Could This Be Your Future Track & Trace/ePedigree Exchange Solution?

In a recent essay I discussed GS1 Healthcare’s proposed Network Centric ePedigree (NCeP) models that are currently available for review and discussion by the industry.  By the way, GS1 is giving everyone until December 15 to respond to a survey to provide them with your thoughts on the various NCeP models.  To review the videos and respond to the survey click on this link.

In a somewhat related news item, Pharmaceutical Commerce recently published an online article by Nick Basta about the Global Healthcare Exchange’s (GHX) project to build a new prototype for a track and trace data exchange hub called “GHX updates progress on a prototype data exchange for track-and-trace“.  That article was an update to a more in-depth article by Nick about the project from last April in the same online magazine called “Healthcare Exchange Bids for Prototyping a Track-and-Trace System“.  Combined, the two very interesting articles describe the prototype that is now complete and ready for piloting.

In fact, the GHX prototype implements a track and trace event data exchange hub that would allow companies in the pharmaceutical supply chain to store and exchange GS1 EPCIS event data that comprise the full chain of custody for drugs as they move down the supply chain.  Effectively, the GHX prototype implements an NCeP where GHX provides connection pooling and all of the centralized services inherent in the ePedigree model.  Larger companies would probably still want to have their own EPCIS-based applications in-house but it appears to me that smaller enterprises might only need a small data capture application that relies on the GHX service to hold all of their data.

GHX has a lot of experience with receiving, holding and sending sensitive company data between supply chain companies as an Electronic Data Interchange (EDI) exchange ecommerce hub, among many other services, primarily aimed at the U.S. medical/surgical supply chain.  According to the original Pharmaceutical Commerce article the company has an interesting history which has resulted in it being owned today by about 20 different companies who are members of that same supply chain.  A few of them are important members of the pharmaceutical supply chain as well (full disclosure:  one of them is my day-job employer).

Keep in mind, as I pointed out in the essay, “Why GS1 EPCIS Alone Won’t Work For California Pedigree, Part 2”, the GS1 NCeP models are not intended to meet existing ePedigee laws so the GHX service isn’t going to help with any of those today.  The apparent assumption is that the Congress and/or the FDA will embrace one of the GS1 NCeP models and pre-empt the existing state laws in the next year or so and in that case, GHX will be ahead of the game with a service that is designed to handle data volumes in the range of what social media sites like Twitter and Facebook handle.  According to Margot Drees, Director of Corporate Strategy at GHX, the service can already handle a sustained rate of more than 1,000 messages per second and burst rates of more than 5,000 per second.  I’m told they expect to go well beyond those stats in the very near future.  Contact Margot if you want more information.


Pay close attention to what GHX has done with this new prototype and where they end up taking it in the future.  It will likely be significant to the industry.  The GHX prototype turns out to be a cloud-based service that they could mold into one of several of the NCeP models that have been defined by GS1, including either of the two Centralized models and at least one of the Distributed models (maybe more).  The core functions in the GHX prototype are currently setup to implement a Semi-Centralized model but they could fairly easily be tailored to one of the others if future federal regulations turn out to favor one of the others.  See my essay from last spring, “The Viability of Global Track & Trace Models” for more on pedigree models.

Because of their existing ecommerce business, GHX already has over 12,000 companies in the pharma and medical products supply chains connected to their infrastructure, according to one of the Pharmaceutical Commerce articles.  What that means is that the setup costs for those companies to begin using a GHX NCeP could be minimal.  The “pipe” to GHX—and by extension to up to 11,999 of their potential trading partners—already exists in the GHX “community”.  This represents an advantage that would likely give GHX a leg up on any competitive NCeP service provider.

It is also very likely that the companies that are joint member-owners of GHX could be counted on to purchase their future NCeP exchange services from GHX.  Take another look at the list of companies who fall into that category and you will see that they would represent a considerable portion of the transactions that would likely occur under a full, nationwide pedigree requirement.  These are probably the reasons GHX was willing to invest the significant resources it must take to develop a cloud-based service that has the performance capability in the neighborhood of modern social media sites in such a short time.

But there are risks for GHX.  First, what happens if Congress doesn’t enact a nationwide pedigree law that embraces an NCeP approach, or if they take so long to do so that the industry is forced to be ready for the California effective dates first?  While the GHX prototype is only aimed at an NCeP approach right now it may be possible for them to redesign it to help companies store, validate and exchange DPMS pedigrees if the NCeP concept doesn’t take hold.

Another risk is the possibility that the NCeP model that the government and industry settle on could be one of the fully distributed versions that do not have any need for centralized components.  In that case the value of the GHX service would be significantly decreased, but I think they could still attract customers because of the value of the connection pooling service they could offer.  (See my essay, “Impact of RxUSA v. HHS On Future Pedigree Legislation“ for my thoughts on the likely failure of a distributed pedigree model in the U.S.)

