One of the pillars of the US's plans to secure its medicines supply chain is that participating players can be identified and verified, and a pilot study to achieve that has reportedly been a success.
The pilot – run by the Healthcare Distribution Alliance (HDA) and Centre for Supply Chain Studies (CSCS) – put an interoperable 'authorised trading partner' approach through its paces that its developers say could serve as a model to meet the requirements of the Drug Supply Chain Security Act (DSCSA).
According to the DSCSA, manufacturers, wholesale distributors, dispensers, and repackagers of medicines have to meet various requirements to show they have a legitimate role to play in the supply chain, including appropriate registrations or licenses.
Launched in April 2020, the pilot brought together various pharmaceutical supply chain participants, including manufacturers, a wholesale distributor and dispensers, to test the use of trading partner credentials for companies carrying out saleable returns transactions.
Saleable returns verification requires wholesalers and distributors to check the serialised unique identifiers of returned products before they can be placed into inventory for resale, and was due to come into force last year before the FDA delayed enforcement.
The results apply to verifications of the authorized trading partner status for other required interactions under the DSCSA, not just saleable returns, according to the HDA.
The project drew on technical expertise from SAP, rfxcel, Spherity and Legisym, with support from barcode standards group GS1. It found that use of an open-source technology based on W3C standards could be used to verify both direct and indirect trading partners.
It showed it was possible to establish the digital identity of a trading partner, including establishing their authorised status, exchange proof of that status with other partners, and cryptographically verify that proof.
It also found that trading partners could securely control their digital identity – which would prevent bad actors impersonating them and breaking into the supply chain – and that a proper audit trail of partner transactions was created.
"I am sure the legislators who authored the DSCSA never could imagine how challenging it would be to determine the identity and authorisation status of trading partners in a digital eco-system," said Bob Celeste, founder of the CSCS, in a statement.
"Fortunately, the manufacturers, distributors and solution providers were successful in piloting a design that fits from a compliance, business operations and technology perspective."
Those involved with the project have now launched a group called the Open Credentialing Initiative (OCI) that will encourage the adoption of the approach tested in the pilot and develop it further.
©
SecuringIndustry.com