GS1

I’ve been an active GS1 participant since EPCglobal was first acquired by GS1 in 2003. It is an interesting organization, often both vital and frustrating at the same time. GS1 is a single source for essential supply chain standards that have global applicability. Rather than attempting to dictate those standards they invite people and companies to work with them on the definitions and the application of their standards. They have really great facilitators for some of their work groups with the very best being Mark Frey and Gena Morgan. The quality of their standards documents is quite high. And they have some really smart people in their EPCglobal Architectural Review Committee (ARC), notably Ken Traub, John Williams and Sanjay Sarma.

My hope is that this blog will be of some value to both members and non-members of GS1, but, I can only cover topics related to the organization and their public documents. Specific details about work group activities cannot be covered. However, I do not think that is too limiting and I think members and non-members will find something of interest.

GS1 is a not-for-profit member organization. The way it is organized reminds me of something out of the UN with affiliate “Member Organizations”, or M.O.’s—one for each country in the world—which participate in developing and maintaining their global standards on behalf of end-user companies within their borders. End-user companies are also able to represent themselves … if they can afford the membership fee which is based on company global revenue (and that’s on top of the fees paid for use of your GS1 Company Prefix). Consequently, standards development proceeds mostly with input from employees of GS1 affiliates and from employees of large corporations. There are notable exceptions and GS1 has made a significant effort to recruit participation from hospitals and smaller pharmacies, traditionally under-represented because they are small.

My own experience as one of those employees of an end-user member company, who has participated in standards-making work groups and the end-user groups within GS1 and EPCglobal, has been very positive. I have met and collaborated with a wide range of very smart people from my own industry and others, from the U.S. and from around the globe. I’ve learned a lot about supply chains in general and about how to perform the kind of “techno-negotiations” necessary to move forward a work group of people with very diverse backgrounds and interests toward a positive conclusion. Sometimes it’s thrilling. Sometimes it’s aggravating. It’s always a lot of hard work, but I highly recommend it to anyone considering it.

GS1 also runs “adoption” end-user groups out of their M.O.’s. The purpose of these groups is to encourage the adoption of GS1 standards within the country that the M.O. represents. For example, the GS1 U.S. Member Organization operates the GS1 Healthcare U.S. group which has work groups targeted at accelerating the adoption of GTIN, GLN, GDSN and Traceability the GS1 way in the healthcare sector. These work groups do not work on standards, but they work on guidelines for use in applying those standards to solve various supply chain problems within the U.S. (also known as “toolkits”).

Actual standards have traditionally been developed in two different sub-organizations of GS1: EPCglobal and GSMP (Global Standards Management Process). GS1 is currently in a state of transition as they move the standards development arm of EPCglobal into GSMP. That’s a good thing, because these two organizations have had different approaches and, at times, seemed to operate as two independent organizations. Unfortunately, in my view, EPCglobal’s process operated better than GSMP. So far I am encouraged by the little evidence I have seen that they are retaining the good parts of the EPCglobal approach. We’ll see how far it goes.

One very commendable thing that EPCglobal has done that GSMP has not is to make their ratified standards documents freely available for download on the internet. The GSMP approach is to roll all of their diverse standards into a single and very large document known as the “GS1 General Specification” (or, “GenSpec”) and they’d like to charge you for a copy of it. Fortunately there are enough M.O.’s around the world that make it available that you can usually find a copy for free download by simply Googling it. I hope that the merged GSMP does not fold the individual EPCglobal specifications into the GenSpec and keep them hidden until you pay, but I must admit, even ANSI and ISO charge for their ratified standards documents.

GS1 also has a lobbying arm which applies pressure to governments around the world to adopt policies that are favorable to GS1 and the technologies that their standards are based on. For example, they applied considerable effort to get governments around the world to open up RF frequency bands around 915MHz so that UHF passive RFID tags could operate worldwide without violating the law somewhere. They have been very successful in that effort, as I understand it.

Another example of GS1 lobbying is when they act as technology experts before U.S. state and federal regulatory agencies. Here GS1 provides guidance toward the adoption of regulations and laws that can be met through the use of their standards. I get a little concerned about this type of lobbying because I fear that GS1 makes themselves out to be unbiased when, in fact, they do have a bias. I hope these agencies are aware of that and take it into consideration.

GS1 will be a frequent topic of this blog since they are focused on the same “intersection” as I am (see the tag line for this blog on the masthead).

