Does the supply chain itself make any contribution to patient safety?  The legitimate pharmaceutical supply chain is that complex web of companies that move drugs from the manufacturers to the pharmacies that dispense them to patients.  The supply chain always includes both of those end points (manufacturer and pharmacy) and, in the U.S., normally also includes at least one wholesaler.  The supply chain is typically viewed as “Manufacturer to Wholesaler to Pharmacy”, whether the pharmacy is within a hospital, clinic, retail independent, chain store, grocery store, or mail order.  The great majority of prescription drugs arriving in the hands of U.S. patients have passed through this supply chain.

So what contribution does this chain make toward the safety of those patients?  In my view, it comes in three ways:

1. Supply Chain Integrity
   This includes the responsibility of each supply chain company—and by extension to each of their employees—to be ever vigilant for attempts by criminals to introduce illegitimate drug products into the legitimate supply chain.  Trading partners should know their suppliers very well (to prevent the introduction of counterfeit, tampered or stolen drugs) and they should also know their customers (to detect and stop diversion).  The protection of patients here is fairly obvious.  They can trust that the prescriptions they receive at any legitimate pharmacy in the U.S. will contain exactly the legitimate drug their Doctor or Pharmacist prescribed.  When supply chain integrity breaks down, very sad things happen.
2. Recall Execution
   This includes extremely fast (near instant?) blockage of any shipment of units covered by a recall, communication of the recall notice to supply chain customers who have been shipped the recalled units any time in the past, and a tight quarantine of the recalled units to ensure that they cannot make their way back into regular stock.  Once a recall is issued—especially a safety recall—there should be no way for these units to move forward in the supply chain again.  Patients are protected by the immediate removal of a large pool of the recalled items from their availability, thereby reducing the problem to those remaining units that have already been dispensed to patients by pharmacies (and those drugs are outside the supply chain).  When this breaks down, patients may end up being dispensed prescriptions that contain the recalled medicine even after the recall has been issued.
3. Data Quality
   This includes the use of accurate data about each drug by every company in the supply chain.  The drug manufacturer creates this data and each successive owner in the supply chain must ensure that they are using that exact data as part of their buying, selling and dispensing.  Patients are protected mostly by their pharmacy’s use of accurate data, but because the supply chain arm of a pharmacy company may rely—at least in part—on data received from their supplier, in those instances, the quality of the data supplied will have a direct impact on patient safety.  When this breaks down there is a slight, but unnecessarily elevated risk that a patient somewhere could receive the incorrect dosage, the incorrect drug entirely, or a drug that is covered by a known recall.

Interestingly, all of these contributions to patient safety become much easier to implement and are much more reliable in execution when the drug packages are serialized and all companies in the supply chain make use of those serial numbers to maintain pedigrees.  For downstream trading partners to be able to make use of these serial numbers it is essential that manufacturers also supply two types of data for each product they serialize:  Supply Chain Master Data (SCMD) for each Stock Keeping Unit (SKU), and Instance Data (IData) for each serial number.

SUPPLY CHAIN MASTER DATA SYNCHRONIZATION

SCMD is the data that describes each product that is traded in the supply chain.  The synchronization of that data requires the creator (with a lower case “c”…I’m referring to the drug manufacturer here, not God) to pass it to every potential supply chain owner of their products, and keep it up-to-date, so that they always have the correct information.  The product code is the identifier that is used by supply chain members to link to, and reference, the SCMD.  In the case of drugs in the U.S., that product code is the NDC.

As you might expect, GS1 has a series of standards that can be used to implement SCMD.  They include the Global Trade Item Number (GTIN) and Global Data Synchronization Network (GDSN) standards.  In the pharmaceutical supply chain a GTIN can be composed from the combination of an FDA-issued Labeler Code and FDA-registered Product Code (the two components of the NDC) as a base, although manufacturers are expected to register with GS1 and pay a fee before doing so.

GS1’s GDSN is a standard that can be used by supply chains to communicate SCMD to all of the companies who participate in it.  Generally, its use requires all trading partners in a given supply chain to subscribe to a GDSN-conformant Data Pool service provider.  Unilateral adoption of GDSN by a single company doesn’t make any sense.  It’s a high bar for a large and complex supply chain to achieve through voluntary means.  Right now the pharma supply chain in the U.S. has not achieved it and so the quality of SCMD in the supply chain is currently dependent on ad hoc relationships and data passing.  Some of this includes manual data entry into the local master data systems at many points in the supply chain. 

INSTANCE DATA COMMUNICATION

Instance data is data that describes the unique and specific identity of individual units, or a relatively small collection of units of a given SKU.  For the pharmaceutical supply chain this always includes the lot and expiration date of each unit, but in the future it could also include covert security elements that could vary and therefore could be unique by the individual unit.  Like SCMD, only the creator (again, the manufacturer, but also repackagers) can create the instance data.  The unique identifier—typically composed of the product code plus a serial number—is the identifier that is used by supply chain members to link to, and reference, the instance data.  Some instance data, like information about individualized covert security elements, are not shared with downstream trading partners but are kept by the creator for use in their product or package authentication system, but data like lot and expiration date must be shared with downstream trading partners.

Again, as you might expect, GS1 has a standard to help supply chains exchange instance data.  The Electronic Product Code Information Services (EPCIS) standard can be adopted by supply chains for this purpose.  Unlike GDSN, there may be reasons a company can find value in applying EPCIS unilaterally, but the adoption of EPCIS for communicating instance data with trading partners only makes sense if all of your trading partners agree to adopt it as well.  So far the pharma supply chain in the U.S. has not yet adopted EPCIS widely for the purpose of exchanging instance data, but the standard has caught the attention of a number of the larger corporations within the supply chain.  Some of those companies are working with GS1 U.S. to figure out how this instance data can be exchanged in an interoperable way.  Currently there is no widely adopted alternative approach for communicating instance data because serialization, the enabling prerequisite technology, is only just now starting to be deployed on a handful of products in the supply chain.

