Does the supply chain itself make any contribution to patient safety?  The legitimate pharmaceutical supply chain is that complex web of companies that move drugs from the manufacturers to the pharmacies that dispense them to patients.  The supply chain always includes both of those end points (manufacturer and pharmacy) and, in the U.S., normally also includes at least one wholesaler.  The supply chain is typically viewed as “Manufacturer to Wholesaler to Pharmacy”, whether the pharmacy is within a hospital, clinic, retail independent, chain store, grocery store, or mail order.  The great majority of prescription drugs arriving in the hands of U.S. patients have passed through this supply chain.

So what contribution does this chain make toward the safety of those patients?  In my view, it comes in three ways:

1. Supply Chain Integrity
   This includes the responsibility of each supply chain company—and by extension to each of their employees—to be ever vigilant for attempts by criminals to introduce illegitimate drug products into the legitimate supply chain.  Trading partners should know their suppliers very well (to prevent the introduction of counterfeit, tampered or stolen drugs) and they should also know their customers (to detect and stop diversion).  The protection of patients here is fairly obvious.  They can trust that the prescriptions they receive at any legitimate pharmacy in the U.S. will contain exactly the legitimate drug their Doctor or Pharmacist prescribed.  When supply chain integrity breaks down, very sad things happen.
2. Recall Execution
   This includes extremely fast (near instant?) blockage of any shipment of units covered by a recall, communication of the recall notice to supply chain customers who have been shipped the recalled units any time in the past, and a tight quarantine of the recalled units to ensure that they cannot make their way back into regular stock.  Once a recall is issued—especially a safety recall—there should be no way for these units to move forward in the supply chain again.  Patients are protected by the immediate removal of a large pool of the recalled items from their availability, thereby reducing the problem to those remaining units that have already been dispensed to patients by pharmacies (and those drugs are outside the supply chain).  When this breaks down, patients may end up being dispensed prescriptions that contain the recalled medicine even after the recall has been issued.
3. Data Quality
   This includes the use of accurate data about each drug by every company in the supply chain.  The drug manufacturer creates this data and each successive owner in the supply chain must ensure that they are using that exact data as part of their buying, selling and dispensing.  Patients are protected mostly by their pharmacy’s use of accurate data, but because the supply chain arm of a pharmacy company may rely—at least in part—on data received from their supplier, in those instances, the quality of the data supplied will have a direct impact on patient safety.  When this breaks down there is a slight, but unnecessarily elevated risk that a patient somewhere could receive the incorrect dosage, the incorrect drug entirely, or a drug that is covered by a known recall.

Interestingly, all of these contributions to patient safety become much easier to implement and are much more reliable in execution when the drug packages are serialized and all companies in the supply chain make use of those serial numbers to maintain pedigrees.  For downstream trading partners to be able to make use of these serial numbers it is essential that manufacturers also supply two types of data for each product they serialize:  Supply Chain Master Data (SCMD) for each Stock Keeping Unit (SKU), and Instance Data (IData) for each serial number.

SUPPLY CHAIN MASTER DATA SYNCHRONIZATION

SCMD is the data that describes each product that is traded in the supply chain.  The synchronization of that data requires the creator (with a lower case “c”…I’m referring to the drug manufacturer here, not God) to pass it to every potential supply chain owner of their products, and keep it up-to-date, so that they always have the correct information.  The product code is the identifier that is used by supply chain members to link to, and reference, the SCMD.  In the case of drugs in the U.S., that product code is the NDC.

As you might expect, GS1 has a series of standards that can be used to implement SCMD.  They include the Global Trade Item Number (GTIN) and Global Data Synchronization Network (GDSN) standards.  In the pharmaceutical supply chain a GTIN can be composed from the combination of an FDA-issued Labeler Code and FDA-registered Product Code (the two components of the NDC) as a base, although manufacturers are expected to register with GS1 and pay a fee before doing so.

