I did not participate in the development of the Pharmaceutical Traceability Enhancement Code (RxTEC), a proposed Congressional bill that was created by the industry lobbying group known as the Pharmaceutical Distribution Security Alliance (PDSA). In fact, while I was aware that a group had been formed last year I wasn’t aware that they were working on drafting an actual proposed bill until their discussion draft (dated February 27, 2012) appeared on the internet about 10 days ago. I first saw it on Ed Silverman’s Pharmalot blog.
I also saw a presentation by one of the members of the PDSA last week that touched on the RxTEC proposal. It was characterized as a “stepping-stone” to full traceability in the U.S. supply chain someday down the road. In other words, the PDSA apparently means that their RxTEC proposal isn’t the final destination but it is only the first step toward that ideal. At least, that’s how I interpreted that “stepping-stone” comment.
PLATEAUS OF SECURITY
Now this is a concept that is familiar to me. In fact, as an idea stripped of all of the RxTEC-specific details, it is identical to the idea beneath the approach I proposed in a pair of RxTrace essays last May and June called “Plateaus of Pharma Supply Chain Security” and “SNI’s Are Not Enough In a Plateau-Based Supply Chain Security Approach”.
This single underlying idea originates, on both accounts, from the fact that the amount of illegitimate activities within the U.S. supply chain is really quite small compared with the rest of the world (see my essay, “Illegitimate Drugs In The U.S. Supply Chain: Needle In A Haystack”), and to reduce it further will take significant and carefully thought out investments. It would be very easy to throw money at this problem, but there are lots of very costly potential “solutions” that wouldn’t have any impact at all on the problem. The goal must be to have the most positive impact on the problem using the least investment necessary.
In my “plateau” essays I proposed that the best way to achieve improved supply chain security without bankrupting companies and/or causing supply disruptions was to produce a roadmap that included a series of “plateaus of security”—a concept that is identical to “stepping-stones”. I envisioned that the success of this approach would be measured by the following outcomes:
- Criminals cannot introduce illegitimate drugs into the legitimate supply chain without being detected well before patients are threatened;
- Criminals who attempt to scam the system are more easily identified and more easily prosecuted using evidence produced by the new system;
- Legitimate supply chain members can quickly and clearly differentiate between likely criminal activity and innocent unintended errors;
- The number of businesses in the supply chain who enter bankruptcy as the result of the additional compliance costs is minimized;
- The cost added to finished pharmaceuticals delivered to patients as the result of the new complexity is minimized.
I proposed that a properly defined system would have the entire roadmap defined from the beginning so that solution providers could work on the next plateau/stepping-stone prior to any deadline to ensure that it could be reached with the least expense. One problem with the RxTEC proposal is that it only identifies the first stepping-stone. It is unlikely that outcomes 1, 2 or 3 will be achieved after the first step/plateau/phase of any multi-phase approach, not just RxTEC.
One important feature of my plateaus idea was that the dates for every plateau would not need to be defined at the beginning. In fact, if the success criteria were met at any plateau prior to the final plateau, there would be no need to continue to the next one unless and until it was found that criminals were able to circumvent the safeguards in the current one. For that reason, the deadlines and even the technology for the later plateaus would not need to be carved in stone from the beginning. Only the concept of the later plateaus would need to be defined at the beginning.
The goal would be to protect patients and the supply chain with mandates that require the least investments and only those that are absolutely necessary to achieve that protection. Of course if companies find a non-compliance-related benefit by moving to later plateaus before it might be necessary for security reasons, they may move forward voluntarily.
EVEN MORE AGREEMENT BETWEEN RxTEC AND RxTRACE
Even when you look at the details, the RxTEC proposal shares some of those that I included in mine. For example, the RxTEC data that would be encoded on each drug package includes the SNI, lot and serial number. I made the point that if you aren’t going to move to a full track & trace or ePedigree system for a period of years after the first plateau then you would really need to include the lot and expiration date on each package so that you could get some benefits from that first plateau. Here’s how I put it:
“If you were to do a big bang going from zero to full supply chain ePedigree system in a short period of time (like in 2 ½ years as the current California Pedigree Law does), all you would really need are GS1 SGTIN’s (Serialized Global Trade Item Numbers) to fulfill the SNI requirement (see my essay “FDA Aligns with GS1 SGTIN For SNDC“). That’s because, in this instance, everyone is going to have some kind of repository that would be able to tell them everything they need to know about a given unit of drugs, all keyed off of that SNI.
