California ePedigree Uncertainty

Pedigree law approaches CaliforniaImportant Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.A lot of things related to ePedigree in the U.S. supply chain are cooking right now but they seem to be happening a little too slowly, so it will be interesting to see where it all ends up in the next few years.  After developing the Drug Pedigree Messaging Standard (DPMS) in 2006-2007, GS1 is now taking only the initial steps toward adding network-centric ePedigree capabilities to their EPCIS and related standards.  The California Board of Pharmacy says they would like to be able to accept a semi-centralized network centric approach as long as it includes all the stuff listed in their pedigree lawFor nearly 18 months, GS1 U.S. has been “nearing publication” of a draft guideline—six years in the making—that is supposed to help companies who want to use EPCIS to meet the California law.  Congress considered passing a Federal track & trace regulation that would have preempted the California law last year but failed from lack of agreement between the parties.  Some companies are making good progress on meeting the serialization requirement but the number who have the pedigree part figured out are those who have settled on DPMS.  All the while the California pedigree deadlines are rushing toward us like a bus-sized asteroid heading straight toward Earth.  Not surprisingly, the asteroid is moving faster than the efforts to divert or absorb it.

I’ve written about my theory that the date of impact won’t be pushed out again, no matter what happens (for a full explanation of that theory, see “Will The California ePedigree Dates Slip Again?”).

What can be done?  In my view, it’s going to be determined by… the “big 3” wholesalers.  You can bet they don’t plan on paying any fines for distributing pharmaceuticals in California without a valid pedigree, so at some point, they will decide which approach(s) to e-pedigree data exchange will have a low-enough risk to them and they will tell drug manufacturers exactly what you will need to do so that they will be willing to deliver your drugs into California (for a full explanation of that theory, see “Who Will Decide Which Pedigree Model You Will Invest In?”).

I don’t know what they will eventually do or say, but in my opinion, the two most likely approaches the industry will settle on are either DPMS or—if we can figure out how to meet the pedigree certification requirements—the EPCIS-based Semi-Centralized Network Centric ePedigree (NCeP).  (For an example of the Semi-Centralized NCeP approach, see “The Significance of the Abbott, McKesson and VA Pilot”.)  Especially considering the clarification the we heard from Mr. Josh Room, Deputy Attorney General, California Department of Justice, California Board of Pharmacy at the December Enforcement Committee meeting of the California Board of Pharmacy (see “California Board of Pharmacy Clarifies Use Of GS1 EPCIS”).


Recently I started to think about who might offer semi-centralized ePedigree services.  That model can’t work if someone doesn’t offer the services that enable it.  As we’ve seen with their pilot, GHX appears to be well on their way to being able to offer a serious service, and given that their ownership is spread among some pretty big names in the industry they just might be the big choice.

The goal of a Semi-Centralized approach is to provide a choice of service provider.  To accomplish that, there would need to be more than just one service provider.  One possibility is that some larger pharma manufacturers might establish their own repositories and offer it as the repository for the supply chain events for the drugs that they make.  The problem with that is that most wholesalers and chain pharmacies might not feel comfortable with storing their events with a company who is so interested in being able to get access to those same events.  No, I don’t think that will fly.

Then I hit on it.  The wholesalers are the most logical possibility.  They already know everything that would be contained in the manufacturer’s EPCIS events and likewise for most of the pharmacy’s events so there shouldn’t be any hesitancy based on data ownership issues like if a manufacturer wanted to do the same thing.  Some wholesalers have hosted the DPMS pedigree data on behalf of their customers in Florida for quite a few years now so to expand that to include the hosting of EPCIS event data isn’t a huge stretch…conceptually anyway.

My thinking gets very circular here.  On the one hand this could be a big profit center for wholesalers in the future.  On the other hand, large-scale third-party data warehousing services aren’t really their core expertise.  Maybe it makes more sense for it to be left up to third-parties who have this kind of thing in their core and already have it figured out.

But then again, remember who I already think is going to tell you how ePedigree data is going to be formatted and exchanged?  The wholesalers.  Maybe that theory fits well with the thought that the wholesalers would take it on themselves rather than passing it off to a third-party.  Yeah, but with less than two years left, could they move that fast and be ready to accept and store data, not just for themselves but for the manufacturers as well?

They’d have to move even quicker than we all thought.  The deadline for wholesalers isn’t until mid-2016 so to be ready with services that manufacturers would buy into would have to be ready before the end of next year.  That’s coming right up.  Maybe to do that they’d have to subcontract it to some solution provider(s).  Once again, only a solution provider who has already been offering a similar service could probably move that fast.  If so, that similar experience had better be based on Hadoop or some other modern high-volume internet repository technology in order for the experience to be meaningful.


But what solution provider is going be willing to make the investments necessary to offer these kinds of services before they know for sure that what they would offer would be accepted by the California Board of Pharmacy…and then by the wholesalers?  This uncertainty could be holding back some potential solution providers who might have qualifying experience in other industries and other supply chains.

Here’s more uncertainty.  The last FDA guidance related to all this (SNI) will be voted on for adoption at this week’s California Board of Pharmacy meeting.  It’s a “no-brainer” to get adopted.  I pointed out last week that the FDA is planning to publish a new draft guidance on “Track & Trace” by the end of 2013.  Could that set a standard that California would want to adopt?  Maybe…maybe not.

With all this uncertainty it’s a wonder any progress gets made toward meeting the California requirements outside of the serialization part.  Most of the uncertainty originates with the Board.  The comments by Mr. Room in December helped a lot but I don’t think they are sufficient.  They only whetted the appetite of those who are paying attention.  What the Board needs to do is clarify what may serve as a “certification”, and whether or not pedigrees can make use of Supply Chain Master Data (SCMD).  I wrote about these issues in “’The Shadows Of Things That MAY BE, Only’ : EPCIS and California Compliance”, and in that essay I included a potential idea for certifications that the Board would need to acknowledge before I would recommend implementing.

So here’s what it comes down to.  In December Mr. Room said, “The board is not going to bless a particular system if that’s what the industry is looking for…”.  That’s fine, but how about providing more clarity around these two remaining questions:  certifications and SCMD.  That would remove a lot of uncertainty.  Based on that, the industry would be able to decide for themselves which “particular system” they will invest in, whether an EPCIS-based NCeP or DPMS.  Either way, the skids would be greased.