California Board of Pharmacy Re-awaken

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.For the first time in over two years the topic of pedigree appears on the agenda of the California Board of Pharmacy for their upcoming meeting on September 7.  Earlier this year in a presentation at the FDA Track & Trace Workshop Board Executive Office Virginia Herald mentioned that the Board would take up the topics of inference, drop shipments, decommissioning and linkage between shipping orders and invoices at a future meeting in 2011.  It’s hard to tell if those will be the actual topics discussed in next week’s meeting because they aren’t called out explicitly.  Here is the item as it actually appears on the agenda:

Discussion on the Implementation of California’s Electronic Pedigree Requirements for Prescription Drugs
a. Overview of the Law
b. Comments of the FDA
c. Presentations and Questions from the Pharmaceutical Supply Chain
d. General Discussion

Perhaps the only new thing about this discussion will center around “b. Comments from the FDA” and the other topics might be covered more directly at a later meeting.  We’ll see.  Keep in mind that the Board is made up of members today who were not on the Board when they last dealt with the pedigree regulation.  The current members will probably need a good introduction to the law and the current state of the standards and the industry before they tackle the intricacies of things like inference, drop shipments and decommissioning.

Those are topics that the Board needs to provide some guidance on, but there are some other very important questions that need to be answered before companies are likely to fully invest in pedigree solutions.  Here I’m referring to both solution providers and companies within the supply chain.

Back in 2007 a subset of the Board analyzed the GS1 Drug Pedigree Messaging Standard (DPMS) to see if companies might be able to use it to comply with the law.  Generally the Board members present at that meeting felt that the standard appeared to include features that the industry could use to comply with the law.  Of course, use of DPMS does not automatically guarantee compliance, but the takeaway by those present (myself included) was that DPMS could be used to comply with the law if you applied it appropriately as specified in the law.

Since that time, nothing has really changed with DPMS, but there have been efforts within GS1 Healthcare and GS1 US Healthcare to come up with an alternative way to comply with the law using GS1’s Electronic Product Code Information Services (EPCIS) standard.  What is needed is for the Board to analyze those approaches in a similar way to see if they too might be used by supply chain participants to comply with the law.  Without that kind of analysis by the Board it would be risky for companies to invest in solutions that are based solely on EPCIS.


There are a number of novel ideas for producing a wide-spread pedigree system based on the EPCIS standard, but which ones would allow end-users to comply?  It would help to know the answers to the following questions.

Consider a hypothetical transaction where a hospital pharmacy is in desperate need of some cancer treatment drug that is on the FDA shortage list.  In a stroke of “good luck” the pharmacy finally finds a source through a fax they recently received from a newly licensed distributor in their area.  The drug is delivered by a courier who hands the pharmacy manager a USB thumb drive that contains a pedigree file that contains the  following information in a single EPCIS Shipping event:

WHO:  a 13-digit number
WHAT:  a 14-digit number representing the Serialized Global Trade Item Number (SGTIN) of the case that was delivered
WHEN:  a timestamp representing the date and time of the shipment
WHY:  “shipping”
SHIP TO:  a different 13-digit number recognizable as the hospital’s GS1 Global Location Number (GLN)
SOURCE EPCIS:  an internet address (URL)
CERTIFICATION:  a digital signature that spans the above information

Some of the questions are:

  1. Has the seller fulfilled their requirement to provide a pedigree to the buyer?
  2. Has the hospital fulfilled their requirement to receive a pedigree from the seller?
  3. Has the seller provided the necessary certifications?
  4. What if the file were transmitted to the hospital through a more conventional EPCIS-to-EPCIS connection?
  5. What if the buyer is able to use the case SGTIN contained in the “WHAT” field and the URL contained in the “SOURCE EPCIS” field to find and collect the Aggregation event that includes the SGTIN’s of all of the units inside the case and then collects the Supply Chain Master Data (SCMD) that describes the drug for those units through some separate mechanism like GS1’s Global Data Synchronization Network (GDSN), and they are also able to find and collect the Commission events of the units that contain the lots and expiration dates of the units in the case?
  6. What if the buyer is able to use the contents of the “WHO” field of every one of the events obtained in question 5 above to find and collect the SCMD that describes the seller and all previous owners through another separate mechanism like GS1 US’s GLN Registry for Healthcare?
  7. What if, instead of the steps in questions 5 and 6 the buyer was able to supply the entire shipping event received from the buyer to a certified third-party service that performed all of the data collection described in questions 5 and 6 and simply returned a list of the unit level SGTIN’s contained in the case, each with a pass/fail flag to indicate the status of their pedigrees, but the buyer routinely never actually receives or sees all of the information unless a separate request is made for the entire supply chain history for those units?

Lots of companies seem to want to use EPCIS to comply with pedigree regulations but there are so many ways the standard could be applied it is hard to know which way to go unless they know that the results will allow them to comply.  And they need to know soon to allow time for standards organizations to draw up standards and/or guidelines and solution providers to produce applications in time for supply chain companies to evaluate, buy, deploy and test them.   Now that the California Board of Pharmacy is about to begin to discuss their pedigree regulation again, maybe now is the time.


3 thoughts on “California Board of Pharmacy Re-awaken”

  1. Dirk,

    Uh oh, here comes the CA Board of Pharmacy!

    If CA pedigree becomes a regulatory burden for pharmacies, then I wonder how much of the market will shift to unauthorized gray market channels to avoid the headaches. Last time I checked, at least one major pharmacy trade associations is still opposed to serialization and track-and trace–at least as of March 2011:

    Or maybe the CA BoP is hoping the FDA will ride to the rescue and get CA out of the pedigree business entirely?

    Appreciate your $0.02.


    1. George,
      I was unable to attend but I’ve heard from multiple people that all of the agenda time was spent educating the new board members about the current law and some of the history. Watch for pedigree issues to become a routine part of every California BoP meeting from here on. Hopefully they will provide more detail in their future agendas about the exact topic(s) to be discussed.


Comments are closed.