I’ve now finished studying the latest Congressional Discussion Draft to Improve Drug Distribution Security.  As promised last Thursday, here is my analysis.  Overall I’d say it is a very serious attempt to develop a raw text that everyone can agree on.

But the only reason everyone can agree on it is that there are literally hundreds of multiple-choice options (they call them “policy choices”) built in–kind of like Mad Libs.  Anyone can use a marker to go through and cross out all the choices that they don’t like and they would end up with a bill that their constituency would probably accept.  The problem is, would anyone else?

The work group that published this draft included the optional language in bold square brackets [ ].  Here’s a somewhat comical example taken from part of Section 3. Enhanced Drug Distribution Security—every single paragraph of which is included in brackets to allow you to strike anything and everything!

Here you can either force [shall] the Secretary of the FDA to require the use of an interoperable electronic systems for tracking, tracing, and automatically verifying product…, or you can allow [may] the Secretary to make the choice, or you can strike the requirement in section (A), or you can just strike the word “automatically”, and you can make the Secretary act anywhere from 5 to 10 years, or you can strike the entire section (1), or you can strike the entire Regulations section (c).

In fact, you can even strike the entire Section 3 that this little snippet resides in if you don’t think we would need “enhanced drug distribution security” after the first phase is implemented.  The work team behind this effort must be fans of the Mad Libs series of children and adult books.

I’ll discuss this specific language again in the section about the enhanced drug distribution security system below.

It’s not clear how the Congressional delegation will narrow down the selections to a final bill that would then presumably be introduced, but that’s where you come in.  They want your comments about any and all policy options by November 7, 2012.  That’s right, less than 10  days from now.  Only those with Mad Libs fever are likely to be able to react that fast.

Because so many provisions in this draft are “policy options” it’s hard to analyze—at least you can’t predict what will end up being submitted to Congress from it—but I will explain what I see in it.

In general, this discussion draft has a structure that is similar to previous drug supply chain security bills that have been introduced into Congress in previous years.  It starts out with a fast-track pedigree requirement as an interim requirement while the full track and trace system is being figured out.  Later, the initial pedigree system would be replaced with the full track and trace system (keep in mind, any of these things can be struck from the final draft).

THE INITIAL PEDIGREE SYSTEM

However, this draft avoids using the word “pedigree”.  The reason become apparent later in the draft (I’ll explain later), but since it doesn’t use the word “pedigree”, it has to repeatedly use the unwieldy phrase “transaction history, transaction information and transaction statement”.  As in,

“Beginning not later than [6 months]/[1 year] after the date of enactment of [short title], a dispenser—

(i)  shall not accept ownership of a product, unless the previous owner[, prior to the transaction,] provides transaction history, transaction information, and transaction statement;…”

Transaction information is defined as the name of the product, strength and dosage form, NDC, container size, number of containers, lot number, date of transaction, date of shipment, the business name and address of the seller, and the business name and address of the buyer.

Transaction history is a statement in paper or electronic form (oh no, not another paper pedigree…and it isn’t even one of the “policy options” so you can’t strike it!), including the transaction information for each prior transaction going back to the manufacturer of the product.

Transaction statement is a [signed] statement, in paper (ugh!) or electronic form, that the entity transferring ownership of a transaction is (paraphrased)

• authorized to make the sale;
• received the product from a person that is authorized
• received the transaction information and transaction statement from the prior owner
• [had systems and processes in place to prevent shipment of suspect product or illegitimate product and] did not knowingly and intentionally ship [suspect product or illegitimate] product; and
• attests to the accuracy of the transaction information provided to the subsequent owner of the product and attests that the entity has not altered the transaction history.

First, notice that the transaction information doesn’t include a serial number or any unique identifier like an FDA Standardized Numerical Identifier, or, SNI.  That means this initial pedigree system would be a lot-based pedigree, much like the last summer’s RxTEC proposal pitched by the Pharmaceutical Distribution Security Alliance (PDSA) as the system that would pre-empt the much more technically challenging California law.  Also like RxTEC, this draft would require manufacturers to encode the SNI in human- and machine-readable form on all prescription drugs at the package, even though it would get little use in this interim system.