GS1’s GDSN is a standard that can be used by supply chains to communicate SCMD to all of the companies who participate in it.  Generally, its use requires all trading partners in a given supply chain to subscribe to a GDSN-conformant Data Pool service provider.  Unilateral adoption of GDSN by a single company doesn’t make any sense.  It’s a high bar for a large and complex supply chain to achieve through voluntary means.  Right now the pharma supply chain in the U.S. has not achieved it and so the quality of SCMD in the supply chain is currently dependent on ad hoc relationships and data passing.  Some of this includes manual data entry into the local master data systems at many points in the supply chain. 

INSTANCE DATA COMMUNICATION

Instance data is data that describes the unique and specific identity of individual units, or a relatively small collection of units of a given SKU.  For the pharmaceutical supply chain this always includes the lot and expiration date of each unit, but in the future it could also include covert security elements that could vary and therefore could be unique by the individual unit.  Like SCMD, only the creator (again, the manufacturer, but also repackagers) can create the instance data.  The unique identifier—typically composed of the product code plus a serial number—is the identifier that is used by supply chain members to link to, and reference, the instance data.  Some instance data, like information about individualized covert security elements, are not shared with downstream trading partners but are kept by the creator for use in their product or package authentication system, but data like lot and expiration date must be shared with downstream trading partners.

Again, as you might expect, GS1 has a standard to help supply chains exchange instance data.  The Electronic Product Code Information Services (EPCIS) standard can be adopted by supply chains for this purpose.  Unlike GDSN, there may be reasons a company can find value in applying EPCIS unilaterally, but the adoption of EPCIS for communicating instance data with trading partners only makes sense if all of your trading partners agree to adopt it as well.  So far the pharma supply chain in the U.S. has not yet adopted EPCIS widely for the purpose of exchanging instance data, but the standard has caught the attention of a number of the larger corporations within the supply chain.  Some of those companies are working with GS1 U.S. to figure out how this instance data can be exchanged in an interoperable way.  Currently there is no widely adopted alternative approach for communicating instance data because serialization, the enabling prerequisite technology, is only just now starting to be deployed on a handful of products in the supply chain.

MOTIVATION FOR ADOPTION

Deploying applications that serialize units, synchronize SCMD and communicate instance data through the supply chain is expensive.  Generally, companies look for hard financial returns on any investments they consider.  It’s nearly impossible to find a positive ROI from serialization and the associated data synchronization and communication.  That is, depending on how you measure “return”, and that depends on your motivation. 

Richard Feldman, Vice President of Trade and Product Safety at EMD Serono, a manufacturer of biopharmaceuticals, and Ron Bone, Sr. Vice President, Distribution Support at McKesson, a U.S. pharmaceutical wholesaler, both spoke about motivation as it relates to adoption of this type of technology at the Track and Trace Technology Seminar held by the Healthcare Distribution Management Association (HDMA) this past December.  Feldman spoke about his company’s high-level commitment to patient safety and how that commitment motivated the corporation to view funds spent on technologies designed to protect the supply chain as sound investments.  They measured the return on their investments differently than those who looked only for the hard financial returns that are so hard to come by.  Bone spoke of a similar commitment at McKesson.  Both referred to understanding and support from the highest levels of the company leadership. 

These are true supply chain organizations who realize that their very existence as participants in the pharma supply chain comes with a responsibility to contribute to its integrity.  The “return” on those investments may be immeasurable because it is most directly collected by their ultimate customers—the patients.  The result is a more secure supply chain, and a more secure supply chain is a healthier one.  One that will continue to operate well, and that ensures their ongoing participation in it.  Now that’s a “return” that every company should recognize and embrace.

We need to make a clear distinction between traditional Master Data (MD), Supply Chain Master Data (SCMD), and Instance Data (IData). This will help us understand some important differences in various supply chain track and trace technologies.

