How GRC addresses the Track-and-Trace law’s biggest obstacles
In case you had not heard, the health care industry, more specifically pharmacies, have yet another regulation to comply with. The new “track-and-trace” law is a part of the Drug Supply Chain Security Act (DSCSA). The deadline for pharmacies to comply with the new requirement was recently pushed back four months from the original deadline of July 1.
As of January 1, 2015, pharmacies are only allowed to accept drug products from authorized trading partners and must have processes in place to identify, contain, and investigate any suspect products to determine their legitimacy. By the second deadline, now November 1, 2015, pharmacies must be able to capture transaction information (TI), transaction history (TH), and transaction statements (TS) for each drug product received. These records are required to be maintained for six years following the date of the transaction.
Even with the extra time to comply, pharmacists are concerned that the overall management of the data will be a major obstacle. Travis Hale, an American Pharmacists Association (APhA) member, voiced his concerns at the FDA Drug Supply Chain and Security Act meeting on June 1.
Hale said his biggest challenge, “is going to be the management of all of this data as a single-store owner/manager when it is being held by potentially 10-plus wholesalers in different portals or clouds where we have 10-plus usernames and passwords.”
Utilizing a Governance, Risk and Compliance (GRC) tool, like Keylight, can enable pharmacies to manage data all in one central repository. Keylight can also assist in linking that information to other data your organization chooses to track and report on, such as risks, assets, policies, and incidents.
A recent survey of members from three associations, the National Community Pharmacists Association (NCPA), the American Pharmacist Association (APhA), and the National Alliance of State Pharmacy Associations (NASPA), echoes Hale’s concerns with managing data among wholesalers. Nearly half of respondents claimed to be “unaware of how the transactional data would be transferred between wholesalers, secondary wholesalers, and pharmacies.” Even more worrisome is that less than 15 percent have contractual agreements with their wholesalers.
Many health care organizations use a vendor portal to issue assessments. Keylight can help ease the burden of gathering the transaction information from each individual wholesaler by issuing an automated vendor assessment tailored to the pharmacist’s needs. Companies can then store that data within Keylight for six years, ensuring compliance with the DSCSA.
The DSCSA has laid out an eight-year plan to eventually make prescription drugs more easily identified and traced as they are distributed. The DSCSA, along with the track-and-trace law and other initiatives, were made to prevent, detect, and respond to counterfeit or substandard medicines.
Learn about CIS’s first five controls and examine what each control addresses.
Learn about how privacy programs and the importance of being prepared for a breach.
Learn about the constant vigilance of continuous security monitoring.