“But if you imagine that my plateaus idea were to be implemented, it would take a number of years between the time that all drugs contain SNI’s and the time when a full pedigree or track & trace system is fully operational. During the time of the interim plateaus, especially the first few, all any company would have is the SNI’s that they read off of each package of the drugs they handle. There would be no data repository containing information about the drugs and no data exchanged.”
“What would be very helpful on each package of drugs is the lot number and expiration date in addition to the SGTIN—not as optional data elements, but everyone would need to supply them. With these three data elements—readable by electronic reading equipment—on every drug package, big benefits would start right away in the first plateau without any data repository or communication needed. These includes:
- Efficient SGTIN-based recall execution;
- Efficient full-lot-based recall execution;
- Efficient stock rotation based on expiration dates;
- Efficient SGTIN-based stolen product monitoring.”
“At some point I think we will see the addition of more information on drug packages than just the NDC and serial number in electronic-readable form, no matter if my ‘plateaus of security’ concept is ever picked up or not, but the timing is hard to tell. Without those additional data elements the industry will be forced to implement a full ePedigree or Track & Trace system to get any value out of the SNI’s, something that more and more people are opposed to as they see what it will cost.”
The PDSA seems to agree with that. The RxTEC proposal also includes increased penalties for drug counterfeiters, something I also proposed in my essay last November that I called “STEP #1: Raise Penalties For Drug Crimes To Reflect The Widespread Harm They Can Inflict”. Fortunately the U.S. Senate passed (unanimously!) last week a bill that would do just that.
BUT RxTEC GOES WELL BEYOND RxTRACE
RxTEC includes a number of features that go well beyond anything I have ever proposed. It is a kind of a “catchall” of pet changes to pharma regulations that members of the supply chain would like to see done—some of them for quite a while now. Here is a partial list:
- Interim pedigree provisions similar to those that were proposed in the failed Buyer Matheson ePedigree bill proposed last year. This “pedigree” for an authorized distributor of record (ADR) is simply a statement printed on their invoices that says that the drugs were purchased from the manufacturer. Distributors who are not ADRs would have to provide
“…a statement, whether in paper or electronic form, identifying each wholesale distribution of such prescription drug, back to the manufacturer or to the [ADR] for such prescription drug…”
See the RxTEC proposal for additional provisions and the details. The interim pedigree provisions would take effect six months after enactment and would last until the RxTEC system is required, six years after enactment. This approach seems to address the argument that was at the center of the RxUSA v. HHS court challenge. (See my essay, “Impact of RxUSA v. HHS On Future Pedigree Legislation”.) However, the use of the term “paper” for a pedigree seems like a step backward to me.
- Federal licensure of wholesale distributors of drugs in a way that complements and standardizes existing state licensing. Effective six months after enactment.
- Federal licensure of Third-Party Logistics (3PL) providers, drug manufacturers and drug repackagers. Effective six months after enactment.
- Electronic drug information (referred to as “E-Labeling” in the proposal) that would require drug manufacturers and repackagers to replace today’s paper “outsert” drug information sheets with electronic versions. Effective one year after enactment. This is a great idea and it should be combined with a requirement for the development of a standardized lookup service(s) (an “app for that”) so that medical professionals and patients can simply scan the SNI on their cell phone, tablet or computer and they would be presented with the electronic drug information.
- Stiffer requirements for online pharmacies to help reduce the incidence of illegitimate online drug selling. Effective between six months and one year after enactment. This is a very noble attempt to address the problem of illegitimate online drug sellers which is a much bigger problem today than the problem of illegitimate drugs in the legitimate supply chain. I hope it has the desire effect.
- Formalized creation of a Pharmaceutical Distribution Chain Community group that would allow the industry to make recommendations to the FDA related to supply chain safety, security and RxTEC implementation. It seems like the PDSA is trying to build themselves directly into the FDA as a branch with the power to insert text into the Federal Register and on the FDA’s website. On the surface it sounds like a good idea as a mechanism that would allow the FDA to consult with industry, but I think it would go too far in providing the industry with special influence within the FDA and could jeopardize the patient advocacy mission of the FDA.
THE PROBLEMS WITH RxTEC
RxTEC is far from perfect. That’s not surprising considering that it was developed by a committee of people from organizations with widely diverse interests. I’ve been in those situations before and I know how the result can appear a little odd to people who didn’t go through the debates during the construction of the document. I assume that’s where some of this stuff came from:
1. Mandating very specific technology
Regular readers of RxTrace will know that I believe that there is a place for mandating specific technology inside of a regulation. That place is to ensure interoperability in areas where there are too many options (see my essay “Should Regulations Dictate Technology?”). Lots of people disagree with that, including most of the respondents to the recent FDA RFC for the consideration of replacing the linear barcode requirement with some other, more modern technology (see my essay “Will the FDA Accept RFID for Drug Identification?”). Paradoxically, many of the organizations who oppose idea of the FDA identifying a specific identification technology to replace linear barcodes are members of the PDSA—the organization who is now trying to do just that in a Congressional bill proposal which is much worse than doing it in a regulation.
