ScienceSoft Global
EPCIS-Based DSCSA Interoperability for Pharmacy and Provider Dispensers
In healthcare software engineering since 2005, ScienceSoft builds and integrates DSCSA EPCIS connectivity layers to help pharmacies and provider-owned dispensing operations reconcile EPCIS data with internal systems and standardize exception handling.
Since November 2023, the Drug Supply Chain Security Act (DSCSA) has required enhanced electronic, interoperable product tracing for prescription drugs, with FDA exemptions and waivers phasing enforcement for some dispensers until late 2026. FDA recommends GS1 EPCIS as the standard format for exchanging this traceability data between trading partners.
For pharmacies and healthcare providers acting as dispensers, the main challenge is reconciling electronic EPCIS trace data with the physical products they receive. The trace data can arrive late, be missing or inconsistent, or fail to match receiving records because of supplier data quality issues, aggregation gaps, or GTIN/NDC mapping problems. This is where dedicated EPCIS interoperability solutions come into play.
How Dispensers Can Enable EPCIS-Based DSCSA Interoperability
Use an external DSCSA portal
A DSCSA-aligned portal can be enough for small dispensers who have simple sourcing flows. Staff access trace data through a wholesaler, manufacturer, or traceability platform interface, with more manual lookup, reconciliation, and exception tracking.
Build a network-first EPCIS interoperability layer
Multi-site pharmacies can build a network-first layer that pulls EPCIS events from a traceability network into receiving and inventory workflows, which reduces partner onboarding effort and standardizes exception handling.
Build a repository-first EPCIS interoperability layer
A repository-first setup fits large organizations with complex supply chains, many trading partners, and a strong reason to own the local EPCIS event store. It gives more control and drill-down options, but increases onboarding, infrastructure, and support effort.
What does an “EPCIS interoperability layer” mean?
Unlike an external DSCSA portal, an EPCIS interoperability layer does not rely on staff manually looking up trace data in a separate interface. It connects EPCIS trace data sources with the dispenser’s receiving, inventory, compliance, and reporting systems, so trace data can be checked and turned into operational statuses automatically.
The layer can be implemented in two ways: as a network-first setup, where EPCIS events are pulled from or exchanged through a traceability network or platform, or as a repository-first setup, where the dispenser receives EPCIS files directly and stores validated events in its own EPCIS repository. In both integrated setups, the workflow usually works as follows:
Step-by-step workflow
- Before delivery, a supplier makes EPCIS traceability data available through a traceability network or platform or sends it directly to the dispenser.
- The dispenser’s EPCIS interoperability layer receives or retrieves the data and validates its structure, business rules, trading partner status, and the completeness of shipment-related records.
- Valid EPCIS events are saved either in a local trace data store for fast lookup or in the dispenser’s own EPCIS repository.
- When the shipment arrives, the receiving team scans packages according to the established workflow.
- The scan payload (GTIN, serial number, lot number, and expiration date) is automatically matched against the available EPCIS trace data.
- If the dispenser’s internal systems use NDC, the interoperability layer uses GTIN/NDC master data mapping to match scanned products and EPCIS events correctly.
- The layer returns operational statuses such as match, missing data, discrepancy, suspect, or hold.
- If trace data is missing or inconsistent, the layer opens a discrepancy or exception case and shares the case identifier and status with internal operational systems so inventory can apply a hold or quarantine, and pharmacy operations can track tasks.
- If product identifier verification is required, the workflow can send a VRS request to the manufacturer and store the response as evidence linked to the case.
- When an authorized regulatory or trading partner request arrives, the evidence and reporting service assembles an evidence package from EPCIS events and case history for submission through approved channels.
Hide
Whether the interoperability layer is network- or repository-based, the workflow looks largely the same for staff. What changes is where partner connectivity and the main trace repository live.
EPCIS-Based DSCSA Interoperability Architecture
This architecture is intended for midsize to large organizations acting as DSCSA dispensers, including retail, specialty, hospital, and health system pharmacies, as well as provider-owned dispensing operations and affiliated warehouses. It does not cover manufacturer serialization lines or general clinical medication administration workflows.
I am using a midsize-to-large pharmacy context on purpose. That is where portal-only workflows usually start to break down, and where automated DSCSA EPCIS integration is most useful. From there, we can take one of two paths: a network-first approach that consumes trace data from an external traceability network, or a repository-first approach where the dispenser runs its own EPCIS system of record.
|
Network-first design |
Repository-first design |
The DSCSA interoperability layer can receive EPCIS data through different entry points depending on the architecture:
- In a network-first setup, the Partner Connectivity Adapter connects to an external Traceability Network or platform and receives or retrieves EPCIS events.
