is “promptly”—what is prompt? Now, based on 582 of DSCSA, it is stated, "the timeline for responses to requests for information shall be not later than 24 hours." It's pretty tight.

Now, in terms of the FDA draft guidance, we also received information about promptness. It says "Should respond within one business day of the request." While 24 hours, but in terms of the draft guidance, there is a qualifier of it being a business day.

We're all waiting for that final guidance to be published by the FDA. I hope that we would get more details and definitions that would help eliminate some of the ambiguities that we have currently. Next slide, Dan.

As Dan and I mentioned, a lot of the explorations and ideas of how to better define, so the law gives us the requirements, but the specifics are really determined by the industry.

The PDG interoperability working groups have been working for about a couple of years looking at these details, trying to help the industry define and eliminate some of the ambiguities. How can we make it more implementable?

The good news is, hot off the press just on Monday, four of the functional design chapters that we have been, as an industry, meeting and talking about refining have now been published. There are four chapters that are now available for you to view and download from the PDG website.

Chapter two crosses all the various requirements of DSCSA in terms of the areas of serialized TI-TS verification and tracing, it's more like an encompassing chapter for interoperability. Chapter three goes into the details of verification. Then, there's a chapter on tracing.

A lot of what you will get is basically the summarization. What is the outcome of all the debates between the industry stakeholders? We had gone through the pros and cons, and in this publication, we have now summarized what are those basic agreements in terms of what the industry believes to be feasible for implementation.

There is one outstanding chapter—it's been developed, but it's going through the final stages of review and approval of the various voting members of the PDG. Stay tuned for that. I anticipate that it will be published before too long, hopefully within a month, maybe another publication there.

On the next slide, this is the chapter that is actually going through the final stages of review and approval. We want to make sure that we resurface key terms regarding Authorized Trading Partner and credentialing because it's very key when making a tracing request and a tracing response.

The parties involved in that communication channel need to know that, "Is the party making that request who they say they are? Are they an Authorized Trading Partner?" Similarly, when responding to it, the party who's making that request would also have to ensure that the party making that response is indeed who they say they are and an Authorized Trading Partner.

What does it really mean to be authorized? Based on the DSCSA, an Authorized Trading Partner, if they are a manufacturer or a re-packager, what that means is that they have to have a valid registration. If they are a wholesaler, that means they have to have a valid state license, and they have to comply with the licensure reporting requirements of DSCSA.

If they're a dispenser, then they have to have a valid state license. What is a trade partner? Trade partner, based on DSCSA, means all the various parties performing a particular function. There's manufacturers, re-packagers, wholesalers, and dispensers. Again, these are partners involved in the change of ownership because the DSCSA is about transfer of ownership.

Credentialing essentially is a way to be able to identify the trading partner to ensure their identity as well as confirm that they are an Authorized Trading Partner based on those registration and license requirements as defined by DSCSA. It's doing all that due diligence.

Now, while those can be done manually, with the requirement of having to do tracing requests and tracing response promptly within that 24 hours or within that one business day, it is extremely beneficial to be able to do this in a more digital way through the verifiable credentials.

That way, digitally, we could as we are exchanging the tracing requests and tracing responses provide the credential of the party making the request and the credential of the party responding to make sure that we are being as efficient as possible and spending the time for that 24-hour period in collecting and gathering the information as opposed to proving and investing the time to do the due diligence.

These are all efficiencies that help us prove a key requirement of DSCSA, again, Authorized Trading Partner. Dan, I think that covers my portion of the presentation, I'm going to turn it over to you.

Dan: Great, thank you Elizabeth. Certainly, just to wrap up on this one particular topic here, we did review in a bit more detail the Authorized Trading Partner and credentialing capability and functionality as it relates to verification.

For more information on this topic, you can access that webinar [Preparing for Electronic, Interoperable DSCSA Verification Requirements] through our website—you can scan that QR code, or you can navigate directly to TraceLink.com. In that, we reviewed the key terms, but we also had some information flow diagrams that outlined how the credentialing process works in the context of a verification. This would be very similar to how credentialing would work in the context of a product tracing request once that's defined. Certainly, useful information available to you as part of the previous webinar series.

One of the things that we like to do is to make sure that our customers have the latest and greatest information available to them. One of the ways we do that is through our innovation forum. Our Cloud Community or Innovation Forum is an opportunity to accomplish a couple of things.

One, this is the most active place that we have where we're constantly pushing information into our customer base in real time. If there's one thing that you take away from today's conversation is that there's still a lot of work being done in the area of product tracing.

The industry is hard at work trying to establish the model for the industry around product tracing. We'll certainly continue with our webinar series, but as TraceLink customers, it's critical that you're registered, and either attending live or viewing the recordings or the summaries of the DSCSA 2023 Information Forum. It's incredibly valuable.

