Tracing Every Dose -Manufacturer EPCIS Resolver for DSCSA Phase 3 Unit-of-Use Verification
Because patient safety shouldn't end when the box is opened
The Drug Supply Chain Security Act is the most comprehensive pharmaceutical traceability law ever enacted. It mandates serialization, electronic verification, and end-to-end tracking of prescription drugs across every trading partner in the U.S. supply chain. It was a decade in the making. And it has a blind spot.
DSCSA tracks the unit of sale -the sealed package. A box of 24 vials or 10 pre-filled syringes has a serial number, a pedigree, and a verifiable chain of custody from manufacturer to distributor to pharmacy. But the individual vial that a nurse draws from at a patient's bedside? It has none of these things. The most critical moment in the entire supply chain -the moment a drug is administered to a patient -is the one moment DSCSA cannot see.
The THRIV Coalition, a healthcare safety organization focused on eliminating IV preparation errors, has documented what happens in the gap between the pharmacy shelf and the patient. Their research paints a clear picture: medication errors in IV preparation are not rare edge cases. They are a systemic problem affecting hospitals of every size.
A five-hospital observational study found that nine percent of manually prepared IV medications involved errors -most commonly wrong volumes and wrong ingredients. These aren't negligent acts. They are unintentional oversights by trained professionals working under time pressure, with inadequate technological safeguards.
THRIV advocates for five critical technologies in IV preparation: workflow management software, barcode scanning, volume verification, auto-labeling, and auto-documentation. These are important. But they address accuracy within the compounding workflow. They cannot answer the question that precedes everything else: is the source material -the syringe or vial being drawn from -actually what it says it is?
That is the question only unit-of-use traceability can answer.
Wrong ingredient substitution: THRIV documented a case where a pharmacy filled an order for a low-risk sedative with a paralytic agent -a potentially fatal substitution. An IV workflow management system would have caught the error during compounding. But if the source vial itself had been mislabeled or substituted before reaching the pharmacy, no compounding workflow would detect it. Only verification against the manufacturer's original aggregation record -linking that specific vial to the box it was packed in -can catch that class of error.
Dosing errors: In another documented case, a pediatric patient received ten times the ordered dose of sodium chloride, resulting in death. Volume verification technology addresses this during preparation. But serialized unit-of-use tracking adds a prior layer: confirming that the vial being drawn from contains the drug and concentration the system expects, traced back to the manufacturer's production record.
The pharmaceutical industry has a long history with barcodes. The first medication was scanned at the point of care in a hospital in 2000, at the Colmery-O'Neil VA Medical Center in Topeka, Kansas. The FDA enacted the Drug Barcode Rule in 2004. Today, barcode scanning is a cornerstone of medication safety -over 10 billion barcodes are scanned daily worldwide.
But barcodes have inherent limitations that make them insufficient for unit-of-use tracking at the point of care, particularly for injectable medications:
| Capability | 2D Barcode | RFID (TDS 2.3) |
|---|---|---|
| Serialized identity per item | Yes | Yes |
| Lot number and expiry encoded | Yes (after GS1 Sunrise 2027) | Yes (available today) |
| Read without line of sight | No -requires visual access to label | Yes -reads through packaging and gloves |
| Simultaneous bulk verification | No -one item at a time | Yes -hundreds of items per second |
| Manufacturer resolver in the tag | No -requires external directory | Yes -SGTIN++ embeds hostname |
| Readable on small-form items | Difficult -requires printable label area | Yes -tag embedded in cap, plunger, or barrel |
| Works during sterile compounding | Requires handling and orientation | Yes -contactless, orientation-independent |
For the IV preparation workflows that THRIV focuses on, RFID is particularly valuable. A technician pulling five vials for a compounding order can have all five verified against the manufacturer's aggregation records -confirming identity, lot, expiry, and authenticity -before touching a single one. No barcode scanning, no label orientation, no one-at-a-time workflow. The RFID reader confirms everything simultaneously, without breaking the sterile field.
GS1's Sunrise Initiative will bring two-dimensional barcodes to drug packaging by end of 2027, finally adding lot numbers and expiration dates alongside the NDC. This is overdue and welcome. But even 2D barcodes cannot provide line-of-sight-free reading, bulk verification, tag authentication, or embedded resolver hostnames. For unit-of-use items -pre-filled syringes, small vials, single-dose ampoules -the physical constraints of barcode labels and the operational constraints of one-at-a-time scanning make barcodes impractical as the primary verification mechanism at the point of care.
RFID and barcodes are complementary. Barcodes serve the broader supply chain. RFID serves the last mile -from the pharmacy shelf to the patient.
The key innovation in GS1 TDS 2.3 is the SGTIN++ encoding. Unlike previous tag formats that store only a product identifier and serial number, SGTIN++ includes the manufacturer's resolver hostname directly in the RFID tag's EPC memory.
This means any reader, at any point in the supply chain, can determine where to verify the item simply by reading the tag. No lookup table, no central directory, no prior relationship with the manufacturer required. The tag says: "I am GTIN 30376045223300, serial SER-001, and you can verify me at dosetrace.org."
This is how distributed pharmaceutical verification works at scale. Different manufacturers operate different resolvers. The supply chain doesn't need to know the topology in advance -every tag is self-describing.
In a real DSCSA Phase 3 supply chain, no single entity owns all the data. Each manufacturer is responsible for their own products and their own verification infrastructure. The SGTIN++ tag makes this practical by encoding the resolver hostname in every tag.
This resolver -dosetrace.org -serves products whose tags identify it as the authoritative source. Other manufacturers' products resolve to their own domains, such as epcis.cc. A pharmacy receiving a mixed shipment from multiple manufacturers verifies every item seamlessly: each tag self-directs to the correct resolver. No centralized registry, no data broker, no single point of failure.
This architecture reflects a principle that DSCSA itself was built on: each trading partner is responsible for their own data. SGTIN++ extends that principle to the tag level. The manufacturer's resolver is the source of truth, and the tag carries the address.
A manufacturer fills and tags 24 vials, packs them into a box, and records the aggregation event on their EPCIS resolver. The box ships to a distributor, then to a hospital pharmacy. At every step, the box-level serial is verified under DSCSA.
At the pharmacy, the box is opened. A technician scans the shelf with an RFID reader. All 24 vials are read simultaneously. Each tag resolves to the manufacturer and is validated against the aggregation record. All 24 match. The items are cleared for dispensing.
Three days later, a nurse pulls one vial for a patient. She scans it with a handheld reader at bedside. The system confirms: this is vial #17 from box #4082, packed at the manufacturer on March 3rd, expiry December 2027, lot A240301. The drug is administered with full electronic verification -the first time in the history of DSCSA that a unit-of-use item has been traced and verified at the point of care.