The New GS1 Healthcare US Track & Trace Guidance


GS1 Healthcare US
GS1 Healthcare US

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.GS1 Healthcare US, an arm of GS1 US the member organization (MO) of the global GS1 standards organization, has just published the “preliminary version” of a track & trace implementation guide.  The full title is “Implementation Guideline, Applying GS1 Standards to U.S. Pharmaceutical Supply Chain Business Processes To Support Pedigree And Track & Trace, Release 1.0”.

This document contains the accumulation of thought and best practices generated over the last nine years within various working groups of GS1 Healthcare US and from pilots conducted by its members (including the Abbott Labs, McKesson, VA and GHX pilot that I wrote about in “The Significance of the Abbott, McKesson and VA Pilot”).  Pulling it all together into a single coherent document turned out to be a bigger chore than I think anyone realized, but now that it is out, others can start benefiting from it.

The authors make no claims of completeness.  Section 2.2, Content Condition says:

“This document is a working draft that reflects the current level of thought within industry. As such, it will undergo changes as the Traceability Adoption Workgroup deems necessary to reflect feedback from industry pilots, architecture work being conducted by GS1, and other industry efforts which advance the level of thought. The content may be of assistance as a resource for understanding current thinking or as an aid for pilot preparation. The reader should be aware that changes will be made frequently and should not expect any particular section of content to remain unchanged in the first release.”

In fact, this preliminary version of the document covers only forward logistics, and only the One-Up, One-Down approach to traceability, but the work group is already busy working on developing the content for reverse logistics and will update the document when that is complete.  It does not include the work of the GS1 Network Centric ePedigree work group, which was operated by the global organization’s Global Standards Management Process (GSMP).


The Guide is perfect for companies who want to work together on pharmaceutical track & trace pilots.  Because the GS1 EPCIS and GS1 Core Business Vocabulary (CBV) standards are “generic”–that is, they contain only the minimum data elements that would be needed by all types of businesses–it is necessary for pilot partners to agree on exactly how to incorporate all of the pharmaceutical supply chain-specific data and rules.  This Guide provides you with all of the choices that have been made along those lines by previous pilot partners.  By following these guidelines, your pilot can take advantage of the learning from many of those that have already completed and you can build on that base of knowledge.

The document Scope section describes it this way:

“This guideline presents the current wisdom in industry for how GS1 Standards can best be applied to U.S. pharmaceutical supply chain business processes to support pedigree and track and trace. It does not provide any guidance or advice regarding regulatory compliance.”

That last sentence is important.  This Guide sometimes makes it sound like it could be usable by companies who are trying to meet the California ePedigree law, but there are several reasons why you would be led astray if you attempted to use it that way.  GS1 Healthcare US disclaims use of the document for compliance with applicable state or federal laws.  You have to interpret the laws yourself and decide what constitutes “compliance”.  That’s not too surprising–I make the same kind of disclaimer about the information in RxTrace, by the way.


The California pedigree law specifies exactly what a compliant pedigree must contain.  I quote the pertinent sections of the law in my essay “Why GS1 EPCIS Alone Won’t Work For California Pedigree, Part 1” (while you’re at it, see also “…Part 2”).  The Guide does address many of the data elements that the law requires—including the elimination of the use of Supply Chain Master Data (SCMD), which can be done optionally—but it still fails to address the certification requirement, and, it only documents a one-up, one-down approach which doesn’t appear to be compatible with California’s requirements.

I have recently written about Josh Room’s (Deputy Attorney General, California Department of Justice, California Board of Pharmacy) desire to interpret the law more loosely so that e-pedigree event repository-based models could be used (see my essay, “California Board of Pharmacy Clarifies Use Of GS1 EPCIS“).  Still, he explicitly said,

“There are various things that have to be included in [the pedigree], including that you have to […] certify the data that you are providing as being true and accurate.”

What we need is an approach that includes these certifications in a way that still retains the benefits of the event constructs that GS1 Healthcare US spells out in this Guide.  In my view, that still missing ingredient will most likely come from the work being done by the GS1 Pedigree Security, Choreography and Checking Service (PSCCS) work group that is operating under the GS1 Global GSMP (see my essay, “‘The Shadows Of Things That MAY BE, Only’ : EPCIS and California Compliance“).

So if GS1 Healthcare US can build out their Guide to include the event descriptions of all forward and reverse logistics business processes, and if the PSCCS can develop the security, choreography and checking service that includes a certification capability, and if that certification capability is acceptable to the California Board of Pharmacy, then on that day we might be able to use EPCIS alone for California compliance!

Eventually this new Guide will get us one step closer to that future reality.