As the model for product tracing is defined, this is the forum that our product organization will be using to start to gather specific requirements from the industry. Get your fingerprints on mockups and the solution that we're bringing to market in this, to meet this product tracing requirement. I encourage you to take advantage of that.

As part of our wrap-up, I'd just like to introduce a poll to the audience. If you can just take a few moments, did you find the information here valuable and helpful to you? I know it's a topic that's not well understood and it's still being figured out by industries, so we hope that this information was useful.

Certainly, let us know if you found it useful or not so that we can adjust our topics going forward. Then, if there's more information that you're seeking, and you'd like somebody to reach out to you and contact you about product tracing or maybe it's just DSCSA in general, or maybe another requirement within DSCSA, certainly reach out to us there as well.

At this point, I wanted to take one question that's not necessarily product tracing-related per se. The question was, "As a manufacturer, a distributor will have product that has not received the EPCIS data. When this goes live in November, will the manufacturers be required to send EPCIS data on products we have already shipped?

This is an interesting topic because there's a couple of things that we need to look at. We need to look at what are the requirements under the law. Then, what are the trade partner requirements for receiving information. I'll just read the response from our regulatory panel here.

If the distributor has already received the product, they would have to have received the right T3 information. The manufacturer is sending the T3 information, which meets the lot-level traceability requirements for DSCSA. The distributor would have had to have received that prior to November 27th in order to accept the return.

Once November 27th comes along, they will not need newly configured data resend. It would only be for new shipments that are coming in. Certainly an important thing to understand, as part of the requirements. We have another question that's come in. Are 3PLs still exempt from DSCSA requirements?

I wouldn't say that they are exempt. There are licensing requirements that have been put in place. They are certainly front and center in terms of supporting their manufacturer clients from a perspective of managing serialization and traceability data so that it can be reported by the manufacturer although the 3PL does not have any direct reporting responsibility within DSCSA.

They certainly play a critical role in the information flow and enabling manufacturers to be able to meet their DSCSA requirements. Those are a few of the questions that have come in.

One thing I do want to tee up is, within the webinar series, our next webinar next week is really going to shift a little bit to start to look at what are some of the business benefits that can be achieved through DSCSA?

When you look at the area of product availability and drug shortages, I'll be joined by a couple of my colleagues, who you may have spoken to previously, Amanda Bettman and Bharath Sundararaman, who head up our supply network orchestration and the intelligent supply network solution areas respectively.

We'll cover a number of those topics in that session. I also want to call your attention to FutureLink. This is something that we haven't done in the past few years. We've dealt with this remotely, but we're certainly excited to get face-to-face with our customers and other stakeholders within the industry.

The theme for this year is all about orchestrating your end-to-end supply chain. As we talked earlier in the session, the role of DSCSA in global compliance really plays a central role in creating and digitizing the end-to-end supply chain, leading to our ability to orchestrate it, to manage it, and administrate it.

That will be the theme. It will be held at the end of May in Boston. It's a beautiful time of year in the Boston area. Certainly hope that you are able to join us for that event. It always shapes up to be a really good time and very informative.

A few things to take away. We were able to lay out from a regulatory perspective this concept of product tracing in what makes it unique, and what the specific requirements are of DSCSA. We reviewed the Authorized Trading Partner credentialing role within product tracing and restated those key terms.

Elizabeth spent a lot of time walking through where industry is right now in terms of defining the implementation plan for product tracing. This is where we really encourage you to, in addition to our cloud community, certainly take advantage of the really good work that's being done as part of the PDG group, the Partnership for DSCSA Governance.

And then continuing to impress upon you the importance of taking a network approach. We are operating within a physical network that is called the supply chain, where we have to interact with our partners, whether they be suppliers or customers multiple times a day.

Being able to digitize that and have a platform that represents your supply chain digitally has tremendous value in a number of areas but specifically when you need to assemble the serialized transaction information objects on the fly as product tracing requires you to do a network is really probably the most effective way efficient and cost-effective way to approach that.

We hope that you found this content useful. If you do want to get started in this area, certainly reach out to us. There's a variety of ways that you can connect with us. If you're an existing customer, your TraceLink account executive should be following up with you if they have not already.

If you're new to the industry or you are currently evaluating your current approach to compliance, certainly reach out to us as well. We have a team dedicated specifically to helping companies transition from their existing platform. We know that a rip-and-replace model can be scary and we don't necessarily recommend that at this point in time with November coming up.

We have some really cool models that we've established that allow you to continue on with portions of your investment, but take full advantage of TraceLink's network as you look to onboard the hundreds, if not thousands, of customers and suppliers that you might have to manage.

Certainly, reach out to us for that. With that, I thank you for your time and I look forward to seeing everyone next Thursday at 11:00 AM. In the meantime, be safe and be well and enjoy the rest of your day. Thanks, everyone.