The Built-in Protections Of The U.S. Pharma Supply Chain

Last week we learned that 11 people were charged with the record-breaking $75 Million drug heist from the Eli Lilly warehouse in Enfield, Connecticut back in March of 2010 (see the excellent article by Jay Weaver in the Miami Herald, including a copy of one of the multiple indictments).  Importantly, all of the stolen drugs from the Lilly warehouse were apparently recovered before they could be re-introduced into the legitimate supply chain.  But this investigation and the charges go well beyond the infamous Lilly warehouse theft.  They include other pharmaceutical, liquor, cigarette and cell phone cargo thefts around the country, allegedly perpetrated by members of the same criminal organization.  Cracking this organization could end up disrupting the most prolific source of cargo theft in the United States over the last five years.

Congratulations are due to the law enforcement organizations who contributed to the investigation and to bringing the charges.  They include DEA, ATF, FBI, U.S. Attorney of Florida, Miami-Dade Police Department, Florida Highway Patrol, U.S. Attorney of Illinois and U.S. Attorney of New Jersey.

This episode highlights one of the things I call the built-in protections of the U.S. pharmaceutical supply chain—the things that, combined, result in the U.S. having the safest supply chain in the world.  In this case, it is strong and cooperative law enforcement organizations.  While far from perfect, would you trade our system of justice, including law enforcement, with that of any other country in the world?  I don’t think you would (unless you’re one of the Villa brothers or their associates!).

But what are the other components that result in the safest drug supply chain in the world?  It’s certainly doesn’t occur by accident, so what are the built-in protections?


As far as I can tell, no one has done a formal study to isolate the complete list of reasons why the drug supply chain here is the safest in the world.  My list is certainly not a formal study but it includes the things that I could think of.  Make sure you submit a comment below to add anything I’ve missed.  I’m sure there are several.

  • Licenses
    You can’t become a member of the legitimate pharmaceutical supply chain—whether manufacturer, repackager, distributor, 3PL, pharmacist, pharmacy, doctor, nurse or hospital without obtaining at least one, and often multiple licenses.  To obtain and retain the necessary licenses applicants need to periodically demonstrate that they are qualified to fill the role they are applying for.  Most of these licenses require substantial investments in time and/or money to initiate and maintain.

  • Penalties
    The U.S. Federal and State governments have established certain penalties for crimes in the pharmaceutical supply chain.  I think most people would agree that they are currently too low considering how damaging these crimes can be to innocent people (see my essay “STEP #1: Raise Penalties For Drug Crimes To Reflect The Widespread Harm They Can Inflict”), but at least we have penalties that can be applied when criminals are caught.

  • Strong and cooperative law enforcement organizations
    As the episode last week highlights, this is an indispensable ingredient!

  • A “closed” distribution network
    The requirement that all supply chain parties obtain licenses, combined with the fact that drugs cannot be reimported (see my essay, “Safe Prescription Drug Reimportation: An Oxymoron”), results in a “closed” supply chain.  Not just anyone can leap into the legitimate supply chain and start buying and selling drugs.  If you’re going to get into this business, you need to have some resources behind you that make it clear that you are legitimate and you place the interest of patients high in your list of priorities.  A vital part of this component is for trading partners to verify that those they are buying from and selling to possess valid and current licenses.  This is one of the weakest links in the U.S. supply chain as demonstrated by crimes that have occurred in the last five years (see my essays “How Counterfeit Avastin Penetrated the U.S. Supply Chain”, “Lessons from ‘Drug Theft Goes Big’” and “STEP #1: Raise Penalties For Drug Crimes To Reflect The Widespread Harm They Can Inflict”).

  • Commitment by large distributors to only buy direct from the manufacturer
    About six years ago the largest U.S. distributors, representing about 75% of the drugs distributed in the U.S. legitimate supply chain, publicly committed to only buy their stocks directly from the drug manufacturers (see my essay “Do We Even Need To Mandate Drug Pedigrees Anymore?”).  This was a big and important change because prior to that they all had business units whose purpose was to buy some of their stocks from the secondary market—overstock drugs sold by non-manufacturers.  This practice was found to open the door to criminals selling illegitimate drugs—including counterfeit, diverted, up-labeled, improperly stored, tampered, etc.—back into the legitimate supply chain.  Many of the crimes documented by Katherine Eban in her book “Dangerous Doses…” may have been made easier as an unintended result of this type of buying practice.  By making that pledge, this door was closed, at least for that 75% of drugs that come through these organizations.  However, this is a voluntary pledge that not all drug distributors in the U.S. are even able to make.  Again, Katherine Eban documented a case that showed this is an ongoing weakness in the U.S. supply chain (see Eban’s engaging and eye-opening article at CNN/Money online, “Drug Theft Goes Big”).

