“…[C]ommencing on July 1, 2016, a wholesaler or repackager may not sell, trade, or transfer a [prescription] drug at wholesale without providing a pedigree.
…[C]ommencing on July 1, 2016, a wholesaler or repackager may not acquire a [prescription] drug without receiving a pedigree.
…[C]ommencing on July 1, 2017, a pharmacy may not sell, trade, or transfer a [prescription] drug at wholesale without providing a pedigree.
…[C]ommencing on July 1, 2017, a pharmacy may not acquire a [prescription] drug without receiving a pedigree.”
With these words the State of California introduced a significant change to the way the pharmaceutical supply chain works (see section 4163 of the California Business and Professions Code) and has written a new page in the history of commerce. It brings pharmaceutical commerce fully into the computer age. Adam Smith would not recognize it. Today, and up to the effective dates of these provisions, the value of a legitimate pharmaceutical in the legitimate U.S. supply chain is determined by the physical condition of the product and its package. After July 1, 2016, the value of a legitimate pharmaceutical in the supply chain in California will be determined by the combination of the physical condition of the product and its package, and the sellers ability to provide the buyer with an electronic pedigree.
The intended effect of this new regulatory requirement is to place a significant roadblock in front of counterfeiters, diverters and others who would try to scam patients and the legitimate participants in the supply chain. This is a noble cause. By requiring sellers to provide buyers with a pedigree at each change in ownership in the supply chain, illegitimate parties will find it very hard to inject illegitimate drugs without exposing their actions and, at the same time, creating evidence that can be used against them in their own prosecution. By providing a pedigree at each change in ownership, supply chain buyers will be able to check the authenticity of the full supply chain transaction history provided by the seller, maximizing the likelihood that any suspicious activity would be detected long before a patient would receive the drugs.
But I’m more interested today in exploring a surprising unintended effect of these requirements. I’ve touched on this briefly in past essays but I’ve recently concluded that the implications of these requirements are much more significant than I realized before. This may be the first time in the history of commerce that the value of a large class of physical merchandise will be bound tightly to the availability of a collection of electronic data. That is, if you don’t have the data (the pedigree), the value of the physical merchandise (the drugs) you hold in inventory in California will be zero because you won’t be able to sell one without the other. The value of the drugs will be inextricably bound to the availability of the pedigree data. The theory is, because a wholesaler or pharmacy can’t buy legitimate drugs in California without receiving a pedigree, then if your drugs are legitimate, you will have a pedigree because you couldn’t have bought them in the first place without having received one.
But what if that pedigree data you originally received from your supplier is subsequently lost for some reason? According to the law, you won’t be able to sell or dispense these drugs, so their value drops instantly to zero. Thud! Because the value of the drugs in your California inventory will be totally dependent on your ability to retain and (for wholesalers) supply the pedigree data to your customer, the value of that pedigree data will equal the value of the drugs.
Which pedigree model you are operating under at the time of your data loss will have an important impact on how serious this is. If you are using the GS1 Drug Pedigree Messaging Standard (DPMS) as the basis of your pedigree system (a document-based pedigree model), the data loss could either have been caused by the failure of an IT infrastructure component, a security breach, or perhaps a errant software component—any of which could occur in your systems or in that of your contracted Software as a Service (SaaS) pedigree service provider (if you choose to outsource this service). These are components that would be fully under your control either directly or through contracts.
In this document-based pedigree scenario you should be able to request copies of the lost pedigrees from your suppliers (for your current inventory) and your customers (for inventory you shipped to them in the past). Normally, they would have an exact copy. Rebuilding your pedigree database this way will be very painful, but at least it would be possible to reclaim the value of your current inventory of drugs.
