Progress in pharma on digitalization and secure data exchange

Penny and I hit the road again to attend two pharmaceutical conferences recently.

• 15th Annual Pharma Serialization & Supply Chain 2025 in Brussels, Belgium

• HDA’s Distribution Management Conference and Expo (DMC) 2025 in Tampa, Florida, USA

Here are a few highlights and insights.

15th Annual Pharma Serialization & Supply Chain 2025

I learnt about a cyberattack in spring 2023 on Alliance Healthcare, one of Spain’s leading wholesale pharmaceutical distributors, which disrupted the supply of medicines to Spanish pharmacies. A little bit of research reveals that ca. 25% of all cybersecurity incidents in 2024 targeted healthcare. However, with the right level of collaboration between stakeholders, serialization and digitalization drive the changes needed to fortify the supply chain.

Secure data sharing comes in many forms. Stefan Artlich of Bayer spoke about international efforts to move from paper product inserts to electronic product information (aka eLeaflet) for patients and practitioners. In the context of the US Drug Supply Chain Security Act (DSCSA), standardized digital credentials already move the industry from blind trust in manual procedures to automated digital trust in electronic interactions.

HDA DMC 2025

Suitably timed to coincide with fantastic weather and the end of the 2025 Gasparilla Festival of the Arts, the DMC provided a great opportunity to feel the pulse of the industry and catch up with people I only see online the rest of the year.

FDA staff didn’t attend this year. So far, no change to the previously granted exemptions has been announced. This means that all DSCSA requirements outside of exemptions are enforceable! This includes that trading partners

• must be authorized,

• have systems for product verification, and

• must exchange transaction data using a secure and interoperable electronic mechanism.

  
  

Dr. Connie Jung, former FDA Senior Advisor for Policy, reassured that, despite the current governmental flurry of activities, federal law doesn’t change fast. So, keep at it!

Brian Waldman, ArentFox Schiff LLP, reminded the room,

Of note, state boards pay considerable attention to the standard operating procedures (SOP) of their licensees around product verification systems. Remember that DSCSA compliance has real-world purpose and is not just there to make an inspector happy. SOP may start from a template but should be tailored to the business and followed by staff.

In addition, any other stakeholder with some leverage over you can require and audit your adherence to DSCSA, such as fellow trading partners and pharmacy benefit managers (PBMs).

Leveraging the interoperable electronic network

State boards have begun to use the interoperable Verification Router Service (VRS) to verify prescription drugs found on wholesaler and pharmacy shelves. The VRS tool enables them to move away from paper or email and perform product verifications in seconds, not days! Consequently, inspections can be concluded faster. At the same time, it will also allow inspectors to expand spot checks and probe larger quantities. (Read also Rising VRS and digital credential adoption and watch the Arkansas board hearing from February 11, 2025 on an emergency license suspension for counterfeit product.)

A verification can be the starting point for a subsequent electronic product trace examination. In my experience, the same solution providers who offer VRS also tend to offer tracing. Thus, regulators and trading partners benefit from a decent choice of interoperable vendors.

Blair Korman of Johnson & Johnson praised VRS as a single source of truth to be kept up-to-date by manufacturers. The more manufacturers maintain data on the network, the more adoption we will see downstream, too. This turns the system into the most efficient way to contact a manufacturer for product verifications because it provides instant automated responses and avoids time-consuming calls or emails. As the party that reveals product data to the outside world, manufacturers want to prevent bad actors from gaining access to their data through VRS and tracing. Hence, Blair highlighted that data security is very important. I noted in conversations that industry stakeholders see value in using digital credentials as part of those electronic interactions to enhance their own and the entire interoperable network’s security. John Kirtley from the Arkansas board alerted that pharmacies should be sure of who their suppliers are and take heed if a deal seems to good to be true. Nicki Chopski from the Idaho board echoed,

After all, the patient is at the end of the line. How much harm could a counterfeit drug cause?

Maryann Nelson of Cardinal Health emphasized that VRS is a critical tool to get quarantined product back into inventory and, of course, to the patient. She also explained that, while primary wholesalers like Cardinal Health may perform direct-to-replicate checks in their own databases for saleable returns verifications, secondary wholesalers are not permitted by FDA to use this option and must go straight to the original data source, i.e. the manufacturer. Further, in an investigation or audit, trading partners need to be able to show the trail of performed checks. VRS records automate this.

Wide-spread business challenge: Master Data Quality

Master data maintenance is another formidable business challenge as well as regulatory audit topic as Dave Mason of Novartis highlighted in the Q&A,

This was echoed by wholesalers who have seen great advances in connectivity for EPCIS data exchanges but still encounter data mismatches or omissions that lead to exception handling. In part, this is due to human error because the involved staff are still on a learning curve. Very important here is rapid communication internally and between trading partners for fast issue resolution and, eventually, prevention. SOP keep evolving as new types of issues arise. Lack of knowledge around DSCSA among independent pharmacies is still keeping wholesalers on their toes who try and support their downstream partners through educational efforts.

Availability of accurate entity data is not only a headache for trading partners. At the roundtable discussion, George Lovecchio of the Louisiana Board of Drug and Device Distributors pointed out that licencees do not always update their contact details on time, which is especially problematic in the case of suspect or illegitimate product investigations. This is complicated by the fact that larger companies have dedicated specialists per subject matter instead of one single contact.

. . .

Disclaimer

Since this post touches on legal and regulatory requirements, I’d like to make clear that I’m not qualified to provide legal advice. Nothing stated here should be taken as such.

Why am I writing about this? Because FDA puts strong emphasis on digitalizing the US pharma supply chain, especially through its EDDS guidance. I currently work for a technology solution provider (Spherity) that offers a tool for automated electronic Authorized Trading Partner (ATP) checks via Verification Router Services (VRS) as well as master data management. So, the topic is not only close to my job but also super interesting to think about and watch unfold.

. . .

Further reading

• Regulators keep track of DSCSA readiness

• Louisiana Board comments on digital credentials

• International digital credential adoption

• OCI Releases VRS Performance Test Suite to Advance DSCSA Interoperability Efforts