- In a repository-first setup, suppliers send EPCIS files to the dispenser through the B2B Gateway, which supports secure file exchange and partner connectivity.
These components keep external partner connections separate from internal pharmacy workflows, so onboarding or connectivity issues do not directly break the receiving process.
The interoperability layer first ingests EPCIS data, validates it, and runs the ATP check. It confirms that the data follows the expected EPCIS structure, includes the shipment and serialization details needed for trace matching, and comes from an authorized trading partner. The interoperability layer detects duplicate, updated, or conflicting EPCIS records and either reconciles them with existing trace data or flags them for review before they affect downstream workflows.
The data store serves a different purpose in each model:
- In a network-first setup, the Local Trace Data Store is a working copy of EPCIS data used for fast receiving checks, trace lookups, and exception work without calling the external network every time. The connected Trace Lookup API supports fast receiving-time checks against locally cached trace data.
- In the repository-first design, the EPCIS Repository and Validation Store is a full internal trace data store. It keeps the validated EPCIS history in the dispenser’s environment and serves as the internal source for trace queries, investigations, evidence preparation, and reporting via a connected Trace Query Service.
In both models, the Master Data Service helps match products correctly by keeping product, location, and trading partner data current.
The Exception and Case Workflow turns trace data issues into controlled workflows. If trace data is missing or inconsistent, it opens a case, supports quarantine actions, and helps teams track the issue to resolution. If the issue points to a suspect product, the workflow can trigger product verification and store the response as case evidence.
The Evidence and Reporting module collects EPCIS records, case history, and verification responses. It supports regulatory responses, compliance reporting, and six-year record retention.
Integration Adapters connect the DSCSA interoperability layer with receiving, inventory, pharmacy, and enterprise systems. They pass operational outcomes, such as match, discrepancy, hold, quarantine, or release, back to everyday workflows.
The Compliance and Analytics Portal gives operations and compliance teams access to discrepancy and suspect or illegitimate product cases, with dashboards for exceptions, resolution time, and supplier data quality.
Both architectures share the same Security and Compliance foundation, including role-based access control mechanisms, audit trails, monitoring, and DSCSA-related retention controls.
Technology Stack We Use for DSCSA EPCIS Interoperability
Back-end programming languages
Front-end programming languages and portals
Web
Portal platforms
Mobile
Clouds
Data storage and analytics
SQL
NoSQL and data tooling
Cloud data services
Warehousing and BI
DevOps
Containerization
Infrastructure automation
Build and release
Monitoring
About ScienceSoft
- Since 2005 in healthcare software engineering.
- Since 2012 in SCM software development.
- 150+ successful healthcare IT projects.
- Broad pharmacy and supply chain portfolio, including medication tracking solutions integrated with internal systems.
- Integration and database architects with 7 to 20 years of experience.
- An in-house Architecture and Solutions CoE to design interoperability for pharmacy, supply chain, and enterprise systems, with strong data validation and audit-ready evidence.
- Proficiency in API-based and message-based integration for supply chain and pharmacy workflows.
- Experience supporting compliance with healthcare regulations, inclding FDA and DSCSA-related controls. HIPAA and HITECH support where integrations involve PHI.
- Microsoft Partner and AWS Advanced Tier Partner for designing, integrating, and running secure, reliable integration layers on Azure or AWS.
Featured among Healthcare IT Services Leaders in the 2022 and 2024 SPARK Matrix
Recognized for Healthcare Technology Leadership by Frost & Sullivan in 2023 and 2025
Named among America’s Fastest-Growing Companies by Financial Times, 5 years in a row
Top Healthcare IT Developer and Advisor by Black Book™ survey 2023
Four-time finalist across HTN Awards programs
Named to The Healthcare Technology Report’s Top 25 Healthcare Software Companies of 2025
HIMSS Gold member advancing digital healthcare
ISO 13485-certified quality management system
ISO 27001-certified security management system
Our Clients Say
ScienceSoft has been a competent partner for medical software development. We would recommend them as a trustworthy vendor. They are reliable, thorough, smart, available, extremely good communicators and very friendly.
During our cooperation, ScienceSoft proved to have vast expertise in the Healthcare and Life Science industries related to development of desktop software connected to laboratory equipment, a mobile application, and a data analytics platform.
They collaborated with our medical professionals with great professionalism and care <…>. We found ScienceSoft to be dependable and forward-thinking, and we would confidently recommend them for high-responsibility projects.
