California Board of Pharmacy Clarifies Use Of GS1 EPCIS

“The Californians”

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.As I indicated last week, I wanted to write about a specific dialog that occurred at the December 4, 2012 California Board of Pharmacy Enforcement Committee meeting.  The important exchange came at the end of the meeting during the catchall agenda item called “General Discussions” when topics that are not on the agenda can be raised by Board members or the general public in attendance.

As soon as the Chair opened that agenda item, Michael Ventura of GlaxoSmithKline rose and strode to the microphone.  The exchange that followed was captured on the meeting video.  I transcribed the exchange below as it happened because I think it provides a number of important clarifications about the technologies that can successfully be used to meet the California pedigree law and I think it should be read by everyone who has an interest in that.  The source video can be found here and these words start at 2:30:30 (hours:minutes:seconds).

Mike Ventura, GlaxoSmithKline:

“I really enjoy the open conversations, the ability for technology and solution providers to come present to the board a lot of alternative solutions and proposals.  We, from a manufacturer perspective, understand serialization.  We understand the challenges of aggregation and all those things that are required in order to facilitate these things from a global manufacturing perspective.  But when we get to the market, when we come to California compliance we are now getting precariously close to a tipping point where we either need to implement a solution, or we are going to fall short of meeting that compliance date.  So when we hear things like we heard this morning from the Abbott, [McKesson], GHX and VA proposal—this event sharing model—verses pedigree…

“Curious… number 1, how viable is it to the board, in your perception that it provides to you the bread crumbs that you need in order to trace bad actors that are putting counterfeit material or suspect substandard material in the supply chain?  And if it is, in fact, viable to you towards compliance, what needs to happen with the law, as written, where every seventh to tenth word is ‘pedigree’? 

“And when could that happen, so that we could make the decisions and get started on a path that is clearly going to take us a year-and-change to implement in our distribution centers and in our enterprise systems?  All these implications that we [currently] have, that we are…almost forced, in a short period of time, to  go down the path of pedigree, and we’re reluctant to do so. […] I think you’re getting the message that pedigree is a very cumbersome process, especially on the middle of the supply chain, with wholesalers and distributors [it] could inevitably bog them down in a way that threatens their ability to get product to patients.  That’s really what we’re looking to get an answer to.”

Josh Room, Deputy Attorney General, California Department of Justice, California Board of Pharmacy:

“I want to make sure that…what I believe you’re implying by your question is that ‘pedigree’ is somehow synonymous with DPMS.  And that is not a requirement of the law, nor has it ever been a statement by the Board that in order to comply with pedigree you have to be utilizing DPMS.  I’ve tried to make that clear in the past.  I apologize if it’s never been made clear to you. 

“All that a ‘pedigree’ is defined in the law is an electronic record containing all of the chain of custody… events that pertain to that particular unit.  So that can be transmitted…that record has to be provided by each trading partner and received by each trading partner, so that record could be provided through various… communication technologies and methodologies. 

DPMS is one way of doing it but it’s not the only way of doing it….I hesitate only to bless, sort of, EPCIS generally because EPCIS means lots of different things [in] lots of different contexts, but there is nothing to preclude a solution…a cloud-based solution—like GHX or something like that—from being a methodology of providing the necessary record data to your trading partner, that trading partner receiving that into either their own… internal enterprise system, or receiving it externally by way of their segregated data set at the cloud, or, you know, by the external data repository…nothing about that is inconsistent. 

“There are various things that have to be included in it, including that you have to, you know, certify the data that you are providing as being true and accurate.  So there are some…details, about how you do that differently by way of EPCIS or within an AS2 electronic message than you would by way of DPMS, but I don’t think those are irreconcilable or that the issues are really different…they may be different in type but not different in scope, from DPMS.  Does that answer your question?”


“Well it does, absolutely, I mean…”


“The board is not going to bless a particular system if that’s what the industry is looking for…”


“…wondering was, one clarity on, the flexibility of being able to vary from DPMS to EPCIS and as long as the information that is required within a pedigree, is part of our event transmission, that would meet that compliance of the law.”


“I think the confusion has arisen because people think of ‘a pedigree’ as a singular thing and they think of it as being transmitted and received, and everyone’s mind goes to…sort of, that means it’s a ‘document’.  It does not have to be a document.  It is an electronic data record… that can be housed in various formats, one of those being DPMS, another being an external data repository…you know, various ways of handling that data record.  Does that make sense?”