Master Data

Wikipedia defines “Master Data” like this today:

“…Master Data is that persistent, non-transactional data that defines a business entity for which there is, or should be, an agreed upon view across the organization.”

This isn’t detailed enough for me. MD must include a data element that serves as an identifier. An identifier that refers to a given MD record must be unique within the organization.

Good candidates for MD are customer information, location information, product information and employee information. The characteristic these all have in common is that the data behind them rarely change. For example, I have been issued an employee number by my company. My employee number is the unique identifier for the MD that describes me to the company. My mailing address, phone number, marital status, social security number rarely change.

Most organizations make use of MD so that they can maintain the definition of these entities in a single place, and they can simply refer to these definitions through the corresponding unique identifier. The identifier provides a quick way to get to the full set of information. In many cases, the identifier can serve as a stand-in for the full set of information.

Supply Chain Master Data

Wikipedia doesn’t yet have a definition for Supply Chain Master Data. I’ve coined the term to describe something that is similar, but distinctly different than Master Data as described above. I’ll define it like this:

“Supply Chain Master Data is that persistent, non-transactional data that defines a business entity for which there is, or should be, an agreed upon view across the supply chain.”

The only difference from the definition of MD above is that the definition of the business entity spans the supply chain, not just a single organization. For that to work, you need a standard so that everyone agrees on the definition of the data elements, the identifier and the rules for maintaining the data.

GS1 has defined the GLN (Global Location Number) standard for location identifiers and GTIN (Global Trade Item Number) for product identifiers. When you combine these standards with their GDSN (Global Data Synchronization Network) standard, you have what I have defined as SCMD. The GLN and GTIN standards are carefully defined to ensure that every identifier created by any entity in the supply chain is unique from every other one.

To learn the full details of these GS1 standards, including the rules that surround them, you have to read the GS1 General Specification. GS1 likes to sell it to you, but you can usually find it for free download by searching for it on the internet.

An important characteristic of SCMD that differentiates it from simple MD is that it has a property of ownership. That is, instances of SCMD may be used by entities throughout the supply chain, but each instance is owned (controlled) by only a single entity–the one that created it in the first place.

For example, the manufacturer of a product will generate (create) a GTIN identifier for that product and they will fill in the pertinent data fields that describe it. The manufacturer will use a GDSN service (or some other means) to distribute the SCMD to its trading partners for their use, but only the manufacturer has the right and the responsibility to maintain the content of the data associated with the GTIN. This is pretty easy because, like MD, SCMD should rarely change.

Also like MD, supply chain transactions will often refer to the product only by its GTIN as a shorthand way of referring to the full set of information contained in GDSN for that product.

Understanding the concept of SCMD and its characteristics is very important when discussing the characteristics of various pedigree models. I will finally return to the discussion of those in one of my next posts.

Instance Data

Instance Data also doesn’t have a definition in Wikipedia yet, but the name and the concept has recently been raised in some of the work groups within GS1. Here is my definition:

“Instance Data is data that is specific to a small set of instances of a particular serialized object class.”

IData is not a type of master data because there is no identifier involved and so there can be no separate set of information that describes it. Instead, it is simply data that can vary across each instance. For example, a serialized pharmaceutical always has a lot/batch number associated with each unit. A finite set of the serialized instances share the same lot/batch number (an “instance” is simply a single unit of the product).

I can’t think of another real example of instance data, but I suspect that once item-serialization becomes widespread there will be more types of IData defined. One possibility would be for a manufacturer to vary some characteristic of their covert anti-counterfeiting mechanism so that each unit of a product would be more unique than it is today. This IData would indicate which units received which polarity, or which color, or whatever characteristic that is being varied. This type of IData would not be shared with supply chain partners but would be retained by the manufacturer for use in an authentication scheme. Of course, IData can only exist if every unit has a unique serial number on it.

I hope this hasn’t been too technical for you. If you’re still reading, well done. You are now prepared for the next level of discussion of pedigree models.