Whatever ultimately happens I think GHX is a company to watch.  What do you think?  Leave a comment below and tell us.


I’m planning on making this my last posting for 2011 so I can enjoy the holidays with my family and friends.  I hope you all can do the same.

Keep reading RxTrace in 2012.  A lot is going to happen and I will continue to provide you with my perspectives.  Here is a short list of topics that I am already planning for 2012:

  • FDA UDI proposed guidance
  • The real pro’s and the real con’s of DPMS
  • The complexities of pedigree compliance faced by kit makers
  • More about applying standards to solve pharma supply chain problems
  • A history of pharma supply chain security regulations and technology

Plus, analysis of:

  • Whatever the FDA decides to do about updating their barcode rule
  • Any action taken by Congress on Track & Trace or ePedigree
  • Action by any state on ePedigree
  • Industry preparations for California pedigree compliance



10 thoughts on “Could This Be Your Future Track & Trace/ePedigree Exchange Solution?”

  1. This does nothing to protect the consumer… If the consumer does not have the ability to authenticate with the manufacturer patients rely on the pharmacies/clinics/hospitals who have already shown to buy from questionable sources.

    1. Blah,
      Thanks for your comment. In fact, the GS1 NCeP models that the GHX prototype is based on does a great deal to protect consumers by making it much harder for criminals to inject illegitimate drugs into the legitimate supply chain without being detected. This is a very desirable outcome because, let’s face it, even if American consumers had the ability to authenticate their own drugs, very few actually would bother to do that. Americans are accustomed to low crime and trust in the drugs they receive from their pharmacist. This is one of the big contributors to the quality of life we enjoy here that others around the world should seek to match. If we relax the security of our drug supply chain so that criminals find it easier to scam the system then we may eventually need to let the consumer authenticate their drugs as they do in parts of Africa and elsewhere and costs will go up. That’s a step backward. I discuss the reason those consumer authentication technologies are inappropriate for the U.S. market in the essay “Illegitimate Drugs In The U.S. Supply Chain: Needle In A Haystack”.


  2. I guess if you trust the pharmacies you don’t need consumer authentication, but try and tell that to the diabetics who ended up in the hospital after buying insulin, which was stolen product that ended up back at Kroger’s (major retailer).

  3. Couldn’t GHX effectively gain monopoly hold on pharma supply chain transaction processing under some of the scenarios you have outlined?

    1. CS,
      Thanks for your comment. Yes, you are exactly right that there are several potential scenarios where GHX (or any other single company) could end up holding a monopoly on pharma supply chain transaction processing. I happen to think it is only a very slim chance. Here are the ways I think it could come about:

      Congress/FDA mandates serialization, ePedigree and/or Track & Trace of drugs and…
      A. the mandate is written in such a way that all data must reside in a single industry repository. They would either accept the responsibility for running that repository and then sub-contract the job to GHX (or some other single company).
      B. the mandate leaves it up to the industry to find an implementation. The industry selects the GS1 Centralized Network Centric ePedigree approach as their preference and selects GHX (or some other company) as the service provider.
      C. the mandate allows multiple repositories, but only GHX (or some other single company) offers the service leaving supply chain companies no choice but to put all data into their servers.

      This is one of the reasons why a fully Centralized Network Centric ePedigree (NCeP) model isn’t palatable and I don’t know anyone who actually supports the fully Centralized NCeP model. I don’t think any of the scenarios above will happen. This is exactly why the Semi-Centralized NCeP model is a much better approach. In that model there is no limit to the number of ePedigree repository service providers, yet the data for a single pedigree is always held in only one of those repositories making it easily retrievable and secure. See my essay “The Viability of Global Track & Trace Models” for a discussion of differences between the various models and the benefits of the Semi-Centralized model.


  4. Dirk,

    I was very interested in your essay and the models you show. the North Atlantic Treaty Organization (NATO) has had a central pedigree registry for critical end items and components available since 2009 and the US Dept of Defense has had mandatory policy requiring Item Unique Identification (IUID), see in place, since 2004. What we both quickly realized is managing a centralized data base of all data at the inidividual item level (now some 17+ Million reords) was way to difficult. The model we follow is that only a limited set of pedigree data is hosted centrally, but the data key is the ISO 15459 “Unique Item Identifer (UII)”. As a large customer US DoD buys from manufactures/suppliers from all industry sectors. We had to have a way to allow research and development work in the non-traditional non-medical related fields to co-exist with established commercial medical communities. Typically our developers are not GS1, but rather ANSI MH10 so interoperability is key to maintaining a single physical mark and UII throughout the life of an individual item. A restricted GS1/HIBCC FDA pronoucement would unnecessarily reduce interoperability and result in multiple identifiers assigned to the same item. If a decontamination unit for example was developed by a company using ANSI MH10 data identifiers, they would likely not be members of either GS1 or HIBCC and would therefore supply a UII that would follow the construction rules of ANSI which would not be compatible with GS1 and HIBCC only mandates so in this strict way a new UII would be required when the decontamination unit is transferred to a fleet hospital, thus breaking the chain of identification or requiring long term mapping of multiple identities for zero added value.

