“…[C]ommencing on July 1, 2016, a wholesaler or repackager may not sell, trade, or transfer a [prescription] drug at wholesale without providing a pedigree.
…[C]ommencing on July 1, 2016, a wholesaler or repackager may not acquire a [prescription] drug without receiving a pedigree.
…[C]ommencing on July 1, 2017, a pharmacy may not sell, trade, or transfer a [prescription] drug at wholesale without providing a pedigree.
…[C]ommencing on July 1, 2017, a pharmacy may not acquire a [prescription] drug without receiving a pedigree.”
With these words the State of California introduced a significant change to the way the pharmaceutical supply chain works (see section 4163 of the California Business and Professions Code) and has written a new page in the history of commerce. It brings pharmaceutical commerce fully into the computer age. Adam Smith would not recognize it. Today, and up to the effective dates of these provisions, the value of a legitimate pharmaceutical in the legitimate U.S. supply chain is determined by the physical condition of the product and its package. After July 1, 2016, the value of a legitimate pharmaceutical in the supply chain in California will be determined by the combination of the physical condition of the product and its package, and the sellers ability to provide the buyer with an electronic pedigree.
The intended effect of this new regulatory requirement is to place a significant roadblock in front of counterfeiters, diverters and others who would try to scam patients and the legitimate participants in the supply chain. This is a noble cause. By requiring sellers to provide buyers with a pedigree at each change in ownership in the supply chain, illegitimate parties will find it very hard to inject illegitimate drugs without exposing their actions and, at the same time, creating evidence that can be used against them in their own prosecution. By providing a pedigree at each change in ownership, supply chain buyers will be able to check the authenticity of the full supply chain transaction history provided by the seller, maximizing the likelihood that any suspicious activity would be detected long before a patient would receive the drugs.
But I’m more interested today in exploring a surprising unintended effect of these requirements. I’ve touched on this briefly in past essays but I’ve recently concluded that the implications of these requirements are much more significant than I realized before. This may be the first time in the history of commerce that the value of a large class of physical merchandise will be bound tightly to the availability of a collection of electronic data. That is, if you don’t have the data (the pedigree), the value of the physical merchandise (the drugs) you hold in inventory in California will be zero because you won’t be able to sell one without the other. The value of the drugs will be inextricably bound to the availability of the pedigree data. The theory is, because a wholesaler or pharmacy can’t buy legitimate drugs in California without receiving a pedigree, then if your drugs are legitimate, you will have a pedigree because you couldn’t have bought them in the first place without having received one.
But what if that pedigree data you originally received from your supplier is subsequently lost for some reason? According to the law, you won’t be able to sell or dispense these drugs, so their value drops instantly to zero. Thud! Because the value of the drugs in your California inventory will be totally dependent on your ability to retain and (for wholesalers) supply the pedigree data to your customer, the value of that pedigree data will equal the value of the drugs.
Which pedigree model you are operating under at the time of your data loss will have an important impact on how serious this is. If you are using the GS1 Drug Pedigree Messaging Standard (DPMS) as the basis of your pedigree system (a document-based pedigree model), the data loss could either have been caused by the failure of an IT infrastructure component, a security breach, or perhaps a errant software component—any of which could occur in your systems or in that of your contracted Software as a Service (SaaS) pedigree service provider (if you choose to outsource this service). These are components that would be fully under your control either directly or through contracts.
In this document-based pedigree scenario you should be able to request copies of the lost pedigrees from your suppliers (for your current inventory) and your customers (for inventory you shipped to them in the past). Normally, they would have an exact copy. Rebuilding your pedigree database this way will be very painful, but at least it would be possible to reclaim the value of your current inventory of drugs.
If you are operating under a distributed pedigree system, pieces of the data for your pedigrees would be held by all previous owners of the drugs and all you would hold is the part about your receipt and shipment. To get the full pedigree for a given unit at the time it is needed you would have to query each of the previous owners for their piece of the data and collect them all into a single collection of event data. Under this distributed pedigree system, a data loss could either have been caused by the failure of an IT infrastructure component, a security breach, or an errant software component–any of which could occur in your systems, your SaaS service provider (if you choose to outsource this service), or in those of any one of the previous owners of the drugs. These last components would not be under your control, either directly or indirectly.
In this distributed pedigree scenario, no one will necessarily have a copy of the data you are missing and so there would be no inherent way to reclaim the value of your inventory. In that case, you would permanently lose the inventory involved. If I’m reading the law correctly, once you no longer have a pedigree, you won’t even be able to transfer the inventory to another state (this is subject to your own interpretation of the “transfer” provision, of course).
In the document-based pedigree model the loss of the data could only occur through failure of devices, software or a security breach within systems that you control either directly or through a contract. You have the opportunity, prior to any data loss, to choose to put into place whatever level of IT sophistication you deem is appropriate for holding data that is so important that its total loss could cause your business to fail. For most companies, this would include some very sophisticated and expensive hardware and software with multiple copies in multiple locations and high security mechanisms to ensure against inappropriate access and many other kinds of potential disasters and catastrophes.
But in the distributed pedigree model, your data loss exposure includes devices, software and security breaches within systems that you have no say in because they are owned by companies upstream in the supply chain.
YOU’VE GOT INSURANCE COVERAGE FOR THAT LOSS, RIGHT?
Most companies purchase insurance coverage against losses due to fire, theft or other physical damage to physical merchandise held in their inventories. All of these can result in a partial or total loss of inventory value in a very short period of time. After the effective date of the California pedigree law, pedigree data loss will have the identical effect on value. It is not inconceivable for a single event to cause the loss of all pedigree data for an entire warehouse of merchandise—even multiple warehouses, depending on how the data is stored. This is regardless of the pedigree model in use by the supply chain. Companies should be thinking now about how they are going to mitigate the risk of data loss through the deployment of very robust pedigree IT infrastructure and–for the cases where all else fails–data loss insurance that covers the loss of inventory value as a result… if you can even get it.
This strikes me as remarkable. I have some idea of how an insurance company might evaluate the risk of loss when all of the data is held by the company purchasing the policy or by their contractual service provider when a document-based pedigree model is in use, but I don’t know how they might evaluate the risk of data loss when the necessary pedigree data is held in IT systems that are not in the control of the potential policyholder like it would be in a distributed pedigree model. It seems to me that a distributed pedigree system will be uninsurable against data/value loss.
In that instance, all a company can do will be to only buy products from suppliers who agree to meet their own high level of security and data protection. When parts of your pedigrees are being held by upstream suppliers, their IT practices will become very important to you and to your customers, and their customer’s customers… Perhaps you will need a process to certify the IT infrastructure of your suppliers and their supplier’s suppliers. This could be hundreds, perhaps thousands of companies that would need to be certified, depending on the depth of your upstream supply chain, before drugs can be purchased. The need for certification leads to the need to recertify whenever any upstream supplier switches suppliers. Again, this seems unworkable, particularly for supply chain members who are deeper than the “normal distribution” crowd. (“Normal Distribution” supply chain members typically include the original manufacturer, the first wholesaler and the first pharmacy to own a given drug.)
DOES A DISTRIBUTED PEDIGREE EVEN COMPLY?
Those readers who have followed RxTrace since the beginning know that I have visited this flaw in the distributed pedigree approach several times over the last year. Those essays are worth reviewing. And, you know that I don’t believe a distributed pedigree comes close to complying with the California Pedigree Law in its current state for multiple reasons. Some people from outside the supply chain seem to disagree. The problem raised in this essay shows that a distributed pedigree approach would result in real and unnecessary harm to companies in the pharmaceutical supply chain.