The DQSA traceability law: Is a cloud global traceability and compliance service right for your business?

This is a transcript of The Axway Podcast, “The DQSA traceability law: Is a cloud global traceability and compliance service right for your business?

ANNOUNCER: Hello everyone and welcome to The Axway Podcast. Today we’re talking about the DQSA, the Drug Quality and Security Act, which was signed into law by President Obama on November 27th, 2013. Title II of the DQSA outlines critical steps to build an electronic, interoperable system to identify and trace certain prescription drugs as they’re distributed in the United States. 

ATIF: Specifically when you talk about pharmaceutical and counterfeits — these are drugs that people are ingesting, and there could be adverse reactions or effects. Or, in most cases, there are placebo effects, where they are not doing the job that they are supposed to be doing. It ranges from different things. So when you talk about the issues, it could range from a variety of spectrums. 

ANNOUNCER: That’s Atif Chaughtai, Axway’s director of solution marketing for the Healthcare industry. We asked him to tell us a little about the issues created by counterfeit drugs in the global pharmaceutical supply chain.

ATIF: Let’s take the example of somebody taking drugs to treat some kind of minor flu, for example. And since they’re taking a drug that they had gotten from a reputable pharmacy that somehow was supplied counterfeit drugs, that flu itself can get more aggressive and, in some cases, cause death or severe side effects in terms of other diseases that people might have. So, all that ends up is… Those people end up either in an emergency room, or urgent care facilities, driving up the cost of healthcare. The whole idea beside the Affordable Care Act — that you do chronic disease management, that you have a better dialog with your patients, and providers providing continuous care to the patients through different means — goes sideways when it comes to counterfeit drugs.

ANNOUNCER: So this is a big, important issue, not just on a regulatory level, but a humanitarian one, too. We asked Atif to tell us about some of the issues the Drug Supply Chain Security Act, which is Title II of the DQSA, creates for businesses, and some of the issues it solves for consumers.

ATIF: Some of the issues that Drug Supply Chain Security Act solves for our customers relates to things that are happening in the supply chain, when you have so many different actors involved — good and bad, oftentimes. One thing it does is it monitors … to eliminate diversion, parallel trade, and forward buying. Now, these are all things that somebody might use to take advantage and undercut pricing to compete better, which, at the end of the day, the pharmaceutical manufacturer is losing business on, regardless.

ANNOUNCER: Atif says that another challenge it addresses is product authentication, and the need for visibility into the supply chain, so that any time a business has a recall, identifying the products in question won’t require a great deal of effort. The business will be able to conduct the recall with a 99 percent certainty that these are, in fact, the units they need to withdraw from the market.

ATIF: Your good batch will essentially still go to the shelves and be sold, and bad batch will be effectively taken off the shelves. Also, another thing is it can help you detect product diversion. So if you sold your product to an organization that was supposed to ship to a country like Brazil, for example, and Brazil government has negotiated a certain price for that product, which is cheaper than what you’re selling in the U.S. … It is the person who’s shipping, the company that is shipping ends up diverting that product to the U.S. market, and sells it for more profit because the prices here are higher than he, or she, or the company had bought it for — prices that were for Brazil.

ANNOUNCER: In that scenario, drugs become available to the market for a much lower price, and that ruins the manufacturers’ profit margins. It’s challenges like this, Atif says, that the DQSA actually helps businesses identify and address, to say nothing of the counterfeit products it helps to isolate and keep out of the supply chain. So we asked Atif, what are the challenges that businesses are having with implementing the Drug Supply Chain Security Act itself?

ATIF: One of the biggest challenges is the law does not call out for what kind of solution to use to communicate between all these various bodies in the supply chain. The big three wholesalers — McKesson, ABC, and H.D. Smith — they currently do exchange data electronically with their trading partners using EDI, so their preference is to use EDI. Now, Electronic Data Interchange is a mechanism to exchange data. It does not allow you to meet the DQSA requirements, which requires specific capabilities.

