Skip to content
View pharmacy-inventory-logging's full-sized avatar

Block or report pharmacy-inventory-logging

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pharmacy Inventory & Controlled-Substance (DEA) Logging

Pharmacy Inventory & Controlled-Substance DEA Logging

A production-grade technical reference for building DEA-, HIPAA-, and FDA DSCSA-compliant pharmacy inventory systems.

🔗 Live site: www.pharmacyinventory.org


What this is

pharmacyinventory.org is an implementation-focused knowledge base for the engineers and compliance officers who build and operate regulated pharmacy inventory software. Every page pairs the regulation (with exact 21 CFR / 45 CFR citations) with runnable, production-quality Python — typed models, SHA-256 audit hashing, and structured logging that never touches protected health information.

The guiding principle across the whole site: compliance is an architectural constraint, not a reporting overlay. A system whose ledger is append-only, whose NDCs are normalized before they are hashed, and whose reports are deterministic projections of an immutable event log is audit-ready by construction — not reconstructed under audit pressure.

Who it's for

  • Pharmacy operations & compliance officers — chain-of-custody, dual control, diversion monitoring, and the DEA filings that follow.
  • Healthcare IT teams — event-sourced architecture, HIPAA-aligned access control, encryption, and tamper-evident audit logs.
  • Python automation engineers — copy-paste-ready recipes for NDC parsing, EDI ingestion, idempotent retries, and report generation.

What it covers

The reference is organized into four technical areas:

Area What you'll find
Core Architecture & DEA Compliance Frameworks Event-sourced ledgers, NDC-10 ↔ NDC-11 normalization, DEA Schedule II–V classification, offline sync & fallback routing, Merkle-tree audit anchoring, and HIPAA-aligned security.
Controlled Substance Storage & Handling Compliance Physical storage & security (21 CFR § 1301.72), DEA Form 222 / CSOS validation, witnessed waste & destruction logging, and diversion alert thresholds.
Data Ingestion & Inventory Sync Workflows EDI 852/846 parsing, JSON-schema & Pydantic validation, async batch processing, dead-letter queues, and real-time barcode-scan deduplication.
Regulatory Reporting & DEA Submissions ARCOS fixed-width transaction files, DEA Form 106 theft/loss, DEA Form 41 destruction, and biennial inventory reconciliation.

51 in-depth pages spanning architecture overviews, deep-dive references, and focused, copy-paste-ready how-to recipes — each with hand-authored diagrams, compliance-mapping tables, and FAQ sections written for both the engineering and the compliance reader.

Highlights

  • NDC parsing done right — ReDoS-safe regex and CMS-correct padding that collapse mixed NDC-10/NDC-11 inputs into one canonical identity.
  • Immutable, provable audit trails — SHA-256 hash chaining, Merkle batching, and RFC 3161 external timestamp anchoring.
  • Deterministic regulatory reporting — ARCOS, Form 106, and Form 41 rendered straight from frozen ledger snapshots so figures never drift between discovery and filing.
  • Diversion detection that survives real data — robust median/MAD baselines and modified z-scores that don't get poisoned by the very outliers they hunt.
  • Resilient ingestion — idempotency keys, exponential back-off with full jitter, dead-letter quarantine, and offline reconciliation that keeps chain of custody intact through outages.

How the site is built

  • Eleventy (11ty) static site generator with Nunjucks templates and Markdown content.
  • Prism syntax highlighting, KaTeX math, hand-authored inline SVG diagrams (theme-aware, fully accessible).
  • Structured JSON-LD (TechArticle, BreadcrumbList), Open Graph, canonical URLs, RSS feed, and a generated sitemap.
  • Deployed on Cloudflare Pages.

Local development

npm install
npm run build      # build the static site into _site/
npm run serve      # local dev server with live reload

Contributing & feedback

Issues and suggestions are welcome — open an issue on GitHub. If a code sample or a regulatory citation could be clearer or more current, that feedback is especially valuable.

Disclaimer

This site is a technical reference for building compliant software. It is not legal advice. Regulatory requirements change and vary by jurisdiction; confirm current DEA, FDA, and state-board obligations with qualified counsel before relying on any pattern here in production.


Built and maintained by Pharmacy Inventory Logging · www.pharmacyinventory.org

Popular repositories Loading

  1. pharmacy-inventory-logging pharmacy-inventory-logging Public

    Production-grade technical reference for building DEA-, HIPAA-, and FDA DSCSA-compliant pharmacy inventory and controlled-substance logging systems, with runnable Python.

    CSS