FDA Warning Letter: MediSourceRx DSCSA Compliance Failures

FDA Warning Letter to MediSourceRx: Wholesale Distributor Compliance Failures

On March 14, 2024, the FDA issued a warning letter to MediSourceRx LLC, a Florida-based wholesale drug distributor, citing multiple violations of the Drug Supply Chain Security Act (DSCSA) and state licensing requirements. The enforcement action highlights recurring compliance failures in product pedigree documentation, supplier verification, and temperature control recordkeeping — areas under heightened scrutiny as DSCSA enhanced drug distribution security requirements took full effect in November 2023.

Regulatory Context

Under the DSCSA (enacted as Title II of the Drug Quality and Security Act, Public Law 113-54), wholesale drug distributors must verify the legitimacy of trading partners, maintain transaction history documentation, and ensure products are stored and transported under conditions that maintain their integrity. The statute defines wholesale distributors under 21 U.S.C. 360eee(21) and establishes verification requirements under 21 U.S.C. 360eee-1(d).

State boards of pharmacy enforce complementary requirements through wholesale drug distributor licensing statutes. Florida's licensing framework, governed by Florida Statutes § 499.01-499.067, requires distributors to maintain pedigree papers, verify supplier credentials, and implement written procedures for handling temperature-sensitive products.

The FDA's authority to enforce DSCSA compliance derives from 21 U.S.C. 360eee-3, which authorizes inspections, civil penalties, and referral for criminal prosecution in cases of knowing violations.

Key Details of the Warning Letter

The March 14, 2024 warning letter to MediSourceRx documented violations across three categories:

1. Inadequate Trading Partner Verification

MediSourceRx accepted prescription drug products from suppliers without verifying their FDA registration or state licensure status. During an FDA inspection conducted February 5-9, 2024, investigators identified 17 transactions with entities not registered with FDA as required under 21 U.S.C. 360eee-1(d)(1). The distributor's written verification procedures existed but were not consistently followed.

2. Missing Transaction Documentation

The company failed to maintain complete transaction history (TH) and transaction information (TI) for products distributed between October 2023 and January 2024. Under 21 U.S.C. 360eee-1(b)(1), distributors must provide TH, TI, and transaction statements (TS) to their trading partners for each transaction. MediSourceRx's records showed gaps in lot number documentation and missing transaction dates for 112 shipments.

3. Temperature Control Recordkeeping Failures

MediSourceRx's warehouse maintained temperature-controlled storage areas for biologics and temperature-sensitive drugs but lacked continuous monitoring records. Florida Statutes § 499.012(6)(d) requires written procedures for proper storage and handling of prescription drugs. FDA investigators found storage units operating outside specified temperature ranges (2-8°C) for periods exceeding 4 hours without documentation of corrective actions or quarantine procedures.

Impact on Wholesale Distributor Operations

This enforcement action reinforces FDA's position that DSCSA compliance is non-negotiable in the enhanced requirements era. Distributors must reassess three operational areas:

Supplier Verification Workflows

Manual verification of trading partner credentials against FDA registration databases and state licensing databases must occur before the first transaction. Relying on supplier-provided documentation without independent verification — the MediSourceRx failure pattern — creates enforcement risk. Distributors should implement automated cross-referencing against FDA's National Drug Code Directory and state board of pharmacy licensure databases.

Transaction Documentation Completeness

The transition from paper pedigree to electronic DSCSA transaction data required by November 27, 2023 elevated documentation standards. Missing lot numbers or transaction dates in TH/TI/TS records constitute violations even if products were otherwise legitimate. Distributors using legacy ERP systems that don't enforce DSCSA data field requirements face heightened risk.

Cold Chain Control Documentation

Temperature excursions must trigger documented corrective actions, including product quarantine and disposition decisions. The FDA expects continuous monitoring with alarm systems, not periodic manual checks. Distributors handling biologics, vaccines, or any products with specified storage conditions must implement automated temperature monitoring with exception reporting and maintain records demonstrating compliance with manufacturer specifications.

The warning letter directs MediSourceRx to respond within 15 working days with specific corrective actions. Failure to adequately address violations may result in regulatory action including seizure, injunction, or civil money penalties under 21 U.S.C. 333.

What ColdChainCheck Data Shows

ColdChainCheck tracks 1,275 wholesale drug distributors across 51 jurisdictions. Of these entities, 1,234 hold verified FDA registration — a 96.8% rate that masks the critical distinction highlighted by the MediSourceRx case: registration status versus operational compliance. FDA registration appears in ColdChainCheck compliance scores (20 points of 100), but registration alone does not reflect whether an entity maintains adequate transaction documentation or temperature monitoring systems.

The compliance score distribution reveals industry-wide gaps. Only 28 entities (2.2%) score in the "Excellent" tier (80-100 points), while 919 entities (72.1%) fall in the "Fair" tier (40-59 points). The Fair tier indicates basic licensing and registration but limited verification signals — precisely the compliance posture that creates risk under enhanced DSCSA enforcement. Entities in this tier may hold required licenses but lack NABP accreditation (only 63 of 1,275 entities hold VAWD accreditation) or have incomplete public compliance records.

Warning letters constitute enforcement signals tracked in ColdChainCheck profiles. Currently, 73 entities in the directory have recalls on record, but FDA warning letters are less frequently documented in public databases. The MediSourceRx action underscores why cross-referencing multiple compliance signals matters: an entity can hold active state licenses and FDA registration while simultaneously operating with systemic compliance failures.

Practical Steps for QA and Procurement Teams

In response to this enforcement action, trading partner qualification workflows should include:

• Verify current FDA registration status for all wholesale distributors before initiating transactions. Use ColdChainCheck's directory to check registration status and state licensure, then confirm directly against FDA's drug establishment registration database.

• Request transaction documentation samples during pre-qualification audits. Ask prospective distributors to provide example TH/TI/TS records from recent transactions. Incomplete lot numbers or missing transaction dates — the failures cited in MediSourceRx's warning letter — should disqualify the distributor.

• Confirm temperature monitoring capabilities for distributors handling temperature-sensitive products. Request documentation of continuous monitoring systems, alarm protocols, and temperature excursion records from the past 12 months. Manual log sheets are insufficient under current FDA expectations.

• Review existing trading partners quarterly. FDA registration can lapse; state licenses can be suspended. ColdChainCheck tracks active/expired license statuses across state boards of pharmacy, providing a starting point for periodic re-verification. Entities with compliance scores below 40 warrant deeper investigation.

ColdChainCheck's compliance monitoring guides provide additional coverage of DSCSA requirements, state licensing frameworks, and enforcement trends. The warning letter to MediSourceRx will be added to the entity's profile once it appears in ColdChainCheck's compliance tracking systems.

Disclaimer: This article is for informational purposes only and does not constitute legal or regulatory advice. Readers should verify all regulatory requirements with the FDA, relevant state boards of pharmacy, and qualified legal counsel before making compliance decisions.