MOTIVATION FOR ADOPTION

Deploying applications that serialize units, synchronize SCMD and communicate instance data through the supply chain is expensive.  Generally, companies look for hard financial returns on any investments they consider.  It’s nearly impossible to find a positive ROI from serialization and the associated data synchronization and communication.  That is, depending on how you measure “return”, and that depends on your motivation. 

Richard Feldman, Vice President of Trade and Product Safety at EMD Serono, a manufacturer of biopharmaceuticals, and Ron Bone, Sr. Vice President, Distribution Support at McKesson, a U.S. pharmaceutical wholesaler, both spoke about motivation as it relates to adoption of this type of technology at the Track and Trace Technology Seminar held by the Healthcare Distribution Management Association (HDMA) this past December.  Feldman spoke about his company’s high-level commitment to patient safety and how that commitment motivated the corporation to view funds spent on technologies designed to protect the supply chain as sound investments.  They measured the return on their investments differently than those who looked only for the hard financial returns that are so hard to come by.  Bone spoke of a similar commitment at McKesson.  Both referred to understanding and support from the highest levels of the company leadership. 

These are true supply chain organizations who realize that their very existence as participants in the pharma supply chain comes with a responsibility to contribute to its integrity.  The “return” on those investments may be immeasurable because it is most directly collected by their ultimate customers—the patients.  The result is a more secure supply chain, and a more secure supply chain is a healthier one.  One that will continue to operate well, and that ensures their ongoing participation in it.  Now that’s a “return” that every company should recognize and embrace.

My favorite pharmaceutical supply chain blog is DrugChannels by Dr. Adam J. Fein (PhD). Dr. Fein started his blog in May 2006. I became a subscriber and regular reader sometime later that year. The focus of DrugChannels is “Pharmacy economics and the pharmaceutical supply chain”, which has often included very rational opinions on the economic viability of various pedigree laws.

My RxTrace blog has only been around for a short time and its focus is “the intersection between the pharmaceutical supply chain, track and trace technology, standards and regulatory compliance”. This is almost the inverse of DrugChannels. I’d like to think they are complementary but I suppose we can’t judge that until I generate quite a few more posts. Either way, I owe quite a lot to Dr. Fein and DrugChannels because they provided me the inspiration for starting this blog.

In a recent email exchange, Dr. Fein drew my attention to the FDA document, “Safer Medical Products: Investments for Supply Chain Safety and Security”, a 22-page apparent explanation for an increase of $166,433,000 and 346 FTE’s in the FDA’s FY 2010 budget proposal. Part of the increase “…includes investments that will allow FDA to implement new approaches to effectively regulate the safety and security of the supply chain of medical products …”. “Medical products” include human drugs, vaccines, blood and other biological products, medical devices, animal drugs and medicated feed.

New Approaches

The biggest driver of the need for the increase is the rapid globalization of the supply chain for medical products that end up in the medicine cabinets of Americans.

“The priorities proposed in this initiative will assure the safety and security of foreign and domestic sources of ingredients, components, and finished products at all points in the supply chain…”.

“Supply Chain Safety and Security relies on risk-based prevention with a verification-focused approach to hold all segments of industry accountable for ensuring that their products meet U.S. safety standards, with FDA verifying compliance with standards.”

“FDA will increase medical product safety and security by enhancing oversight of entities in the supply chain.”

The proposal promises to hire more experts and modernize FDA information technology. But it also includes funds to fight internet drug fraud, and to allow FDA to develop policy options related to drug importation.

“FDA will develop policies to implement the Administration’s policy of allowing Americans to buy safe and effective drugs from other countries.”

So is the FDA Responsible for Global Supply Chain Security?

Lots of interesting content for everyone to mull over. Daniel R. Matlis, president of Axendia, has done just that in a post on the PharmTechTalk blog. In his post he uses the FDA document to question whether securing the global medical products supply chain should be the FDA’s responsibility or the industry’s. It’s an interesting question and Matlis juxtaposes the FDA paper against comments reportedly made by Gerald Migliaccio, Vice President of Quality, EHS and Agility at Pfizer Global Manufacturing at a recent joint session of the PharmTech Conference and the Manufacturing Execution System in Life-Sciences Congress. Migliaccio believes that, “Supply chain security is the responsibility of all parties involved in procurement/ sourcing, manufacturing, packaging and distribution of raw materials, intermediates and final product.”

Matlis concludes that industry and regulators have different roles in securing the supply chain and that we all benefit by their efforts. After raising such a provocative question, I felt let down by such a milquetoast conclusion. Like Gerald Migliaccio, I believe the responsibility for supply chain security falls squarely on every participant in that chain, global or domestic. FDA is an arm of our government—that which is of, by and for…us, the consumers, the patients. To me, it seems backwards to make the consumer/patient responsible for the safety and security of the supply of products that are advertised as being safe and beneficial to our health and wellbeing.

I’m not arguing against the existence of the FDA, only the argument that it is up to the FDA to ensure the safety and security of the supply chain. What we need from the FDA are standards that ensure that illegitimate supply chain activity can be detected automatically by the supply chain participants themselves. Arming each buyer in every purchase transaction in the supply chain with the means to reliably, quickly and independently verify each prior transaction back to the original manufacturer would accomplish exactly that. I’ll explain how that can be done in future posts.