Second, this initial system wouldn’t require any aggregation information (SNI-based package-to-case hierarchy) because it wouldn’t require anyone to know the SNI’s on packages that are inside of sealed cases.  So the transaction information, transaction history and transaction statement (formerly known as a “pedigree) would be documented at the lot-level by case unless the case is opened by someone, and then it would be at the lot-level by the packages.

Non-sellable returns are would not be traced.  That is, the seller wouldn’t need to provide the buyer with any of the three types of documents.  Sellable returns would still need to be traced with these documents however.

But that brings me to the reason why the authors didn’t just use the word “pedigree” instead of these three transaction words.  It’s because they didn’t want the dispenser to have to retain or provide all three components in their transactions.  Dispensers would need to receive all three when they buy drugs, but unlike the manufacturer and wholesalers, they would be required to retain only the transaction information.  From a dispenser, the FDA would only be able to request transaction information as part of an investigation and not the transaction history or the transaction statements.  Manufacturers and wholesalers would have to be able to respond with all of those to an FDA request.

So you see, if they called it a “pedigree”, then they wouldn’t have been able to limit the type of information that the dispenser would need to retain and make available.  On a somewhat related note, a dispenser would be allowed to let their wholesaler retain the transaction information on their behalf (under contract).

The initial system includes what is commonly known as a product identifier authentication requirement.  This draft calls it “verification” and is defined as

“…determining whether the product identifier affixed to, or imprinted upon, a package or homogeneous case corresponds to the standardized numerical identifier, lot number, and expiration date assigned to the product by the manufacturer or repackager, as applicable.  Verification of the product identifier may occur by using human-readable or machine-readable methods.”

So when a member of the supply chain would receive saleable product, in some instances (see below) they would need to contact the original manufacturer to “verify” that the product information makes sense to them.  By the definition it appears that the SNI (whether case-level or unit-level) would have to be a part of the verification request.  There are no policy choices in the definition.

There are two reasons that manufacturers, repackagers and wholesalers would be required to verify product they receive.

1. if there were some reason that caused them to suspect that the product might be illegitimate;
2. the product was returned to them by a customer and they intend to distribute it further.

On the other hand, a dispenser who is suspicious that they have received illegitimate product would only be required to “…confirm whether the lot number of the suspect product corresponds with a legitimate lot number…” of that product, and “…verify at least [3 packages or 10% of the affected product, whichever is greater, or all packages, if there are fewer than 3,] with the manufacturer or repackager…”.

Verification requests could be submitted “through reasonable means, including querying an electronic database, placing a phone call, or other means specified by the manufacturer or repackager.”  The manufacturer or repackager would have up to [24 hours] to respond to verification requests.

This initial system would include an “alert system”.  When I first started to read about it I thought it was going to be the standardized recall alert system that I strongly recommended in last week’s essay “We Should Be Ashamed Of The U.S. Approach To Pharma Recalls”.  It doesn’t appear to be that, but it wouldn’t take much to modify it to include recall notifications.  Please, someone recommend that to the Committee!

The alert system would simply be to notify appropriate supply chain participants when there is a suspicion that illegitimate product has been found by a party in the supply chain.  This would cause other members of the supply chain to treat matching product as suspicious and thus invoke the verification requirement.

The dates for the initial lot-based pedigree (sorry, I can’t help calling it what it is) system would be very accelerated.  Many of the policy options for components described above would be [6 months]/[one year] after enactment, which is completely unrealistic (the word “insane” comes to mind) for designing, building and deploying the technology they describe.  Hopefully companies will explain that in the comments they submit.  It is particularly unworkable to execute before the manufacturers and repackagers would be required to encode the lot numbers and SNI in machine readable form ( which would occur “…not later than [18 months]/[4 years] after the date of enactment…”).

