Navigate the challenge of compliance, and its vital association with quality
For manufacturers of controlled substances, the review of downstream customer data as part of a robust Suspicious Order Monitoring (SOM) program is a highly debated topic. It commonly elicits questions ranging from the necessity to review downstream customers, to how to adequately accomplish the review/monitoring processes. This blog offers insights to help address these questions.
First is the question of necessity. The Drug Enforcement Agency (DEA) SOM regulation contained in Title 21 CFR 1301.74b does not specifically address the topic of downstream customer monitoring. In fact, this regulation does not specifically address many of the now expected aspects of an effective SOM program. However, through past DEA guidance communications and Memorandums of Agreement (MOA) with various DEA registrants, industry has seen the DEA exercise significant enforcement discretion and take actions against registrants for alleged violations of SOM regulations; not to mention the numerous lawsuits arising from opioid litigation.
An examination of MOAs/complaints that address the topic of downstream customer monitoring includes a record of the first time the topic was broached in writing. The 2017 Memorandum of Agreement (MOA) issued for a major manufacturer alleges: “A failure to detect and report orders from downstream customers to distributors who were purchasing from multiple different distributors, of which the manufacturer was aware.”
The DEA further alleged a failure to “use chargeback information from its distributors to evaluate suspicious orders; and take sufficient action to prevent recurrence of diversion by downstream customers after receiving concrete information of diversion of manufacturers product by those downstream customers.” The MOA also stated that the manufacturer will report to the DEA when the manufacturer concludes that the chargeback data or other information indicates that a downstream registrant poses a risk of diversion. The agreement also listed specific information to be included in the downstream customer reports.
In a December 2022 complaint against a Big 3 distributor, references are made to various data sets and providing access to the data amongst the team(s) responsible for suspicious order monitoring. Specifically, the complaint alleged: “Moreover, while [registrant] often had access to a wealth of customer data, it typically failed to make all of this data available to CSRA.” While downstream customer data such as chargeback or 867 data is not specifically mentioned, an argument can be made for its inclusion in a robust SOM program. Chargeback and 867 data are routinely used in sales, marketing, and inventory monitoring efforts, but the data is also useful in SOM to monitor downstream customer activity. The DEA has been clear that companies have the data, and choosing not to use the data to review and report downstream activity puts them at risk.
The second key question raised on the topic of SOM refers to how to adequately accomplish the review/monitoring processes. The two most prevalent data sets for use in downstream customer monitoring are 867 and 844 (chargeback) data. 867 data is obtained from distributors and tracks the sales of a manufacturer’s products (NDCs) downstream, including to the final dispenser. Chargeback data is a financial transaction, but housed within its data is the same information as found within the 867 data: name and DEA ID number of the downstream customer, product purchased, quantity, and date.
Downstream customer monitoring primarily focuses on two areas.
Downstream monitoring activities may extend to several other data types as well, such as prescriber and sales data.
The monitoring of downstream data has become an increasingly critical component of a complete suspicious order monitoring program. It is highly recommended that there be a process or system in place for analyzing available data sets to thoroughly investigate downstream customer actions to ensure appropriate due diligence and alignment with DEA expectations.
Navigate the challenge of compliance, and its vital association with quality
Automate and standardize your regulatory management, from correspondence and commitments to registration and tracking.