Aggregation Under the FMD

Two weeks ago, an EU Member State Expert Group connected to the European Commission (EC) published a paper aimed at explaining what hospitals should do to meet their obligation to verify and decommission drugs after the Falsified Medicines Directive (FMD) Delegated Regulation (EUDR) goes into effect on February 9, 2019.  The new paper is all about aggregation and its use by hospitals for fulfilling their EUDR obligation to verify and decommission drugs before dispensing.

The paper points out that the “…simplest and most desirable solution for security reasons is to manually decommission each individual package.”  But the paper implies that hospitals may not be ready to do that at the point of actual administration or dispense on time (see “How Will They Delay The FMD?”).  In that case, aggregation data will be needed so they can verify and decommission everything at once in an incoming shipment.  Sounds vaguely familiar (see “EU FMD: Aggregation Is Not Mandated, But It Will Be Necessary” and “Aggregation: The Achilles’ Heel of Pharma Supply Chain Operation Under A Serialization Regulation”).

Download the paper from the EC website here.

“Another solution to facilitate decommissioning by hospitals is the use of aggregation that allows decommissioning multiple [unique identifiers (UIs)] from a specific shipment.  This shipment would be identified by an additional barcode.  Although the DR does not require aggregation, manufacturers, wholesalers or parallel traders may provide or use aggregated codes on a voluntary basis.”

The problem is, the collection and formatting of aggregation data for the EU is not standardized, and neither the European Medicines Verification System (EMVS), nor the National Medicines Verification Systems are designed to accept, recognize, disperse or make use of any kind of aggregation data.  Worse, “[s]takeholders estimate 3 to 5 years to develop full aggregation.

The EUDR itself mentioned the possibility of using “aggregated codes” for mass verification and decommissioning, so this need was foreseeable as far back as late 2015 (see “EU FMD: Aggregation Is Not Mandated, But It Will Be Necessary”).  Three to five years to develop standards and implementation of aggregation data exchange seems excessive to me, considering that the entire system of repositories was brought up throughout the EU in less than three years.  But OK, the experts have figured it out, so now they’re going to take their time and get it done right.

Regardless, it clearly will not be done before it will be necessary on February 9, 2019.  For that reason, the paper offers a temporary solution they call “data files”.  Shipments can be

“…identified by standardised files containing a list of UIs (containing product code, random number, expiry date, batch number)[…].  These data files should be matched to physical shipments by an additional barcode.  Once a shipment has been matched to a data file, hospitals can then use the list of grouped UIs to decommission all products in the shipment without the need to scan each individual UI.”

The paper lists GS1 EANCOM and GS1 XML as two potential types of “standardized files” that could hold the list of UIs, and the GS1 Serial Shipping Container Code as a potential “additional barcode” to serve as the aggregated code.  These data files should be encrypted and exchanged over a secure, confidential connection.  It also refers to the need for contracts that spell out this exchange between the buyer and seller.

To limit the potential for errors and fraud, the panel recommend that recipients confirm the number of packages received match the number of unique identifiers included in the aggregated data file.  They also recommend that recipients scan a statistically relevant random sample of unique identifiers in shipments and confirm that they match those in the aggregated data file.  And, of course, the anti-tamper device should always be inspected to confirm its integrity at the point of dispense.  Sellers should pack shipments so it is difficult to extract individual packages.

Manufacturers should be aware that, to construct the data files containing accurate lists of unique identifiers they will need to capture aggregation data at the point of case packing.  Otherwise, when shipments are assembled at their warehouse or 3PL, they will need to open every case and scan each barcode so they can build the lists placed into those data files.  So the main thing the temporary solution addresses is the formatting of data.  The future standardized solution will also provide a specific data exchange mechanism that will likely pass through the EU Hub and on to the destination NMVS.  Until then buyers and sellers must agree on how and where that data will be transmitted.

While it might take quite a few years to accomplish, standardization of the formatting and exchange of aggregation data in the EU will likely end up being more formalized than it is, or will be, in the United States.  Currently aggregation data supplied by drug manufacturers to the Big-3 US wholesale distributors must be supplied in the form of GS1 Electronic Product Code Information Services (EPCIS) Aggregation events, as dictated by those wholesalers (see “DSCSA Serialization: What Wholesalers Expect”).  Like the temporary solution in the EU, each buyer and seller must agree on a suitable way to exchange those files, with most choosing AS2 using the same connection used to exchange Electronic Data Interchange (EDI) files.

It is good news that the EC recognizes the need for aggregation and has a short-term and a long-term plan, for hospitals anyway.  I’m not sure why this paper wouldn’t be aimed at any large buyer of pharmaceuticals, like chain and mail-order pharmacies and exporters, and I don’t see any EUDR-based reason it couldn’t be followed by those organizations as well (remember, I’m not a lawyer so make your own regulatory determinations).