“Yes it does.”



Virginia Herald, Executive Officer, California Board of Pharmacy:

“4034”  [a reference to the section in the California Business and Professions Code that describes the contents of a pedigree]


“I hope…that we continue to provide clarity on this.  I understand that everyone’s working really hard and there’s a lot of anxiety and… that doesn’t always allow the message to be received clearly, but we’re trying to provide that message clearly that we have not required any particular data transmission technology or system.”


“Well, I’ve always heard multiple times that you were not going to prescribe the technology in use here.”




“It was just a matter of assurance to us that as long as we were providing the required information…that we…”


“We understand the commitment, both financially and logistically that it requires to select any particular system and how hesitant anyone would be to do that…in fear of not complying.”


“Absolutely.  Excellent.  Thank you.”


It’s very helpful to hear a legal representative of the Board of Pharmacy say in a public meeting that a compliant pedigree does not have to be held or transmitted in a “document” and that,

“…there is nothing to preclude a solution…a cloud-based solution—like GHX or something like that—from being a methodology of providing the necessary record data to your trading partner, that trading partner receiving that into either their own… internal enterprise system, or receiving it externally by way of their segregated data set at the cloud, or, you know, by the external data repository…nothing about that is inconsistent.”

These are very important clarifications because I think they open the door to the use of GS1’s Electronic Product Code Information Services (EPCIS), however qualified, in at least a central or semi-centralized model, to comply with their law.

The only catch is,

“There are various things that have to be included in [the pedigree], including that you have to […] certify the data that you are providing as being true and accurate.” 

Through efforts in the GS1 US Traceability Adoption work group in the past, we have seen that might not be easy.  But in my first essay in January I will explain one way this might be accomplished without too much complexity and without too much cost, relative to the GS1 Drug Pedigree Messaging Standard (DPMS)approach.  For my thoughts on the problems with using GS1’s EPCIS standard to meet the California pedigree law prior to this new clarification, see “Why GS1 EPCIS Alone Won’t Work For California Pedigree, Part 1” and “…Part 2”.

In that future essay, in the spirit of the season, I will play the role of the “Ghost Of Christmas Future” from Charles Dickens’A Christmas Carol”, in which Ebenezer Scrooge asked, “Are these the shadows of the things that Will be, or are they shadows of things that May be, only?”  Fortunately, in the case of Scrooge, it was the latter.  But unfortunately, in our case, they are also the latter.  That is, if the industry wants those shadows I will explain to become a reality, it will be necessary for more companies to join GS1 Global and join the Pedigree Security, Choreography and Checking Service (PSCCS) work group now, to help adjust the various GS1 standards so that the desired outcome becomes possible, and only then could it become an actual reality.

In the story, Scrooge figures it out.  He says “Men’s courses will foreshadow certain ends, to which, if persevered in, they must lead.  But if the courses be departed from, the ends will change.”  To change the course of destiny Scrooge had to make profound changes to his life.  The change we need to make isn’t great.  In fact, we just need to work together to enable a standard, interoperable, multi-vendor, network-based approach to e-pedigree.  It won’t happen if we don’t intentionally take that course.  We can see the shadows of the endpoint in the recent Abbott Labs, McKesson, VA and GHX pilot.  Now we need to adjust the GS1 standards so that approach meets the California law.

Merry Christmas, Happy Hanukah and Happy New year!  “God bless us, Every One!”


2 thoughts on “California Board of Pharmacy Clarifies Use Of GS1 EPCIS”

  1. Hi Dirk,

    I remember this exchange at the meeting very well and was encouraged to hear that the pedigree in CA BOP eye’s is not necessarily a paper document, but can be as you mention a “document” electronically passed through a down the chain messaging system. Apart from the fact that there does need to be a method for showing that you actually take ownership and certify the data as being true and accurate what an advantage this will be for those at the end of the chain that can potentially log into a secure cloud data base and obtain with a high degree of confidence that this drug they are getting is what they are supposed to get.

  2. Hi Dirk

    Thank you for the transcript, very useful!
    I’m an optimist and not entirely conversant with the ways of US legislators (State or Federal), but I take this as a positive sign that GS1 Healthcare’s current work on EPCIS Security, Choreography and Checking Service (thanks for including the link!)is heading in the right direction.

    GS1 Healthcare Traceability Director

Comments are closed.