The debate over pedigree regulatory models in the U.S. pharmaceutical supply chain often centers around how much data for each package of drugs needs to be moved between trading partners as those drugs move down the supply chain from the manufacturer to distributor(s) and ultimately to the pharmacy. The ideal model would minimize the amount of data moved yet always allow each member of the supply chain to check the prior history—the pedigree—of the drugs they are about to buy.
At a superficial level this appears to be all you need to do, but when you take a closer at the details of how the supply chain actually works in the U.S. you will see that there are other characteristics besides data volume per package that need to be considered.
FOUR VIEWS OF THE U.S. SUPPLY CHAIN
In the debates and discussions over pedigree regulatory models we are used to seeing a view of the supply chain that shows one manufacturer, one distributor and one pharmacy. That view masks so much important complexity that if we were to select a regulatory model or solution based on that view it would be far from ideal.
Here is a view of the supply chain where the vertical scale shows something closer to the true proportions between those three segments. (Click images to enlarge.)
The most striking thing about this view is that it shows how few distributors there are compared with the number of manufacturers and especially compared with the number of pharmacy delivery points. If you would take the total volume of drugs that pass through this supply chain in a given year and divide it evenly among each of the entities in each segment you would find that the percent of product that the average distributor handles is much higher than that of the average manufacturer and would be huge compared with that of the average pharmacy. Of course, the reality is much different–some handling more product and some handling much less than the average–because the sizes of the companies in the supply chain vary widely.
Now let’s take a magnified look at the immediate view of the supply chain from the perspective of an average drug manufacturer.
Manufacturers typically want to maximize the availability of their products to all licensed pharmacies in the U.S. so they work to setup and maintain connections with as many licensed distributors as they can handle. The largest manufacturers deal with most or all of the roughly 70 distributors in the U.S. Of course, there is bound to be some selectivity by smaller manufacturers but probably not as much as you might find with many non-commodity consumer products.
Now let’s take a magnified look at the immediate view of the supply chain from the perspective of an average pharmacy.
The great majority of drugs dispensed in U.S. pharmacies are initially sold by the manufacturer to a distributor, who then sells them to the dispensing pharmacy. Pharmacies typically only buy their drug supplies from a small number of the distributors. In fact, most have a single primary distributor and a small number of secondary sources which they usually order from only when their primary supplier is out-of-stock of a given drug that they need.
This is even true of chain pharmacies, although these companies maintain their own internal distribution networks and the largest chains are big enough to buy the highest volume drugs directly from the manufacturers. This is an important exception when considering pedigree models, although even these pharmacies buy a large number of lower volume drugs from distributors.
Now let’s take a magnified look at the immediate view of the supply chain from the perspective of an average distributor.
Distributors are at the center of the typical drug supply chain for most drugs in the U.S. To offer a complete catalog, the typical pharma distributor buys their stock from many of the 1,400 manufacturers. The larger the distributor, the more likely they are to buy from most if not all of these manufacturers.
The typical distributor sells to a large number of pharmacies, whether as a primary source or as a secondary source. The number of pharmacies that a given distributor sells and delivers to is one of the primary components in the determination of how “large” they are. The three largest distributors each sell and deliver to tens of thousands of pharmacies.
PEDIGREE IMPLICATIONS OF THE FOUR VIEWS
These four views of the supply chain expose an implication about the various pedigree models that wouldn’t be obvious if you only looked at the simple three-trading-partner view of the supply chain. Because some data would need to move somewhere in all pedigree models, these views can help us evaluate those movements.
In the drawings I refer to “connections” between trading partners. These refer to direct business relationships, but they can also refer to data connections in any model that requires data to be passed directly from seller to buyer. For example, the basic model defined by the GS1 Drug Pedigree Messaging Standard (DPMS) would need to pass data along these connections.
Distributed pedigree models like those that make use of GS1’s Electronic Product Code Information Services (EPCIS) standard would also need to pass data along these connections. But in these models, each downstream trading partner would also need to communicate directly with every prior owner of the drugs they buy.
For example, each pharmacy would need to have a data connection to each of the manufacturers that made the drugs that they received, even those they bought from one of the distributors. You can see that the number of connections that a given pharmacy would need to deal with would become much greater than just the small handful they would need to deal with in a DPMS model.
On the other hand, Centralized and Semi-Centralized models would not need to pass data along these connections because in these models each trading partner communicates directly with a relatively small set of pedigree data repositories. See my last essay, “The Viability of Global Track & Trace Models”.