I stand by my belief that the FDA should specify one technology (either UHF RFID or 2D barcodes) for the linear barcode replacement. But even I think it is wildly inappropriate to identify specific technologies within a Congressional bill as the RxTEC discussion draft proposes!
RxTEC would specifically mandate GS1’s SGTIN for the Standardized Numeric Identifier (SNI) and mandate that it be depicted, along with the lot and expiration date, within a DataMatrix 2D barcode (for at least the first 12 years) on each individual package. Remember, this would end up being in a federal law. That means it would literally take an Act of Congress to change to a new, more modern technology before the first 12 years are up! About the only thing worse would be if they amended the Constitution to include it. If the members of the PDSA want it that badly why did so many of them recommend that the FDA not identify any specific technology to replace the linear barcode requirement?
No. Technology mandates intended to establish interoperability should be made by the regulatory agency in regulations that come out of a much less-specific wording in the law. In this instance the law should simply require the FDA to work with the industry and appropriate consensus-based standards organizations to select the technologies or standards and leave it at that. RxTEC is way too prescriptive here.
2. RxTEC data use and availability
The proposal doesn’t define the term “RxTEC data”, but it does define the term “RxTEC” to mean a data carrier holding the NDC, SNI (which is somewhat redundant, by the way), the lot and expiration date. Throughout the document it is clear that in this first “stepping-stone” no one is required to ever use or even read the SNI. That appears to be one of the foundational principles of RxTEC. It implements “lot-based traceability” on a one-up, one-down basis, and despite the inclusion of the SNI (a unit-level serial number), the proposal is intentionally not a unit-level traceability system.
For a first phase, that seems very practical, but Section 301 in TITLE III includes a provision that would allow the FDA to
“…request RxTEC data from all pharmaceutical distribution chain participants in the event of a recall, or as determined necessary by the Secretary to investigate a suspect product.”
Even the States could request RxTEC data. The problem is that “RxTEC” is defined to include the SNI (the unique serial number that no one is required to read or use) so if the Secretary can request “RxTEC data”, does that mean that the participants really do have to read and keep track of the SNI just in case the FDA needs it? I suppose the FDA could request it, but since the proposed bill wouldn’t require anyone to read it, they just wouldn’t get it. Something needs a little work there.
3. Tying the hands of the FDA rather than requiring the FDA to work with the industry
It seems to me that Section 201 of TITLE II of the RxTEC proposal goes way overboard in tying the hands of the FDA. Under the heading “ENSURING FLEXIBILITY” the proposal lists twelve things that the regulations developed by the FDA when implementing RxTEC must conform to. Some are reasonable, but is it really a good idea to specifically block the FDA from:
- Prescribing or proscribing specific technologies for the maintenance of data;
- Prescribing or proscribing specific methods of verification (just visually glancing at the product appears to be sufficient for verification according to other sections);
- Requiring the manufacturer to aggregate unit level data to cases or pallets;
- Requiring dispensers or wholesalers to verify product at the unit level;
- Requiring a record of the complete previous distribution history of the drug from the point of origin of such drug or point of receipt?
Those provision make RxTEC sound more like a roadblock rather than “a stepping-stone” to full traceability down the road.
In my view a lot of the bulk of Section 201 of the proposed bill could be reduced to a few sentences that direct the FDA to develop a multi-phase (multi-plateau, or multi-stepping-stone—take your pick) solution for protecting the supply chain from illegitimate activities (counterfeiting, tampering, theft/reintroduction, diversion, etc.). It could mandate that there be at least X number of phases to ensure that the leap to each phase isn’t too great, and it could mandate that each phase last at least Y number of years (barring any unexpected major events), and then the leap to the next phase would only occur if evidence shows that counterfeiters or drug thieves are able to work around the protections in the current level. Now that would truly “ensure flexibility” by not tying the hands of the FDA so that they are free to react appropriately in the event of a large-scale and serious counterfeiting event—a worst-case scenario.