    ISO 15459 enables interoperability among GS1 and HIBCC identification contructs, and also ANSI MH10 and the Air Transport Association to be used (the choice is left to the manufacturer) and all users use the UII as the common data key. This key must be a data key stored in the manufacturer databases and the individual instance of an information systems that hosts the detailed and current item level data must be uniquely identified as well using a System Unique Idenfier so that the central registry can point to the data about that item.

    In this way an item originally manufactured by manufacturer/supplier ABC can pass to Government procurer and then on to the ultimate user (e.g. a US Navy Fleet Hospital). If there is a problem at the hospital the ECC 200 Data Matrix encoded using ISO 15435 and ISO 16022 on the delivered item yields the UII based on ISO 15459 which is tied to a record locally and in the central registry which then knows that manufacturer/supplier ABC delivered the item data via a specific information system and further inquiries or updated information can be retrieved from that source. In this way a recall or warning or anything else can be hosted at the source and accessible by anyone in the supply chain and or the customer with the right permissions. Our 8 years of operational experience tell us that keeping information current is best done by the authoritative source closest to the information. In our case the original manufacturing data is at the manufacturer/supplier; acquisition and custody transfers are at the central registry; and current configuration management, maintenance actions, failure data, operational condition, etc. are all hosted at the organizational customer information sysatem just above the soldier/sailor/airman using the item.

    I have no real issue if FDA or the community decides to contract out the central registry function, however I think you’ll find limitations to the currency/accuracy of the data if it is planned to be the single repository of all ePedigree data.


    1. Rob,
      Thanks for your comment. There is so much in it that I can’t do justice in just a reply so I will try to make this a topic of a future essay. However, I will try to comment on a couple of the points I take from you. First, I agree that a single central repository isn’t workable and I’m not surprised that the DoD’s experience bears that out. However, I suspect that the experience of the DoD doesn’t quite match with the experience of a small mom & pop pharmacy so I don’t think you can decide on a drug pedigree track & trace or ePedigree model based solely on that. I have the same argument when people point to Wal-Mart for a supply chain model.

      The problem is, both the DoD and Wal-Mart are classic “800-pound gorillas”. That is, if some supplier isn’t following your rules, its easy for you to squash them. Suppliers live in fear of being squashed by the 800-pounds so they do everything they can to stay in compliance. It’s quite an incentive. But when you apply that to something like the U.S. pharmaceutical supply chain you see that there aren’t any 800-pound gorillas. Even Wal-Mart isn’t one in this supply chain. Neither is the DoD.

      So how do you force compliance? I think you have to have impartial semi-central repositories where buyers in the supply chain can expect to find complete supply chain information about the drugs they are buying and give them the ability to cancel any purchase transaction where the data is incomplete or has some other problem.

      I also wonder if we are talking about the same kind of data. It almost sounds like you are referring to what I call Supply Chain Master Data (SCMD) that the manufacturer offers to describe their products. I’m talking about supply chain history information–where has each unit been as it moved through the supply chain. For that kind of information allowing each prior owner of the drug to hold their part of the supply chain history would get very unwieldy very quickly for small companies to try to collect it all for every drug they buy. In supply chains with an 800-pound gorilla it is probably unusual for material to pass through multiple middle-men before it gets to the gorilla. In the global pharma supply chain there are often multiple middle-men. When one of them has criminal tendencies, you don’t want to give them the opportunity to hold their own supply chain history data because they will use it to scam and hide.

      Watch for more in a future essay and thanks again for your detailed comment.


      1. Dirk,

        I understand your point and yes, their are a couple obvious differences in the two implementations, however the Federal Government including DoD and FDA have an Anti-Counterfeiting Working Group talking the challenge of identification of the risk of counterfeit and the assignment of traceability criteria as well. This effort is co-chaired by DoD, NASA and GSA under the control of the Intellectual Property Enforcement Coordinator at OMB. This report is due out anytime now.

        Clearly you make a good point about traceability of the item throughout its life, but you can’t trace that which you have not uniquely identified. I think the challenge here is providing information to ensure authenticity by all (producer, distributor, retailer, consumer, regulators) without requiring a consumer to directly access a producers system. There are a number of solutions such as the one you propose. Others include the oft discussed “internet of things” perhaps enabled by the use of QRcode that accesses information about concert tickets. The sources of the detailed information may be many and the number of sources does complicate the application.

        I look forward to more dialogue on these incredibly important and currently relevant issues.

  5. See Dirk… Avastin… That’s why patient authentication is needed!!! Can’t trust your doctor or pharmacist!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    1. Blah,
      Thanks for the comment. Sounds like a good topic for a full RxTrace essay. If I can pull one together, make sure you comment on it.


Comments are closed.