  • The general low tolerance for crime and corruption by the American public
    Americans have what I call a general low tolerance for crime and corruption compared with many places in the world.  We generally expect our government and system of commerce to be free of the kinds of activities that often lead to illegitimacy.  This may turn out to be one of the most difficult components of a safe drug supply chain for countries in the world to emulate.  You can adopt all of the other components I have listed above, but if the public accepts crime and corruption as the norm, you are going to have crime and corruption, and your drug supply is not going to be safe as a result.  Fortunately the U.S. isn’t the only country in the world whose public has a low tolerance for these things.  I would bet that the public tolerance for general crime and corruption is closely correlated to the safety of a given country’s drug supply.  It would be an interesting thing to study.


Even with all of the things listed above going for us, criminals still attack our drug supply.  But that’s going to happen any time you have something as lucrative as our drug supply has become no matter what protections you impose.  Criminals are always going to be attracted by the high value of drugs in the U.S. market.  You can’t prevent criminals from making attempts, but in an ideal world, the built-in protections would always block them.

In my opinion, we have a system today that is remarkably resistant to those criminals.  Last week’s arrests demonstrated that resistance.  As long as criminals can always be detected, caught, charged, prosecuted and their work is prevented from harming patients—as it appears will occur in this case—the built-in protections are a smashing success.  What more needs to be done?

But not all crimes have been prevented by our current built-in protections.  Is there anything more we can do to reduce the criminal success rate even farther?  Do we need to augment our existing built-in protections with new ones?  If so, which new protections should be built-in?

I think it is possible to do so but considering the low success rate of drug supply chain crimes in the U.S. supply chain today (see my essay “Illegitimate Drugs In The U.S. Supply Chain: Needle In A Haystack”), we may be within the realm of diminishing returns.  Further improvements will require careful study to determine the weaknesses that criminals are able to take advantage of today to ensure that any new protection we add actually has a positive impact on those specific vulnerabilities and does so with the least cost.

So far the closest thing I’ve seen to that kind of study was published by the FDA last fall with the publication of “FDA Preliminary Report: Review of Counterfeit and Diversion Criminal Case Information”.  It is a start, but it is too superficial, is not representative of today (the study only looked at FDA Office of Criminal Investigation (OCI) cases investigated between 2003-2008) and does not look at possible additional protections.  The report concludes:

“…the results [of the review] may not be representative of current drug supply chain trends.  This review is intended to provide some insight into the schemes, types of products, and supply chain participants involved.  We recognize that to conduct a more in-depth analysis and to achieve a full understanding of the supply chain complexities and the possible sources of sampling bias, additional data sources, such as those from industry, would be necessary.  This report provides results from an initial review of the OCI case information and does not contain statistical inferences, future trend predictions or opinions.  FDA expects to conduct further analysis and report as appropriate.”


Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.I chose not to include existing pedigree regulations—like the Federal Prescription Drug Marketing Act (PDMA) and the Florida drug pedigree law—in my list because I don’t think they have contributed to the protection of the supply chain.  I don’t think that will surprise anyone (leave a comment below if this opinion surprises you) because the regulations that came from the respective laws apply to so few drugs in the supply chain and they primarily only affect distributors.  These regulations add cost but no real protection.  This is the kind of reaction to crime we need to avoid in the future.

You might think my negative opinion of the PDMA and Florida law would also apply to the California drug pedigree law, but the differences between it and those less effective laws address many of their shortcomings (see my essay, “The California Pedigree Law” for a catalog of the differences).  The biggest problem with the California law is that it results in a “big bang” deployment of drug pedigrees in the California supply chain.  A big bang won’t work because the leap in technology used in the supply chain is too great for such a short time span (2 ½ years).  The approach I advocated in my essay, “Plateaus of Pharma Supply Chain Security”, and then clarified in the essay, “SNI’s Are Not Enough In a Plateau-Based Supply Chain Security Approach” (see how complex this work is, it needed a follow-up clarification!), was an attempt to address that problem.