If you are operating under a distributed pedigree system, pieces of the data for your pedigrees would be held by all previous owners of the drugs and all you would hold is the part about your receipt and shipment. To get the full pedigree for a given unit at the time it is needed you would have to query each of the previous owners for their piece of the data and collect them all into a single collection of event data. Under this distributed pedigree system, a data loss could either have been caused by the failure of an IT infrastructure component, a security breach, or an errant software component–any of which could occur in your systems, your SaaS service provider (if you choose to outsource this service), or in those of any one of the previous owners of the drugs. These last components would not be under your control, either directly or indirectly.
In this distributed pedigree scenario, no one will necessarily have a copy of the data you are missing and so there would be no inherent way to reclaim the value of your inventory. In that case, you would permanently lose the inventory involved. If I’m reading the law correctly, once you no longer have a pedigree, you won’t even be able to transfer the inventory to another state (this is subject to your own interpretation of the “transfer” provision, of course).
In the document-based pedigree model the loss of the data could only occur through failure of devices, software or a security breach within systems that you control either directly or through a contract. You have the opportunity, prior to any data loss, to choose to put into place whatever level of IT sophistication you deem is appropriate for holding data that is so important that its total loss could cause your business to fail. For most companies, this would include some very sophisticated and expensive hardware and software with multiple copies in multiple locations and high security mechanisms to ensure against inappropriate access and many other kinds of potential disasters and catastrophes.
But in the distributed pedigree model, your data loss exposure includes devices, software and security breaches within systems that you have no say in because they are owned by companies upstream in the supply chain.
YOU’VE GOT INSURANCE COVERAGE FOR THAT LOSS, RIGHT?
Most companies purchase insurance coverage against losses due to fire, theft or other physical damage to physical merchandise held in their inventories. All of these can result in a partial or total loss of inventory value in a very short period of time. After the effective date of the California pedigree law, pedigree data loss will have the identical effect on value. It is not inconceivable for a single event to cause the loss of all pedigree data for an entire warehouse of merchandise—even multiple warehouses, depending on how the data is stored. This is regardless of the pedigree model in use by the supply chain. Companies should be thinking now about how they are going to mitigate the risk of data loss through the deployment of very robust pedigree IT infrastructure and–for the cases where all else fails–data loss insurance that covers the loss of inventory value as a result… if you can even get it.
This strikes me as remarkable. I have some idea of how an insurance company might evaluate the risk of loss when all of the data is held by the company purchasing the policy or by their contractual service provider when a document-based pedigree model is in use, but I don’t know how they might evaluate the risk of data loss when the necessary pedigree data is held in IT systems that are not in the control of the potential policyholder like it would be in a distributed pedigree model. It seems to me that a distributed pedigree system will be uninsurable against data/value loss.
In that instance, all a company can do will be to only buy products from suppliers who agree to meet their own high level of security and data protection. When parts of your pedigrees are being held by upstream suppliers, their IT practices will become very important to you and to your customers, and their customer’s customers… Perhaps you will need a process to certify the IT infrastructure of your suppliers and their supplier’s suppliers. This could be hundreds, perhaps thousands of companies that would need to be certified, depending on the depth of your upstream supply chain, before drugs can be purchased. The need for certification leads to the need to recertify whenever any upstream supplier switches suppliers. Again, this seems unworkable, particularly for supply chain members who are deeper than the “normal distribution” crowd. (“Normal Distribution” supply chain members typically include the original manufacturer, the first wholesaler and the first pharmacy to own a given drug.)
DOES A DISTRIBUTED PEDIGREE EVEN COMPLY?
Those readers who have followed RxTrace since the beginning know that I have visited this flaw in the distributed pedigree approach several times over the last year. Those essays are worth reviewing. And, you know that I don’t believe a distributed pedigree comes close to complying with the California Pedigree Law in its current state for multiple reasons. Some people from outside the supply chain seem to disagree. The problem raised in this essay shows that a distributed pedigree approach would result in real and unnecessary harm to companies in the pharmaceutical supply chain.
