An earlier version of this article by Spherity’s Georg Jürgens was originally published on Medium.

Under the Drug Supply Chain Security Act (DSCSA), Authorized Trading Partners (ATPs) in the U.S. pharmaceutical supply chain will be required to exchange product compliance information, including drug verification and tracing data by November 27, 2023. Compared to other countries, the regulation of U.S. drug distribution is highly decentralized. To enable secure communication and data exchange between trading partners in this decentralized set-up, interoperability is a key requirement of every solution.

Last month, OCI in partnership with the National Community Pharmacists Association (NCPA) ran a virtual conference on the DSCSA requirements geared towards dispensers and their trading partners. Participants included representatives from FDA, GS1, and PDG. While the full recording series is available on YouTube, here are some quick highlights from each day’s closing panel.

How are Dispensers Supported?

Industry players and regulators are concerned about the lack of DSCSA awareness and preparedness by dispensers and other supply chain participants. With less than a year to go until full DSCSA enforcement on November 27, 2023, an industry-wide collaborative push is needed to get everyone from manufacturers all the way to dispensers ready on time.

A pharmacist himself, Max Peoples, RPh, explained why he believes dispensers are lagging behind and how they can get up to speed now. His key advice is to get informed now. There are plenty of resources available that strive to translate the inevitable legalese into easier-to-digest material, for example, NCPA information, DSCSAEdu, or checklists from the State of Ohio Board of Pharmacy. In addition, pharmacists should talk to their current suppliers and service providers or reach out to other ones that have DSCSA on their radar.

Dave Mason from Novartis/Sandoz explained how the manufacturer helps small dispensers and distributors in cross-departmental efforts with education and technical assistance.

SAP offers a Verification Router Service (VRS); think “Pharma Yellow Pages” but fully automated and invisible. This service facilitates product enquiries between supply chain actors regardless of prior business relationships between those interacting parties; be it internationally operating manufacturers, small wholesalers, dispenser retail chains, or the local pharmacy around the corner.

SAP’s Oliver Nürnberg highlighted the importance of collaboration between competing service providers in order to reach the entire market from large to small supply chain participants and make customer onboarding as pain-free as possible. In practice, this means that even though SAP’s target market is not small business, they coordinate their efforts with other service providers who cater for those market segments to enable a functional interoperable network across the whole pharmaceutical supply chain.

Trusting the Credential Issuer?

David Kessler from Legisym explained the level of scrutiny that is applied before issuing an electronically verifiable credential. According to OCI’s requirements, a credential issuer must perform thorough due diligence that satisfies NIST Identity Assurance Level 2. This does not only involve checking such things as license numbers but also ensuring that the examined party does indeed own the license. To establish a foundational level of quality and, thus, trust within the industry, OCI mandates third party audits against its conformance criteria of credential issuers who participate in the ecosystem.

Additional trust concerns revolve around business confidentiality. Ideally, you only want a credential issuer to be involved in the provision and maintenance of your credentials. Your supply chain transactions are quite literally none of their business. The OCI-defined credentialing framework has this separation of duties built in. As LedgerDomain’s Alex Colgan put it, “Everyone is responsible for their piece.”

What’s the Big Deal about Open Standards?

In general, industry standards establish minimum quality, performance, and/or design expectations and help various actors within an ecosystem align on a common denominator. New entrants instantly know the benchmarks and consumers or service users can expect a level of consistency across providers.

DSCSA VRS providers have agreed on using a certain messaging standard for product enquiries as defined by GS1, a widely respected standards setter. This has been topped up with the OCI-defined credentialing framework, which in turn leverages open W3C specifications. Because all these standards are accessible by anyone, any service provider can participate in this ecosystem. Consequently, the use of shared standards does not only create an open market, but also the foundation for true service interoperability, a key requirement in an ecosystem as decentralized as the U.S. pharmaceutical industry. Because a supply chain participant will need a bundle of different solutions to comply with DSCSA, adherence to the same open standards makes it possible for solution providers to integrate with each other, enhance each other’s services or products and offer one-stop shops to customers.

Oliver Nürnberg outlined the multi-year testing effort that VRS providers have already gone through to create an interoperable, stable industry-wide solution with more testing of system upgrades to come. Any aspiring DSCSA VRS providers should engage now in preparation for the full DSCSA enforcement in fall 2023.

Oliver Nürnberg further elaborated on the need for competitors to work together. He voiced concerns about late market entrants trying to introduce solution approaches that do not comply with the open standards that the industry has already agreed upon. “The worst thing that can happen is that we’ll have 4 or 5 or 6 different ways of proving [DSCSA Authorized Trading Partner status]. That will make it extremely costly.” He also cautions that misalignment will counteract industry-wide interoperability but can be avoided by everyone following shared open standards.

How Can Credentials Support Product Tracing?

Alex Colgan from LedgerDomain’s XATP digital wallet explained that OCI’s work on credentialing has already laid a resilient foundation for the tooling needed to develop a potentially semi-automated tracing solution. He emphasized the benefits of open standards as a basis for confidence in the legitimacy of tracing requests, especially those coming from industry participants without prior contact.

Where is OCI-Defined Credentialing Being Adopted?

While DSCSA calls for an interoperable electronic system, it does not specify the design of such a solution. This is a double-edged sword. On the one hand it allows the industry the freedom to find the most suitable solution; on the other hand there is a risk of multiple incompatible solutions emerging, eventually leaving some trading partners behind as pointed out by Oliver Nürnberg.

Spherity’s Georg Jürgens explained in the panel discussion that “credentialing is mainly for those who don’t want to establish manual processes everytime they receive a [product identifier verification] request or response. Using credentials is a compliance decision by the individual trading partners.”

With solutions being based on the OCI-specified open credentialing framework, providers don’t need to worry about coming up with their own credentialing design. They can simply take what is there, integrate it in their service packages and, thus, focus on the needs of their specific customer base. As a result, trading partners can shop around to find the solution that fits their needs best and still be sure that their service provider can interact with others unhindered.

Today leading VRS providers have aligned on OCI-defined credentialing and differentiate themselves through their wider service offerings to customers. Credentialing provides them with the backbone for interoperable communication between all trading partners. We see large manufacturers getting involved in testing as well as leading wholesalers. Slowly but surely dispensers are also getting engaged. The rising use of credentialing will result in increased competition between service providers. This will enhance value generation for customers and drive down costs. We expect interest to keep growing in the coming months. Our systems are in place. Everything is ready.

Many thanks to the OCI Messaging team for organizing a tremendous educational conference and publishing the recordings.

Find OCI conference hand-outs here: https://www.oc-i.org/event-handouts.

To learn more about credentialing: https://www.oc-i.org/faq