ANNOUNCER: Still, low-tech and no-tech companies and 3PL providers often need totally different capabilities, and those capabilities are currently provided by EPCIS, the Electronic Product Code Information Services. EPCIS allows businesses to store data, carry data, respond to the FDA’s information requests, and enter data in different ways to meet DQSA requirements.

ATIF: The last challenge I will mention is organizations that do not have IT systems in place, or IT to support their business. They’re looking at how do they implement this law, right? And they’re looking upstream for people who are supplying the drugs to them for either distributing or, if it’s a mom-and-pop’s pharmacy shop, they’re looking at their 3PL providers to hold the DQSA data for them. So, those are some of the challenges that businesses are facing right now.

ANNOUNCER: But businesses can effectively address these challenges with a cloud global traceability and compliance service. So we asked Atif to explore that idea a bit, and tell us about the capabilities businesses need that they might not yet realize they need.

ATIF: Let’s first talk about what the word “cloud” means, right? So, from an IT perspective, cloud is something that is elastic that provides certain additional functionality that meets the cloud checklist. When we’re talking about the cloud global traceability and compliance service, the best way for me to describe what it is, is, for example, if you watch Netflix, right? Netflix is a service that is offered through a cloud, but for the end user, it doesn’t matter. They just go to a website, or they go to their smart TV, or their smart device to play the Netflix movie.

ANNOUNCER: And that’s what a cloud global traceability and compliance service is. It takes care of all those things behind the scenes so that a business just gets, in the end, an application that’s hosted and maintained for them, one that allows them to run their business instead of becoming an IT guru. What a cloud global traceability and compliance service does, quite simply, is this: it provides the specific capabilities every healthcare company needs in order to satisfy the DQSA.

ATIF: One of them has to be that it should be able to communicate with the big three distributors — McKesson … and H.D. Smith, and ABC — and they use specifically EDI ASN for their communication. And they have customized their ASN specifically… Or customized their EDI. So you need to be able to communicate with them, first of all. Second capability that you need is being able to communicate with internal systems, ERP systems, whatever system that you are using to maintain information about your supply chain. It should be able to communicate with those systems as well. And typically the de-facto standard has become EPCIS to communicate through. So, they need to be certified. An EPCIS implementation provider. And they should be looking to implement the new EPCIS format that is coming up. Additionally, even though this standard is being deprecated, and being sunset — but DPMS is an important standard to also consider because there are systems out there that have built interfaces for DPMS when California and Florida pedigree was in play. Your service should be able to provide that as well. Third thing it needs to be able to provide is a portal, because your low-tech and no-tech organizations will need to rely on you to provide these capabilities for them to do business. So, you need to provide a portal where these companies can come in and upload and verify the information that relates to the supply chain movement of the drugs.

To learn more about the DQSA and whether a cloud global traceability and compliance service is right for your business, please click here.

To listen to the podcast on YouTube (audio only), please click here.

To view the SlideShare presentation, “How to achieve simple, affordable enterprise traceability in the cloud,” please click here.


Top 10 Security Issues for REST APIs – Webinar with Gunnar Peterson on September 18

REST API security has come a long way from being a case of “Just use SSL.”

Or has it?

On September 18th at 11 a.m. EDT  (4 p.m. GMT+1), we’re running a webinar with Gunnar Peterson on the Top 10 Security Issues for REST APIs.

One of the big criticisms of SOAP Web Services was the complexity of the security standards such as WS-Security, WS-Trust, WS-Policy, WS-PolicyAttachment — the list goes on. People wrote whole books about them ;-) . In the case of REST, it can worryingly seem like a case of the Wild West (the “Wild REST”).

Now, there are standards such as OAuth, but also there are many conventions such as API keys which are sometimes implemented insecurely. Even in the case of OAuth 2.0, the implementation itself must be secured. Look out for this, and more, in Gunnar’s definitive Top 10.

And because the topic of REST API security is so hot, we’re running the webinar twice. If you’re in the Asia-Pacific region, you can attend Gunnar’s REST API security webinar on Tuesday, September 23rd at 10 a.m. Hong Kong / 12 p.m. Sydney/Melbourne time.

(Originally posted in slightly different form at