A solid analysis, Dirk. However, I will be amazed if California actually implements this law. The Board of Pharmacy wasn’t prepared in 2008. Given California’s budget crisis, I doubt they will be ready in 2015.
Back in 2008, the CA Board of Pharmacy was planning to increase its budget by only 2.5% (!) and add no new positions when it implemented e-pedigree in 2009. Judith Nurse, Supervising Inspector at the CA Board of Pharmacy, made the following comment in February 2008: “We do not want to be the pedigree police.” I asked Ms. Nurse the following question in 2008: “It seems likely that many manufacturers and wholesalers will not be able to comply with the pedigree laws by January 1, 2009. What contingency plans has the Board of Pharmacy prepared to handle such a situation?” Ms. Nurse replied: “We have not developed any contingency plans.”
Yikes! Amateur hour all the way.
I’m sure the folks in California are praying for federal preemption. I know that I am!
Adam
Adam,
Thanks for the comment and the interesting background information. I really do appreciate your perspective, but it’s interesting to compare it with perspectives from those who are inside the supply chain. The law is enacted and on the books. It would take action by the California legislature to NOT implement it. As part of the 2007-2008 industry clamor against the 2009 effective date, many large companies committed to being prepared if they would just push it out to January 2011, which they did, right before the legislature pushed it to 2015-2017. For the most part, I think most of those companies are probably on target to make those dates, but we’ll see. Most companies did not make any commitment.
As for the need for the Board of Pharmacy (BoP) to staff-up to be ready for the deadline, I suspect that they would count on the industry to self-report problems so it’s not likely they would need an army of inspectors. Supply chain buyers are required to receive a valid and complete pedigree for every unit they purchase. If they don’t get one, the drugs can’t be sold so they have no value. The buyer is going to demand to receive a pedigree or will send the drugs back and refuse the invoice. No state inspector or BoP involvement necessary. This is what I have coined the “Deputized Supply Chain” . A supply chain that self-monitors, self-regulates and self-reports when necessary. It’s a very neat way to auto-enforce conditions like a pedigree requirement. The BoP doesn’t need to see all the pedigrees. They just need to make a big deal out of any drugs they do find that made it through the supply chain without a pedigree. You can bet that will make companies demand that they receive clean pedigrees from their suppliers.
I’m sure you’re right, they will need a few more people to make it work, and they will need some laptop computers that are capable of validating electronic pedigrees so they can properly inspect. I also think you are right that the BoP is praying for federal preemption. I think the question is, will the Congress and the FDA be as clever as California was by adopting a self-regulating approach?
Dirk.
Dirk, Great post as ever.
I wonder if the importance of reverse logistics will increase in this scenario? One of the ways out of the situation you describe is to send non-pedigreed product back to the manufacturer to be checked for authenticity so it can be “born again” (albeit within the original expiry date) before sending it back with a clean pedigree.
Eeven if all business partners agree, this is not really a practical proposition in bulk, and creates an greater fraud opportunity for someone to scam the returns system. I think that in practise the importance of sensory (yes/no) authentication features to back up the digital pedigree will become ever more important. Some flexibility will be needed in dealing with lost pedigrees because, as you point out, a rigid interpretation of the California statute creates liabilities that cannot easily be addressed.
I’ve thought for while that there may soon be a space for a new business model, with insurers parnering with supply chain security providers to provide insurance-linked authentication. Safer product equals lower corporate liability premiums.
The product security field is ripe for a disruptive technology to come along. Since RFID is perpetually 5 years away, maybe the first innovation will be in business processes.
Mark,
Great comments about the opportunities for innovation in insurance offerings related to authentication/pedigree models. I love your point about RFID being perpetually 5 years away. That’s so true.