Dangerous Doses

If you have chosen to read this blog but you still haven’t read Dangerous Doses by Katherine Eban, you have made the wrong choice. The book is a great read. It documents the events in the early 2000’s that led the State of Florida to pass the first state pedigree law in 2003. You can draw a straight line between those events and all of the state pedigree laws that came after it. The book is a detailed accounting of crimes that occurred after a few criminals realized that law enforcement and the courts would not take seriously any drug crime that did not involve illegal drugs. But a small group of detectives and a lone prosecutor took them on and eventually brought them to justice. The book alternates between narratives of the crimes, the pursuit of the criminals by the detectives, and Eban’s explanation of how the pharmaceutical supply chain worked back at that time.

But that’s just it. The book was written at a time when things were different than they are now in some very important ways. As I understand it, back then, you could have spent less money on a license to distribute pharmaceuticals than you would if you obtained a license to open a bar. As a consequence, there were thousands of drug wholesalers licensed in Florida. But in 2003 the state toughened its licensing laws, greatly increased the cost of the licenses and increased the penalties for crimes related to wholesale distribution of pharmaceuticals. The HDMA cataloged the significant changes to Florida’s drug distribution regulations as the result of those changes. The number of licensed wholesalers plummeted to only a few hundred in the following years.

Oh, and they passed a pedigree requirement too.

I have to admit that I don’t have a good window into what exactly is going on in the Florida crime scene today but given the heightened awareness in the press of counterfeiting and diversion stories, I have to think that there is not nearly the problem that there was back in 2002, or we would hear about it.

So that pedigree requirement really worked, right? Maybe, but I have to think that the increased licensing fees and other requirements, the increased penalties and the increased interest by the courts are the things that really caused criminals to think twice about getting into that business.

Dangerous Doses is a great book and I still highly recommend it to anyone, especially those like me, who are responsible for working on pedigree, serialization and track & trace systems for companies in the supply chain. But as you read it try to keep in mind, that era doesn’t exist anymore. Since that time many other states have taken comparable steps to strengthen their licensing and toughen penalties. And many of them have also passed some type of pedigree law. Stay tuned for more about some of those laws in later posts.

Do drugs still get counterfeited and sold in the U.S.? Probably, but the criminal activity seems to have moved from the supply chain to the internet where criminals can hide just across the borders. Check your spam folder for the evidence.

The Importance of Standards

I’ve written before about the importance of supply chain standards and how pedigree standards can be categorized as “communications standards”. I drew the analogy of the importance of standards in making cell phones work together. Because U.S. cell phone companies agreed to make use of certain standards, you are able to call your friends who chose to buy service from Sprint, when you have chosen to buy your service from Verizon, or any of a number of other U.S. carriers. Without those standards and the agreement of each company to use them, you would only be able to call people who happened to sign up with the same phone company that you did.

I won’t reproduce the whole article here but its contents are just as pertinent today as they were two years ago when it was published in Pharmaceutical Commerce magazine. That article stressed the importance of the GS1 Drug Pedigree Messaging Standard (DPMS, a.k.a. the GS1 Pedigree Ratified Standard), but any approach selected by an individual company to address pedigree legislation has to consider interoperability with whatever approach their trading partners choose. Interoperability is the goal of standards but right now there are two standards-based approaches to pedigree out there and they are not currently interoperable. That’s a problem for everyone, because the supply chain is so interconnected and diverse at the same time.

The two standards are DPMS and EPCIS–both from GS1. The history of these two standards and the differentiating characteristics of each one is too complex to cover in a single post so I’ll just provide an introduction here. I’ll continue the discussion in later posts, although I don’t plan to make the whole thing contiguous because there are other topics that I also want to cover over the same timeframe.

EPCIS (Electronic Product Code Information Services) is a GS1 standard that defines a set of interfaces for the purpose of capturing and querying serial number “visibility” data. “Visibility” data is meant to be observations and transactions that are based on observations of serial numbers that are attached to items and logistical containers of products within supply chains. I still haven’t found an easy-to-understand way to explain it, but I think those two sentences describe it fairly concisely and accurately. If you have a better way to explain it, please post a comment below.

Notice that the description doesn’t say anything about pedigree or regulatory compliance. EPCIS is a standard, but it’s a general purpose IT thing that you have to apply a specific way in order to make it work as a pedigree system. The standard is designed to be very flexible and for serialized product, it could be quite powerful if used right. There are a couple of problems for those who want to use it as a pedigree system, however.

  • There is currently no standard that describes exactly how to apply it as a drug pedigree system that would ensure interoperability across the supply chain;
  • There is the general tendency to talk about ways to turn EPCIS into a pedigree system, but I haven’t heard one yet that is likely to comply with existing pedigree laws.