THE ENHANCED DRUG DISTRIBUTION SECURITY SYSTEM

• [utilize product identifier data for product tracing, including the use of aggregation and inference;]
• [improve the technical capabilities of each sector and subsector to comply with an interoperable, electronic, unit-level package tracing system; and]
• [complete other activities]/[fulfill other goals] as determined by the Secretary]

Finally, the text that I show in figure 1 near the top of this essay appears, providing the FDA with 5 to 10 years to (maybe) issue proposed regulations for the enhanced system.  But those regulations [cannot “…require the adoption of specific business systems for the maintenance and transmission of data” and] [cannot “…impose any new requirements on dispensers that are in addition to…” those in the initial system].  The final regulation would be effective not before [2 years] after a 60 day comment period after publication of the proposed rules.

THE “PEDIGREE CLIFF”

Then there is this interesting little section starting at the bottom of page 71 that appears to attempt to deal with any possible (likely) delays that might be thrust into the process for one reason or another.  It would create a “cliff” similar to the current “fiscal cliff” that everyone is so worried about right now.  That is, it would create an automatic worst-case scenario that few will like if agreement can’t be reached on a compromise bill.  A “cliff” is designed to light a fire under all participants to get them to move along with the original plan so that we don’t end up all going over “the cliff” together.  In this case, call it, the “pedigree cliff”.

“[Default provisions—If the Secretary has not finalized regulations under this subsection by the date that is [8/13] years after the date of enactment of this Act, [or if the regulations under this subsection have not gone into effect by the date that is [10/15] years after the date of enactment of this Act,] the following shall go into effect:]”

The initial pedigree system would be modified so that (paraphrased):

• [dispensers would be required to provide transaction information, transaction history and transaction statements when returning saleable product;]
• [the transaction information and transaction statements would now need to include the package-level SNI, thus transforming the initial system from a case-level (and unit-level when there is no case), lot-level tracing system into a unit-level, SNI tracing system;]
• [the exchange of transaction information and transaction statements (what about the transaction history?) would need to be done in an electronic, interoperable system with automatic verification of all product in accordance with the standards published by the FDA.]

In other words, something like the current California pedigree law would become national.  A true “pedigree cliff” for some folks…after 10 to 15 years of further delays.

OTHER PROVISIONS

The bill would also include

• one of four different proposed options for licensing wholesalers at a national level;
• one of three different proposed options for licensing third-party logistics providers (3PLs) and their facilities;
• a penalties section to tweak existing language;
• a preemption section that would shutdown all existing state drug pedigree laws like those in about half of the States today.

MY THOUGHTS

Would someone explain to me why we need an interim system like the initial lot-based pedigree system described above?  Is that supposed to be the first phase of a full serialized package-level tracing system?  If so then why would it result in so many thrown away components?  Are we in such desperate straits that we need to impose something/anything ASAP?  More than likely the “desperate straits” we are in, is the approach of the California pedigree law and apparently we need something to appease the folks in California so we can pre-empt their law.  But that’s not a very good reason to create something that ends up being thrown away.

In my view we should establish the end point—the system characteristics that we believe are necessary to address the problems we have in the supply chain today—and then define phases of deployments that each build on the previous phase so that no phase results in investments that are thrown away.  The phases should be building blocks that each eventually complement each other in the whole.  See the complete description of this approach in my essays “Plateaus of Pharma Supply Chain Security” and “SNI’s Are Not Enough In a Plateau-Based Supply Chain Security Approach”.

We should be able to convince the folks in California to allow the federal law to pre-empt theirs as long as it provides a reasonable path toward addressing the problems that they see in the supply chain today.  We should not need to impose a costly temporary and throw-away system nationwide just to get beyond their regulation.

Being an end in itself, the PDSA’s original RxTEC proposal failed the “reasonable path” test, but this proposal reverts back to the throwaway system approach.  Can’t we find a middle ground?  All we need is a proposal that includes multiple phases on a single roadmap from here to there.  Why is that so hard?

Tell me why it’s so hard in a comment below.

In my next essay I will discuss my thoughts on the way this bill would trick-or-treat dispensers.

Dirk.