Will The Pharma Supply Chain Find Any Value In GS1 Discovery Services?

I’m pretty excited about the kickoff this Wednesday of the GS1 EPCglobal Software Action Group (SAG) Discovery Services Work Group which will take the business and technical requirements that were collected by an earlier group and turn them into an actual standard.  This will be the first new major technical standard GS1 has started for quite a few years.  The most recent kickoff I can remember was the GS1 Drug Pedigree Messaging Standard (DPMS) which kicked off back in late 2005 and completed in January 2007.  The GS1 Electronic Product Code Information Services (EPCIS) standard effort kicked off in late 2004 and completed in April 2007.  That gives you an idea of how long these things take.

The effort to create the business and technical requirements for Discovery Services started just about two years ago and completed this past December.  How long will it take to get to a ratified standard?  The GS1 Discovery Services Work Group Charter predicts it will be done in June of 2011, but predictions in charter documents are notoriously optimistic.  The EPCIS Charter predicted that standard would be ratified in August of 2005, for example—one third the time it actually took.

This is not a bad thing in my opinion.  A Charter document needs to estimate how long the effort will take, but once things get rolling, GS1 EPCglobal takes as long as needed to get the standard right.  So how long will this one take?  Based on how long the requirements took, I’m guessing the development of this standard will take some time.  Right now, I’d guess it will be complete sometime in early 2012.  That would be two years.  Hmmm….  Almost feels too short.  We’ll see.

Standards development can be contentious.  If it’s done right, that is.  I’m talking about contentiousness along the lines of the Lincoln-Douglas debates or the crafting of the U.S. Constitution, only pitting different technical approaches against each other.  The GS1 EPCglobal SAG facilitation crew really knows what they are doing when it comes to facilitating contentious groups so the blood, sweat and tears invested are directed in a positive direction and results in a valuable standard in the end.  I worked with Mark Frey in the development of DPMS and I just can’t say enough good things about him.  According to the charter document, Mark will be involved in the Discovery Services group, as will Giselle Ow-Yang—a great start.  From these choices you can tell GS1 EPCglobal places a lot of importance on the success of this effort.


Right now, I don’t think the pharma supply chain will be able to make use of Discovery Services for regulatory compliance with current or even future pedigree laws.  As far as I can tell, I’m the only person I know who sees it that way so let me explain.  It comes down to what Discovery Services is aimed at and how that differs from what pedigree laws are trying to accomplish.  There seems to be a disconnect between what people think a pedigree law is trying to accomplish and the reality.  That leads them to the misconception that something like Discovery Services has value for compliance.

I reach this, perhaps shocking conclusion from the following analysis.


In my first substantive essay in this blog I pointed out what I called a fundamental law of commerce.  That is, when regulations mandate that a product’s value is determined by the ability to show, at any time, specific information about the product’s history, then the buyer of that product must receive all of the necessary information from the seller at the same time the product is received.  That information is so intertwined with the product’s value that it actually becomes part of the product itself, and needs to move with it.  Supply Chain companies who buy products can’t rely on previous owners to hold information on their behalf without a contract to do so if the total value of those products depends entirely on the instant availability of that information at any unpredictable moment.

This is the case with drugs in supply chains that operate under pedigree regulations.  If a regulatory inspector arrives at the door of one of these companies and asks to see the pedigree of any item they happen to pick randomly from the inventory, and the company cannot produce the pedigree because they are unable—for any of a myriad of reasons—to collect it from remote databases controlled by upstream trading partners, that item has zero value and the company should expect to be fined, or worse.

When this scenario happens, more than likely the pedigrees of a lot of other units will also be unavailable at the same time for the same reason.  This single inspection at the wrong time–when an earlier owner’s database is, coincidentally, unavailable–could result in a significant part of the company’s inventory being impounded, large fines imposed and the opening of a wider investigation.  All because essential information was not in the control of the party that was responsible.

So, a distributed pedigree doesn’t work in a regulated supply chain.  But why doesn’t this issue get discussed more in industry groups that are trying to figure out how to create an interoperable, standard approach for the industry to follow to meet the current and future pedigree laws?  It’s because of a very interesting thing about this “fundamental law”:  for the most part, it has no impact on drug manufacturers.

They don’t buy drugs, so, even if a distributed pedigree were selected as the industry solution, they would almost never need to access data on anyone else’s server to reconstruct a pedigree.  All pedigrees from their perspective are entirely stored on their own servers because they start them.  Because of this fact, drug manufacturers won’t “feel” this problem with a distributed pedigree.  Only wholesalers and pharmacies will “feel” it because they buy drugs from upstream trading partners.  Right now the pharmacies are not participating much in the search for a solution, and the number of wholesalers involved is not great.  The largest representation is from the manufacturing segment.


