May 7, 2026
The DSCSA 2027 deadline, and what your pharmacy actually needs to do before it.
The Drug Supply Chain Security Act has been the law since 2013, but most pharmacies have treated it like a problem they could outsource — to their wholesaler, their PMS vendor, or "the system." That worked, mostly, until the November 27, 2027 enforcement deadline started showing up on FDA-watcher calendars.
The 2027 deadline is when the FDA stops accepting "good faith effort." Every prescription drug package handled by a dispenser has to carry a unique serialized 2D barcode, and dispensers have to be able to capture, store, and verify that data. The wholesalers will help, but they can't carry the load on the dispenser side. That's you.
What changes in daily workflow
Practically, three things shift when serialization is real and enforced:
Receiving gets more involved. Today, many pharmacies receive a wholesaler shipment by counting boxes and reconciling against a packing slip. Under DSCSA, every individual package needs to be scanned in so the serial number is captured. For a pharmacy receiving 30 bottles per shipment, that's 30 individual scans where there used to be one box-count. The good news: a halfway-decent Bluetooth scanner makes this fast — about 2 seconds per bottle. The bad news: if your inventory system can't capture the serial, you're not actually compliant even if you're scanning.
Returns require serial-level tracking. When you return short-dated stock to your wholesaler for credit, they'll start expecting the return manifest to include serial numbers, not just lot numbers. That gives them traceability and gives you proof that the packages you returned were the ones you received. If your system tracks at lot level only, you'll be doing this by hand or losing credit.
Verification of suspicious packages becomes a real workflow. If a bottle's serial doesn't match the manufacturer's records, or shows up duplicated, the law requires you to investigate, quarantine, and notify. This is rare in practice — counterfeit drugs in the legitimate U.S. supply chain are very uncommon — but having the system flag duplicate serials automatically (and being able to look up what was actually scanned, not just what was typed in) is what separates a real DSCSA-aware system from a checkbox.
Four checks every pharmacy can do this week
Want to know if your pharmacy is on track? Try these four. Each takes 5-15 minutes.
1. Scan a recent serialized bottle into your current system. Then look at what got stored. Pick any bottle you've received in the last few months — it almost certainly has a serialized 2D barcode. Scan it into your inventory system. Then go to the record and check whether all four DSCSA-required fields are stored as separate, queryable values: GTIN, lot, serial number, expiration date. If your system shows you a single mashed-together string, or stored the serial in the lot field, or dropped the serial entirely — you're not capturing what DSCSA requires. This is the most common failure we see.
2. Check your scanner's FNC1 / GS character setting. The FNC1 byte (ASCII 0x1D) is what tells a parser where one variable-length field ends and the next begins. Many Bluetooth HID-mode scanners strip this byte by default because keyboards don't have it. Without FNC1, lot and serial run together. Look up your scanner's programming guide; for Zebra DS2278 it's the "GS Character for HID Keyboard" barcode in the Data Formatting section. Scan it once, the scanner remembers.
3. Try to generate a return manifest with serial numbers. Pretend you're returning 5 short-dated bottles to your wholesaler. Can your system produce a CSV with columns for GTIN, lot, serial, expiration, and quantity? Or does it only let you export at the lot level? If it's lot-only, your post-2027 returns will require manual augmentation.
4. Look at how your system handles duplicate serials. Scan the same serialized bottle into your system twice. Does it warn you? Reject the second scan? Silently double-count? Quietly overwrite the first record? "Silently double-count" or "silently overwrite" both fail the DSCSA bar — the law expects duplicate serials to be flagged for investigation, not absorbed without comment.
What to do if you fail one or more
Don't panic. Most pharmacies are quietly in the same spot. The 2027 deadline still gives you 18 months of runway. The path forward is:
- Talk to your PMS vendor about their DSCSA roadmap. Most have one. Some are charging extra for the upgrade.
- If your PMS isn't going to get there, or you don't want to pay an enterprise upgrade fee for serialization, run a focused inventory tool alongside your PMS — that's the gap RxRescue fills.
- Test your scanner config now. Don't wait until October 2027 to discover it's been silently dropping FNC1 bytes for 4 years.
How RxRescue handles this
RxRescue is built specifically for the serialized-2D-barcode capture-and-track piece. The GS1 parser is fixture-tested against real DSCSA scans and pre-DSCSA fallbacks; raw scan data is preserved alongside the parsed fields for audit; duplicate serials are flagged at scan time; and the credit-roster CSV export includes serial numbers by default.
It's a focused tool, not a full PMS replacement. It runs alongside whatever your pharmacy already uses for billing and dispensing. The point is to plug the specific DSCSA gap, not rebuild your whole stack. Start a 30-day free trial if you want to see how it works on your shelf.