The folks from the Pharmaceutical Distribution Security Alliance (PDSA) apparently agree that the problem is the “big bang” nature of the California law because their RxTEC proposal also appears to be an attempt to address that characteristic (see my essay, “What If RxTEC Isn’t Adopted?”).  In any attempt to address the “big bang” problem the first plateau/stepping stone is not going to offer much additional protection against criminal activity, and that’s true of both my recommended approach and of the RxTEC proposal.  The first steps are designed to deploy some of the necessary technologies throughout the supply chain and get companies familiar with them so that later plateaus/stepping stones can make use of those technologies smoothly to finally gain the protections sought.

The biggest problem with the RxTEC proposal is that it only describes the first plateau/stepping stone and so you can’t tell how or when the actual protection will occur in the implied later plateaus/stepping stones.  You can’t tell if those future protections will address the vulnerabilities of today’s supply chain because they aren’t identified.  On the other hand, in my RxTrace essays I advocated a step-wise approach where experts would fill in the blanks of each step/plateau/stepping stone.  The specifics I included in the essays for each plateau were intended to be examples of what might be done, not necessarily specific proposals.


Everyone seems to leap to the solution without studying the problem first.  In my view the formula for improving the protection of the U.S. drug supply chain is logical.  What it needed is to first find some way to get the industry and regulators to rally around the step-wise approach in general—no specifics yet.  That shouldn’t be hard to do…the members of the PDSA are apparently already there.  Then study recent crimes that were “successful” to identify the current vulnerabilities in the supply chain.  Then determine alternative approaches that would address those vulnerabilities as new built-in protections (including costs).  Next, select the lowest cost approach that addresses the identified vulnerabilities and finally figure out the steps and timeframes needed to make the necessary technology widespread.  That may take some time to accomplish but any other approach is like shooting in the dark.  No one is going to be satisfied with the results.

In this essay I’ve certainly left something for everyone to comment on.  Submit one below.


13 thoughts on “The Built-in Protections Of The U.S. Pharma Supply Chain”

  1. Dirk,
    Another thought provoking scribe on the pharmaceutical supply chain strengths and challenges. A point that should not be passed by in the discussion of measures to protect the pharma supply chain is that the capture of this cargo theft ring was brought about less because of modern supply chain security technology and more so from good old traditional law enforcement activities.

    I agree whole heartedly that with today as a leaping off point the “big bang” approach appears daunting for 100% item level serialization and e-pedigree transmittal over the next 3 years. Where I diverge with this consensus opinion (not necessarily yours) is that much of the industry has given token effort to promote and support the technological development of an industry-wide standardized system and since 2004 have not put forth a legitimate (read…lacking self-interest as the priority) plateaued approach such as you have so eloquently communicated.

    While this is good for PharmTech’s business in developing strategy for pharma and biopharma surrounding track & trace, it begs the question…why?

    The industry as a whole has sat by fingers crossed like children playing hide-and-seek hoping the FDA and CA BoP would pass by “nothing to see here” and pass another stay for 5-10 years. Now that we are less than 3 years away from financial penalties attached to not moving forward there is an interest by the industry in submitting a watered down proposal under the guise of “something is better than nothing” just before the PDUFA voting.

    Although I agree that the PDSA RxTEC proposal was a nice starting point, it morphed into a document that attempted to tell the FDA what the industry would do (at a minimum) with an open ended goal of achieving what California and the FDA perceive as a traceability solution and probably worse, what the FDA could not do to them along that path.

    This is not to discount the pilot efforts of distributors and several bio and major pharmaceutical companies that have moved forward with item-level serialization and some measure of authentication, rather to acknowledge that those efforts were done for self-interest (brand protection, addressing counterfeits/diversion and/or government reimbursement) and not specifically to move forward with CA 2015 compliance and securing the overall supply chain.

    Thank you for your continued contribution to the debate.

    1. Michael,
      Thanks for your comment. I understand your arguments. I hope you don’t place my essays into some of the categories that you define. I am trying to sincerely raise observations and solutions and the fact that they appear too late is very unfortunate but that’s just how it works out sometimes. I’m sure there are companies who are taking the slacker approach that you describe, but not all are and yet things are not looking so good to me. I’m not alone. So what is to be done? I’m writing / thinking about as fast as I can. It may have no impact at all, but I can assure you that my thinking / writing is as honest as I can make it. I can’t speak for others.

