Due diligence is an indispensable component of supply chain security, but it is largely non-existent in the Drug Supply Chain Security Act.  Its perceived presence in the law is widely misunderstood too, I believe.  Take, for instance, a just-released and quite excellent InsideSources.com article.  In it, the author states the DSCSA “has forced organizations to improve their detection (emphasis added) and removal of potentially dangerous drugs from the drug supply chain to protect U.S. consumers.”  Unfortunately, this is not entirely the case.  The requirement to detect suspect and illegitimate products simply does not exist in the law.  Without due diligence, the DSCSA will fail to hit its mark.

Some may say the licensure/authorized trading partner requirement is a form of due diligence.  However, this amounts to nothing more than feigned due diligence in many cases.  Even corrupt wholesalers will exchange licensing information with one another.  There is no shortage of diversion and counterfeiting cases involving corrupt wholesalers that were licensed.  Volunteer Distribution was the main culprit (at least initially) behind the counterfeit Avastin and Altuzan incidents and they were licensed.

What about product tracing? The requirement to obtain and provide transaction data now extends to dispensers and that is definitely an improvement over the PDMA. But exchanging this information will be of little value unless trading partners are also regularly validating it (due diligence). Unfortunately, Congress chose not to require validation until after a suspect product determination is made.  It’s the classic Catch-22 scenario.  Validating (still undefined, by the way) the transaction history is required only after a suspect product has been identified, but without validation, the overwhelming majority of suspect products will continue to go undetected.  For some unexplained reason, FDA has yet to issue any guidance on validation.

At least there’s the DSCSA’s verification requirements, right? Well, they only kick in “upon making a determination” that a product in the possession or control of a trading partner (excluding 3PLs) is suspect.  It should come as no surprise to anyone that corrupt wholesale distributors and their similarly corrupt trading partners will continue to overlook suspect product incidents.  This is easy to do when there is no definition of diverted drug or fraudulent transaction anywhere in the law or in FDA guidance.

Simply put, there is no requirement in section 582 for trading partners to detect suspect products.  Congress only mandated that FDA provide guidance in this regard.  The only aspect of the law that could be construed as due diligence is verifying saleable returns, and that is not triggered until 2018 for manufacturers (it was previously 2017) and repackagers (at least for now), 2019 for wholesalers, and 2020 for dispensers.  Of course, these dates are likely to get pushed back, just as FDA did for manufacturers.

While the DSCSA is short on due diligence, it certainly offers a heaping serving of exasperation for proponents who see due diligence as an indispensable component of a more secure pharmaceutical distribution supply chain.  An interoperable system to electronically trace each product at the package level sure looks good on paper. Perhaps things will be different when/if that rolls out in 2023.  But without increased due diligence by increasing numbers of trading partners, this crowning achievement of the DSCSA will certainly loose its luster.