One common thread between all current pedigree model solutions under consideration in the U.S. right now is their use of Applicability Statement 2, or just AS2, for the secure transmission of data between entities. AS2 is already in use within the U.S. pharma supply chain for the exchange of EDI (Electronic Data Interchange) documents, but not all companies make use of EDI and not all companies have AS2 capability. Few pharmacies do.
As used today in the supply chain, each AS2 connection has a setup cost which entails, among other things, exchanging encryption keys between the parties. For every pharmacy to do this with every pharma manufacturer, as would apparently be needed in a distributed pedigree approach, is almost inconceivable. Once set up, keeping up with the changes stemming from mergers and acquisitions activity alone would be a reoccurring nightmare for any company, including the largest distributors and chain pharmacies.
But now look at it from the perspective of a pharma manufacturer who, in a distributed pedigree environment would have to deal with an AS2 connection to every single pharmacy that buys their drugs–up to 166,000 of them–and you can see how unreasonable and impractical this is.
THE COMPLEXITY OF CONNECTIONS MUST BE MINIMIZED
A single AS2 connection is not overly complex as long as you understand the technology and make an investment in the right software to handle it for you. Once you have the software, a few dozen connections are reasonable to deal with if you have an IT person who can handle their setup and maintenance. Setting up and maintaining a thousand AS2 connections would be a major complexity. Clearly, any viable U.S. pedigree model must keep the number of AS2 connections that any given company must deal with to a minimum.
DPMS does a better job of minimizing the number of AS2 connections than a distributed pedigree model based on EPCIS. The Centralized model would limit the number to just one per company regardless of supply chain segment, and the Semi-Centralized model could also limit the number to just one per company if a connection service provider is used.
A POSSIBLE ALTERNATE APPROACH
The reason AS2 connections are used in all of the pedigree models under discussion is that they all need a means to authenticate the sender and receiver of the pedigree messages/data. EPCIS “events” are nothing more than XML documents that conform to the GS1 EPCIS specification. These XML document have no protective mechanism that prevents them from being modified without detection along the way from point A to point B. AS2 provides that protection. Any model that relies on EPCIS event exchange or posting to a repository absolutely must make use of AS2, or something equivalent, to transport the data.
DPMS pedigree documents are also XML documents that follow the GS1 Ratified Pedigree specification, but that specification requires the pedigree information to be wrapped, within the document itself, with digital signatures as the way of protecting them from undetected modification during transmission. These signatures also give pedigrees of this type the property of “non-repudiation”, which means that the author cannot deny that they generated or updated them.
The net effect of these digital signatures in DPMS pedigrees is that it is not absolutely necessary that they be transmitted via AS2. In fact, DPMS pedigrees are self-secure. You could hand over a DPMS pedigree on a thumb-drive directly to a known criminal and let them hand deliver it to a buyer of drugs a week later, and still trust that the buyer could easily determine that the pedigree was either still untouched and valid, or tampered with and therefore not valid.
So to reduce the complexity of all those connections, perhaps what we should be working on is a way of transmitting DPMS pedigrees without using AS2.
How about sending them as simple email attachments? Email is a simple point-to-point transmission of data that is fairly reliable these days, as long as you don’t need any significant security. Since DPMS pedigrees are already self-secure, it seems like an almost natural fit. You would never want to do that with EPCIS events because they are not self-secure, and there’s one of the differences between the two types of models.
But there’s a problem with this approach. DPMS pedigrees, while self-secure against undetectable tampering and repudiation, are not encrypted, so the criminal in my example above would be able to read the Standardized Numeric Identifiers (SNI’s) included in the pedigree. That would allow the criminal to generate counterfeit product that use the same SNI’s that are known to be real. That’s one step that makes a lot of people uncomfortable.
Encryption is another optional feature of AS2. Email attachments can optionally be encrypted too. Unfortunately encryption of data in email requires the exchange of digital “keys” in advance of transmission just like AS2. Encrypting the DPMS attachments in email would require something akin to the setup and maintenance of an AS2 connection. So this approach to eliminating the use of AS2 in the DPMS model probably won’t work.
Do you see any solution to massive number of AS2 connections that would be necessary in a distributed pedigree approach? Without a solution, the Centralized, Semi-Centralized and even DPMS models look more practical. Submit a comment below.