      Thanks for reading and contributing.


      1. Dirk,
        Thank you for your reply. I value your weekly contribution to bring awareness and ask the questions that need to be addressed. The RxTrace blog is an excellent resource for the stakeholders (and solution providers) in the industry. Thanks again for continuing to push the rock up the hill. Your ongoing contributions will impact the decision makers and surely help define the end traceability solution- whatever that may be.

  2. Dirk,

    I disagree. FL pedigree law reduced the number of distributors. Check the numbers for yourself. Why did 100’s of distributors get out of the business? Let me guess they were selling counterfeits, diverted, etc that go under reported.

    As far as cargo theft. Let’s not forget about the diabetics who were hospitalized due to stolen insulin (NovoNordisk). Product was bought at Kroeger’s who sourced from big 3 or ADR’s passing product like it was bought directly from the manufacturer versus the middlemen they bought it from.

    1. Blah,
      Thanks for your comment. I assume the reason the number of licensed distributors in Florida dropped significantly after the pedigree law went into effect was more because of the stiffer licensing requirements and the increased costs, not necessarily because of the pedigree requirements. If those elements were part of the same law then, OK, I’ll give you that. The criminals would probably have kept their licenses no matter what if they had a place they could sell their illegitimate drugs undetected. Once that market closed up shop they could no longer unload their booty and so the profit went out of the “business”. It’s interesting that this coincided with the effective date of the pedigree law so I suppose we may never really know for sure which event contributed the most to the drop.

      I can’t speak to the facts of the NovoNordisk insulin case other than to reference the article by Katherine Eban. Her article describes it differently than your account.

      Thanks for reading.


      1. Incidents in which patients are made sick because of stolen prescription medications bought from legitimate stores are almost never publicized. But Fortune has learned that in 2009, ineffective insulin hijacked from a truck months earlier was dispensed by pharmacies, including Kroger (KR). One patient in Ohio who took the insulin went into convulsions; another, in Texas, saw his blood sugar spike.
        Kroger bought the stolen goods and resold them even after the drug’s manufacturer, Novo Nordisk, alerted the giant grocery and pharmacy chain about the theft. Kroger spokesman Brendon Cull declines to comment about the warning, but says,”We work with only safe and reputable organizations.” Kroger’s suppliers, he adds, must “follow all state and federal laws

      2. Only 2% of the insulin has been recovered, says a Novo Nordisk spokesman. Wouldn’t it be worth patient safety to give patients the ability to authenticate. Based on the insulin example and Avastin example patients can’t trust pharmacies or clinics.

      3. Dirk,

        So when you buy a car in theory you receive the pedigree thru car fax to insure the car is safe and has not been in an accident. But when you buy life saving medications you have to trust to sales men (i.e. pharmacist, physician, etc.). Seems odd to me since both have to do with safety and yes some of these medications cost just as much as a car.

  3. “While far from perfect, would you trade our system of justice, including law enforcement, with that of any other country in the world?”
    I would contend that the system of justice and law enforcement is as effective in about 14 western European countries, as well as in Australia, in New Zealand, and in Canada. To name seventeen 😉
    And I would consider trading ours for a number of these, mainly due to the scale of the task and the more fractured system for both distribution and law enforcement that we have to surmount.

    Mostly beside the point in answer to a rhetorical question, but you tempted me 😉

    1. SAC,
      Thanks for your comment. In fact, as I was writing that the thought entered my mind that it is more a characteristic of strong democracies than just a U.S. characteristic. I thought briefly about changing that line but never got back to it. Thanks for pointing out the improper American-bias and my apologies to those readers who live in countries with equally–or even more–solid justice and law enforcement systems, including those countries you named. Like I said, “while far from perfect…”. That goes for me too!

      Thanks for reading.


  4. This was a case of good common criminal investigation. Nothing more. One of the brothers left a fingerprint on a water bottle. He had a previous record so they could trace the fingerprint to him. Once they identified him, they tracked him to the stolen product and then made the bust. That’s what I’ve read in the articles I’ve seen published in the news.

    What if the fingerprint had not been left? Was there anything else to aid law enforcement to track the product?

Comments are closed.