Overall I think the PDSA’s RxTEC discussion draft is a good start toward a multi-phased supply chain security system, but it needs some work to address the problems I mentioned above and a few lesser problems not mentioned here. They have until the end of September, as I understand the Federal Government’s fiscal year calendar, so hopefully they will continue refining it until they have something that will start the industry on its way toward eliminating the small amount of crime that exists in the legitimate U.S. supply chain.
WHAT IF RxTEC ISN’T ADOPTED?
Even before the PDSA made their RxTEC draft bill public I was trying to assess the odds that some kind of track & trace or ePedigree bill would make it through Congress this year. On the one hand, with the Prescription Drug User Fee Act (PDUFA) bill needing to pass by the end of the Federal fiscal year there is a “vehicle” for such an amendment, but on the other, it is an election year and partisanship seems to infect almost every debate. (See this interesting article in Pharmaceutical Commerce online: “House subcommittee airs out serialization issues during PDUFA discussions”.)
Even though it seems like everyone is in favor of eliminating the patchwork of State pedigree laws with a single federal regulation—even the States seem to be in favor of that—would the Congress be willing to swallow a bill that increases the enforcement responsibilities of the Federal government and could therefore be considered an expansion of government at a time when politicians seem hell-bent on shrinking the Federal government and returning regulatory responsibilities to the States? I don’t think this issue fits very well into that mold, but I am frequently amazed how the debates on other issues have made a turn down that path.
So I wonder what would happen if no drug traceability regulation passes this year? In fact, the FDA is already authorized to develop standards for a nationwide track & trace and authentication system (ePedigree?) as part of the Food and Drug Administration Amendments Act (FDAAA) of 2007.
The FDA has already asked for generalized public input for SNI, Authentication and Track & Trace. That occurred way back in early 2008. Less than a year after that the FDA published draft guidance only for the SNI and asked for public comments. After collecting comments from interested parties the FDA modified the SNI guidance and then published the “non-binding recommendations” for SNI in the form of final guidance in March 2010, (see my essay, “FDA Aligns with GS1 SGTIN For SNDC”).
With that history as our guide, and noting that the FDA is obligated to do so by the FDAAA, I think the next thing we will see will be a draft guidance for non-binding recommendations for a full track & trace, authentication and/or ePedigree system published for comment by interested parties. It has been over a year since the FDA held a public workshop to collect input into the system attributes for the tracking and tracing of prescription drugs. In recent presentations the FDA has indicated that it is working on that guidance. After collecting comments the FDA will modify their draft guidance and then publish a final guidance document. Like SNI, it will contain non-binding recommendations.
You might think that non-binding recommendations would just sit there and not have any effect on the operation of the supply chain, but look at what is happening right now with the non-binding SNI guidance. Because California requires the application of “a unique identifier” to each drug package, and because the FDA non-binding SNI is a valid definition of “a unique identifier”, companies are most likely going to adopt it for compliance in California (see my recent essay “The Surprise Consequence of the California Pedigree Law”).
If there are any new State drug pedigree regulations drawn up at any time in the future they would be foolish to designate anything other than the FDA non-binding SNI for their unique identifier. What the FDA has done is to define a non-binding “standard” for a unique identifier for drugs that will be applied nationwide, all without needing to make it a federal mandate.
It is possible, even likely, that if Congress doesn’t enact new drug traceability legislation, the same thing will happen with their future non-binding track & trace and authentication (ePedigree?) guidance. Wouldn’t you think that with a Federal “standard” defined, states like California (especially) and Florida (perhaps) might decide to abandon their “special” approaches to supply chain security and simply mandate that Federal standard? Wouldn’t you expect that any new State ePedigree regulations would simply do that from the start? In fact, wouldn’t you expect that the existence of a non-binding Federal standard might actually make it much easier for States that don’t currently have a pedigree law to enact their own ePedigree legislation considering the fact that they no longer have to go to the trouble to figure out and document the details of how it would work—they could simply mandate the Federal standard?
In fact, most states with existing drug pedigree regulations took the text that was offered by the National Association of Boards of Pharmacy (NABP) for their laws. The NABP “model rules” were developed back in 2003 to help States adopt a standardize set of drug pedigree rules. But with a Federal “standard” offered by the FDA, it is possible that it would replace the NABP model rules as the reference source for new State laws. Over time the future FDA non-binding drug track & trace and authentication guidance may become the de-facto nationwide pedigree solution that solves the current “patchwork” problem.
It would take a long time for that to occur, but without the passing of new legislation this summer, that could be our future. What do you think the odds are that RxTEC will be passed by the Congress and signed by President Obama this year? If it doesn’t get enacted what do you think will happen? Leave a comment below.