More recently I posted an essay on the “deputization” of the pharmaceutical supply chain by regulators.  This is a recent phenomenon where regulatory agencies have begun to require supply chain member companies to monitor the supply chain themselves.  It comes from the realization of two things by the regulators:

  1. the supply chain is too massive for regulatory enforcement officers to inspect anywhere near enough transactions to detect illegitimate behavior;
  2. the responsibility for supply chain security rests with the participants and not just with the regulators.

When you put these two concepts together, the only natural conclusion is that supply chain participants must self-monitor and report suspicious activity.

You can see this deputization in the way the Florida and California Pedigree Laws are written.  They both require companies who buy drugs in the supply chain to receive a pedigree for every drug purchased (although in Florida, wholesalers who buy directly from the manufacturer are allowed to initiate pedigrees).  They also require the recipient to check those received pedigrees for errors, inconsistencies and omissions—all before they are allowed to put the drugs they purchased into regular inventory.  Any irresolvable discrepancies must be reported and the drugs must be quarantined pending further investigation.

I hope it’s obvious to you that the buying company must have all of the prior supply chain history—the pedigree— of every drug before they can properly perform this analysis and before they can confidently place it into usable inventory.  Theoretically you could accomplish this with a network of distributed information servers, but the full set of pedigree data would also have to be passed down the supply chain, along with the drug, in addition to it being distributed.  However, the official pedigree—the one that companies and regulators would rely on—would remain the information that is passed.


On their website, GS1 EPCglobal answers the question, “What is ‘Discovery’?” this way:

“’Discovery’ is finding and obtaining all relevant visibility data, of which a party is authorized, when some of that data is under the control of other parties with whom no prior business relationship exists.”

They view the benefits of Discovery Services to include:

  • “Enable trading partners to discover all of the resources who may have information about things (who has data about EPCx? Where is their EPCIS located so I can ask about this data about EPCx?)                  
  • “Enable trading partners to exchange data in a secure way with parties that they may not have a prior direct business relationship                  
  • “Will ensure each party retains rights of ownership of its visibility data                  
  • “Will ensure that queries are authorized and authenticated”                  

Clearly Discovery Services has a value if your supply chain can get away with distributing visibility data across the supply chain, but I’ve already dismissed the utility of this approach for pedigree compliance above.  But if a push-model is used for compliance instead, what value are these benefits? 


When you look at the future Discovery Services standard through this analysis, how can you conclude that it will contribute any value to pedigree compliance?  I don’t, but lots of other people, who have not seen my analysis, do.  But how about value from non-compliance uses?

When you think about it, the concept of pedigree—or chain-of-custody/ownership—is a historical view back “up” the supply chain, as viewed from the perspective of where a drug is right now.  That fulfills one side of the concept of “track and trace”.  Different people define that concept in different ways, but I subscribe to the group that believes that “trace” is the capability that is encased in the concept of “pedigree” (thus the name of my blog:  RxTrace).  In my view, a push-model pedigree completely fulfills the definition of a “trace”, but it does nothing to enable the other side of the coin:  “track”.

“Track”—a consolidated forward view of exactly where drugs are right now in the supply chain from the perspective of previous owners—has value for things like recalls, regional emergency response, manufacturer production planning and wholesaler purchase planning to name a few.

Tracking drugs may also make an important contribution to supply chain integrity by helping to detect diversion, theft and duplication of unique identifiers by counterfeiters, depending on the adoption model.  This is where the real value of Discovery Services lies for the pharma supply chain.  But tracking of drugs, and the use of Discovery Services as part of the implementation, has some thorny data ownership issues that will have to get solved.

So why am I so excited about the kickoff of the Discovery Services standard development work group?  I want to help find a way to solve those thorny data ownership issues that stand in the way of some of these “track” applications.  I think they will exist in all supply chains but perhaps pharma’s use case has the most thorns.  If we can find the right technical solution to that issue I think the supply chain will find the value in Discovery Services… It just won’t come from pedigree compliance.

If you’ve stayed with me by reading this far, then you should join me on the work group.

8 thoughts on “Will The Pharma Supply Chain Find Any Value In GS1 Discovery Services?”

  1. Well thought out post, Dirk. I personally believe the non-compliance value of Discovery Services in the pharma supply chain will be proven-out with recall, returns and other use cases that require multi-hop data sharing to accurately solve. Insights you can share on why diversion detection will be the highest value use cse for DS will be appreciated. Thanks again for the excellent posts.

    1. John,
      Thanks for your support. My comments about the non-compliance uses of Discovery Services were couched with the qualifier “depending on the adoption model”. Let me explain. The “adoption model” of “track and trace” is actually split into two different adoption models. As I have discussed, “Trace” is the concept of “pedigree”, and the general adoption model of pedigree is mandated by pedigree laws, wherever they apply. That is to say, under those laws, everyone in the supply chain must participate and everyone must pass the same specific data elements. There is not a lot of room for variation because of the mandate.