I’ll cover those issues in more detail in later posts.

DPMS (Drug Pedigree Messaging Standard) is a GS1 standard that was specifically created to assist the pharmaceutical supply chain with creating an interoperable system to trace drugs in a way that can comply with existing pedigree laws. That includes Florida, California, the PDMA and all of the other states that currently have pedigree laws. The problem is, it doesn’t do much to assist companies with all of the many problems they face dealing with serial numbers on items. DPMS can take serial numbers and use them to trace those items, but there are a lot of other, non-compliance issues that must be dealt with first.

So there are problems with both standards. Perhaps an obvious solution is one that I, and others, proposed last year to combine EPCIS and DPMS to create a system that benefits from the best of both standards.

As you might imagine, there is a lot more I could discuss on this topic in later posts. But I’m going to try to stay out of the details and talk more about implications of each approach. Stay tuned…

Fundamental Law of Commerce

Over the last few years I have been kicking around an idea that helps identify an important characteristic that will be necessary in any successful supply chain pedigree or track and trace technology/regulation. I can sum it up as follows:

When regulations mandate that a product’s value is determined by the ability to show, at any time, specific information about the product’s history, then the buyer of that product must receive all of the necessary information from the seller at the same time the product is received.

Take, for instance, a secondary wholesaler in Florida today. Florida requires a secondary wholesaler to be able to show an inspector a complete pedigree for any prescription drug in their possession. If the wholesaler cannot show the proper pedigree, then the product cannot be sold in Florida. The value of the item is reduced, perhaps to zero. If this drug-without-a-pedigree can legally be shipped to sites or customers outside of Florida the reduction in value is equal to the cost of the extra shipment, extra handling and perhaps a temporary out-of-stock situation until the unexpected loss can be backfilled (and possibly a fine).

Now imagine what would happen if there were no other place to legally ship drugs whose pedigree information is unavailable when called upon. The value of the drugs would certainly be zero, or worse. That’s a risk that can be avoided by ensuring that all of the information necessary for the pedigree is in the possession of the secondary wholesaler at the time they purchase the drug.

What would cause the information to not be available? Some technical approaches to maintaining pedigree information under discussion within the industry right now might result in something I call a “distributed” pedigree. That is, one that is stored across multiple organizations; the previous owners of the drug. When it is necessary to show a complete pedigree–to an inspector, a law enforcement organization, or just to a buyer–these other organization must be called upon to provide their part of the pedigree. The occasion that leads to the need to show a complete pedigree will probably occur somewhat unexpectedly (especially in the instance of a regulatory inspection or a law enforcement action). If one or more of the organizations holding part of the pedigree information are temporarily or permanently unable to provide their part of the pedigree, the product cannot be sold and thus has lost all of its value.

The real problem with a distributed pedigree occurs when the supply chain extends beyond just two trading partners. For example, the third owner of a drug in the supply chain probably doesn’t have any business relationship with the manufacturer (the first owner). That’s why they bought the product from the second owner. There is probably no contract between the current owner of the drug and the previous owners (except the most recent seller) so there is no way to ensure that these earlier owners will provide their necessary components to the pedigree when it is called for.

The solution is to make sure that all of the necessary data for the pedigree is always supplied by the seller at the time of purchase. That way, if any of the earlier owners have technical (or other) difficulties that prevent them from being able to serve up data, it won’t affect the value of the drugs that are downstream in the supply chain. In short, a “distributed” pedigree won’t work.

I believe this concept is a corollary to the fundamental law of commerce known as “Buyer Beware”. Transmitting a full pedigree at the time of the sales transaction is one way of arming the buyer with sufficient information so they can beware.

Welcome to rxTrace

My intent for this blog is to publish my personal ideas and opinions regarding technology issues related to regulatory compliance within the U.S. pharmaceutical supply chain. I hope to cover topics like GS1 Standards, pedigree, track and trace, and issues surrounding those things, using publicly available information. This blog contains my own ideas and opinions and not those of my current or former employers and so I am solely responsible for them.

In general, the more ideas presented for consideration, the better. Most ideas will end up in the scrap heap. When I present ideas here and elsewhere, I try not to worry whether or not they might end up being rejected, because sometimes an idea that sounds bad initially can turn out to be the most innovative. Sitting on it for fear that it will be rejected would limit the chances of discovering the best idea.

All ideas benefit from collaboration with other people where they can be refined into better ideas. I hope my readers will respond often with refinements and counter-ideas. Please don’t hesitate to respond.

Thanks for reading. I hope this blog remains interesting to you.