I’m not so sure I agree with your thoughts on reverse logistics and the ability or willingness of manufacturers and regulators for rejuvenating product that was the subject of a pedigree loss. The point of a pedigree is to give the next buyer in the supply chain an indication of how many places the drugs have been before they bought them. Drugs that have gone through one or more shipments that include a pedigree loss, then get shipped back to the manufacturer and then shipped out through the supply chain again, without including all the record of their previous “life” in the supply chain might not be as desirable to a buyer, even if the manufacturer says they vouch for them. Would an insurance carrier want to cover that liability?
Dirk.
Dear Dirk,
Thanks for another great post. The final pedigree solution would probably become a hybrid of document-based and network-based approaches.
In the distributed pedigree, just because we can fetch pedigree information anytime, doesn’t mean that we should always fetch them on demand, and to discard the results after use. The distributed pedigree model, gives flexibility for asynchronous delivery of physical goods and its electronic data.
A simple example can be mail servers today. There usually is a web interface to access emails, as well as POP/IMAP interface, which downloads local copies of the messages. In the event that the mail server is inaccessible or a glitch deletes the account. The locally cached messages would remain intact; while the web interface might not have access to that information any longer.
One way that distributed pedigree could work, is that when an item is received, the industry’s Discovery Services instance would be queried with the item’s identifier. A list of pedigree information resources would be returned, subject to resource owner’s authorization. Then each information resource would be individually queried and any pedigree information obtained would be cached locally. At this stage, the cached pedigree information need to be consolidated and any gaps in its history are identified. Then a standing-query could be submitted to the Discovery Services instance, to notify the custodian of any new pedigree information resources that become available. The items that have full pedigree information can be shipped immediately and the items with gaps in their pedigree history, are held back. If the standing-query subscriptions haven’t provided the full pedigree (after a set duration), then payment on invoices for those items is held back until that information has become available and cached by the current custodian.
The above approach would address the issue with latency in information propagation inside and outside of an organization. Also it would address the variability in data retention policies across different organizations.
Best Regards,
Ali
Ali,
Thanks for your comment and ideas. It is very possible that a better pedigree solution would be a combination of the document and network-centric approaches. We need to keep discussing the pros and cons of each design idea. One problem is that we have existing laws and then we may have a new federal law, but no one knows what it might end up being. Many people want to propose “better” solutions to those who might develop a new law, but before any idea is adopted I hope it is analyzed carefully to ensure that it will have the desired effect. That is, it actually makes the supply chain safer while minimizing additional costs.
Your comments on caching data that was initially distributed would result in a non-distributed model, which I think is an improvement. It’s hard to withhold payment to suppliers who fail to provide a pedigree by the time you are ready to ship the drugs because the time separation between receiving and shipping can be well beyond the time you are invoiced by your supplier. You would have to get their pedigree information before the invoice was due. I think it makes more sense to expect to receive their pedigree information as soon as you receive the drugs, like the California law requires.
Dirk.
Hi Dirk,
Under normal circumstances, a company should have all the pedigree data shortly after receiving the product. However we do not want to slow down the supply chain, because of latency in information propagation.
Right now goods are exchanged for money. To streamline the process, companies build credit, and they have 30 days to pay their invoices. When I place an order, there is an estimated delivery time, and I am expected to pay my my invoice within a set time period. There are still cases of companies not paying their invoices, however we don’t slow down the supply chain for that. It is simply cost of doing business.
If these two fundamental elements of trade are not in exact synchronization, why should we expect the pedigree information to be any different?
The proposal is to add pedigree information to the mix, so goods plus information are exchanged for money. We would treat information the same way goods and money are treated today. There would be a pedigree rating that a company would assign based on its contractual agreements with suppliers. If a supplier doesn’t meet its obligations for providing pedigree information, then its pedigree rating would drop. This process would be internal to each company and it would be part of their risk management.
The same way a company needs to manage its inventory and cash flow, it would need to manage its information flow as well. We won’t need to invent new procedures, just to copy the existing processes for cash & inventory balancing and adapting it for pedigree information, on per supplier basis.
Regards,
Ali