      But “Track” is not mandated by any law so it can have wide variation in the adoption model. No company is compelled to participate in “Track”. In fact, most of the data needed to properly track drugs through the supply chain will be owned by wholesalers. A workable adoption model for “Track” in a serialized pharma supply chain will have to acknowledge that ownership. There is no guarantee that such an adoption model will be developed or widely deployed because “Track” is fully voluntary. Therefore there is no guarantee that GS1 Discovery Services will actually result in the potential benefits of Track that I listed, including diversion detection.


  2. Dirk, excellent essay! I think you are right to emphasize that the primary value of discovery services within pharma would be in a trading partner’s ability to track. Although, you could argue that discovery services would allow for a greater depth of trace if pedigrees were to continue to be used to represent the chain of ownership rather than the chain of custody of dangerous drugs.

    1. Daniel,
      Thanks. You could make that argument in theory, but to make it work would require a mandate to force all manufacturers to put RFID tags on all cases and pallets, and every handler of drugs in the supply chain–owners and non-owners–would have to install RFID infrastructure and connect to Discovery Services. It sounds like a solution provider’s dream, but I think it is unlikely to become a law. So far, regulators and legislators don’t like to mandate specific technical solutions, preferring to leave that choice up to the industry.

      There are quite a few manufacturers who appear to be interested in applying RFID tags on their cases and pallets, but there are still a sizable number who appear to be planning to use only barcodes due to the cost difference. This makes it logistically impractical to track cases through non-owner points.

      Also, the owners of drugs in the supply chain (and regulators too, for that matter) will resist providing non-owner handlers of the product with any of the item-level details of the container contents, including aggregation information. For this reason, non-owner handlers (couriers, delivery companies, trucking companies, etc.) would not be able to perform the practice of item-level inference and that will seriously complicate the ability to track drugs through these points. Remember, pedigree regulations focus on tracing the items, not the containers.

      So, to me, what you are suggesting may be true in theory, it is probably impractical.

      Would you agree?


  3. I don’t agree with the claim that RFID for cases and pallets is required in order for Discovery Services to add value by offering a greater depth of trace. Sure you can make a case that it is ideal; particularly when Chain of Custody information needs to be registered by non-Business Owners such as carriers as you point out. But the RFID on pallet and cases debate needs to be handled separately. Instead, my claim was that the industry could use a non-Discovery Services based pedigree model to express Chain of Ownership information and rely on Discovery Services to interrogate the network for more detailed Chain of Custody information registered to the system by Business Owners. And because Business Owners will have the information for item-level inference, the RFID only claim doesn’t hold up.


    1. Daniel,
      Thanks for clarifying that. Now I understand what you are saying and I do agree with you. With the additional level of depth being registered by the product owners it eliminates my concern about the non-owners needing the additional infrastructure and aggregation information.


  4. Hi Dirk,

    Thank you for another thought provoking article. I have been thinking over the pedigree law and the point that pedigree information is actually part of the product itself. This reminded of the Electronic Funds Transfer (EFT) Act, which requires “banks” to respond and resolve consumer issues within a defined timeframe and quality.


    Initially when PayPal started up, it ran into some difficulties in being compliant with the act. Since it had to overcome some hurdles that the traditional players had a good handle on. But overcoming those challenges enabled it to be the de-facto online financial transaction facility.

    How about if traceability solution providers guaranteed access to Traceability information, under an act similar to EFT? For example, there can be Availability Certification programs that service providers can subscribe to and would ensure that their solution is in compliance with the EFT.

    So each supply chain participant would host the entire pedigree that it is holding over their own EPCIS and the industry Discovery Services. Access control to this information is made possible thru standard interfaces and in compliance with the regulation.

    This approach would enable traceability further down the chain beyond the packaged products [, while protecting trade secrets via auxiliary services such as identifier anonymizers.] As well as having the ability to be extended up the stream to consumers, via smart medicine cabinets, which can participate and assist in performing surgical recalls.

    Are there cases where the pedigree information owner is not known when the goods leave the custody of the shipper? For example with distribution channels and 3rd party service providers. I am asking this since the product itself and its e-pedigree information could travel on different channels.

    Best Regards,

  5. Ali,
    Thanks for the compliment and thanks for reading. If I understand your proposal I think it could work, but I’m not sure it would be the best solution. In my view, each buyer of a drug receiving the full pedigree up to that point is the best way of ensuring that they alone control the value of that drug. They don’t have to rely on third parties and contracts to ensure it. Combine that with EPCIS’s and Discovery Services for use with the non-regulatory “track” applications and you end up with the best track and trace capability you could want.

    On the other hand, I proposed a track and trace system three years ago that relied on third-party repositories and subscriber contracts that specified things like high availability, disaster recovery and service level agreements. At that time, no one really liked the idea because the concept of a distributed pedigree that relied on something like discovery services still had a lot of appeal to most people.

    I think the concept could work with the right kind of contracts, but I’m suspicious that the cost would be prohibitive because of the high cost of a major data loss or connectivity problems.


Comments are closed.