Category Archives: serialization

Anti-counterfeiting, serialization

Pharma Anti-Counterfeiting and Serialization

1 Comment

Counterfeiting of drugs has become a favorite activity of organized criminals and it negatively impacts the citizens of every country in the world.  The pharma industry is multi-national, the criminals are multi-national, the patients that are harmed are multi-national.  What we need now more than ever before is a multi-national approach to fighting these crimes.

That’s why I was deeply disappointed last week to read that the World Health Organization (WHO) has barred a group of people with certain global crime fighting ideas from participating in their “member state” meeting on substandard/spurious/falsely-labelled/falsified/counterfeit medical products being held today through Wednesday in Buenos Aires, Argentina.  See the Reuters article “Row flares over global fight against fake medicine” and see Roger Bate’s introduction to the group’s position “How to achieve international action on falsified and substandard medicines” and don’t miss the full PDF containing the group’s well-stated position.

The dispute is Continue reading Pharma Anti-Counterfeiting and Serialization

serialization

InBrief: Estimated Rise in Serialized Drugs in The U.S. Supply Chain, 2012

1 Comment
Click image to enlarge

In August 2010 I started an annual estimate of the rise in the percentage of drugs in the U.S. supply chain that will have serial numbers attached.  Click here to read my first essay on the topic which explains the concept.  Click here to read my 2011 essay.  These are not estimates of the actual percentage today.  Rather, it is a prediction of the rise from an immeasurably small percentage in early 2010 to 100% at some time in the future.  My plan is to Continue reading InBrief: Estimated Rise in Serialized Drugs in The U.S. Supply Chain, 2012

serialization

Estimated Rise in Serialized Drugs in The U.S. Supply Chain, 2011

1 Comment

Last year at this time I started an annual estimate of the rise in the percentage of drugs in the U.S. supply chain that will have serial numbers attached.  Click here to read last year’s essay that explains the concept.  It’s not an estimate of the actual percentage today.  Rather, it’s a prediction of the rise from an immeasurably small percentage in early 2010 to 100% at some time in the future.  My plan is to revisit my prediction each year at this time to see how it is faring.  (click the drawing to enlarge it.)

Last year I said I would need to update my prediction if anything in the legal landscape changes.  Nothing has really changed in the last year that would lead me to change my prediction so here is my graph with no changes to the data over last year.  I have simply updated the year and placed an arrow on the X-axis to show the current point in time.

As I pointed out last year, it will be kind of hard to tell how well my prediction is doing if some authority with the means to measure the actual percentage doesn’t step up and make it public.  In the last 12 months no entity has stepped up to Continue reading Estimated Rise in Serialized Drugs in The U.S. Supply Chain, 2011

serialization

Pharma Serialization ROI

1 Comment

Over the last few years I’ve taken part in many conversations that touched on the question of how to achieve a Return On Investment (ROI) with serialization in the pharmaceutical supply chain.  It seems intuitive that there should be an ROI because serial numbers provide increased data granularity and accuracy, but those characteristics in themselves do not guarantee a positive return.

For that, you must figure out a way to take advantage of those things in a way that increases productivity through decreased errors and reduced physical handling.  Serialization might do that if you can increase the amount of automation in supply chain operations within your own facilities.  Without automatic serial number reading and material handling, dealing with serial numbers will likely have the opposite effect on productivity.

Another way to take advantage of mass serialization of pharmaceuticals in the supply chain is to use it to help automate certain existing business processes between trading partners.  Whenever it is valuable to Continue reading Pharma Serialization ROI

serialization

Estimated Rise In Serialized Drugs In The U.S. Supply Chain

4 Comments

Back in 2005 I created a line graph of my personal prediction of the percentage of pharmaceuticals in the U.S. supply chain that would be unit-level serialized by the manufacturer and I circulated it among my co-workers at the time.  I based it purely on guesses that were “supported”–very flimsily–by the number of large pharmaceutical manufacturers who were participating in the GS1 EPCglobal Healthcare and Life Sciences (HLS) Business Action Group (BAG) (the group is now defunct), and the existence of an early version of the California Pedigree Law.  The graph included a high and low line that formed a band that I thought would be where the reality would fall.  In that prediction I didn’t think most manufacturers would achieve 100% serialization of their products until sometime between 2010 (high) and 2015 (low).

In my analysis at that time, I theorized that the actual percentage would start out following my “low” estimate line, but at some unpredictable point, something would happen that would cause the percentage to jump up to the “high” estimate line.  At the time, I assumed the event that would cause that jump would be the U.S. Federal government issuing some kind of pedigree regulation that included a unit-level serialization requirement.

As it turned out, things moved slower than I had guessed.  Here it is 2010 and the percentage of drugs in the supply chain with unit-level serial numbers on them is so small that it’s tough to give it a percentage.  But I think my estimate from way back in 2005 was not bad for its time (but notice I’m not publishing the actual graph).  After all, the California Pedigree deadline has been pushed out at least three times since then (from 2007 to 2009, to 2011, to 2015/1016).

I think the future is a little less murky now because, since 2005, Continue reading Estimated Rise In Serialized Drugs In The U.S. Supply Chain

Board of Pharmacy, California Pedigree, Digital Signatures, Florida Pedigree, non-repudiation, paper pedigrees, pedigree, pedigree laws, pharmaceutical supply chain, security, serialization

The California Pedigree Law

3 Comments

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.The original California Pedigree Law was passed back in 2004 and it was subsequently modified by the State Legislature in 2006 and again in 2008. In all three instances, I understand that members of the legislature and the Governor’s office worked closely with the State Board of Pharmacy to develop the final content and language.

I heard that one of the goals was to create a better law than the one in Florida. Did they succeed? In order to find out, let’s take a closer look at how they compare.

The law that is currently on the books in California differs from the Florida Pedigree Law in the following ways:

  1. It is fully electronic (it is NOT paper-based)
    The law and all of the discussion of the law by the Board of Pharmacy make it clear that the only acceptable form of a pedigree is electronic. This make it much more reasonable to implement because supply chain members can make use solely of computers to exchange, store and validate pedigrees, without fear that their trading partners can only handle paper pedigrees.
  2. Pharmacy returns must be reflected on pedigrees
    This was an original requirement of the Florida Pedigree Law too, but it was removed under pressure from lobbyists before the law went into effect. So far, it remains intact in California, but the law is not yet in effect. What it means is that when a pharmacy buys drugs from someone and they return those drugs, regardless of how little time has transpired, they must provide a pedigree update so that subsequent buyers of those drugs can see their purchase, and return transactions. This is no different from the requirements faced by all other segments.
  3. It starts with the manufacturer
    In Florida the first wholesaler started the pedigree. In California, the pedigree must be started by the manufacturer or it is not valid. If you are looking to expose the full history of package of drugs, how could you not start with the manufacturer? I even think the manufacturers generally agree with that notion.Interestingly, the Law doesn’t actually require anything of the manufacturers directly. It is directed at wholesalers who are licensed to operate within the state. Distribution of a drug without a pedigree that was started by the manufacturer is illegal and subject to penalties, but it is the wholesaler who violates the law and is punished, not the manufacturer. Thus, if a given manufacturer fails to provide California wholesalers with serialized product and compliant pedigrees by the time the law goes into effect, it will be up to the wholesaler to decide not to distribute those drugs within California in order to avoid violation of the law and avoid the associated penalties. The only risk a manufacturer takes on is that their drugs may no longer reach patients in California (and the subsequent PR firestorm that would follow).
  4. It requires item-level serialization
    California is very clear that they consider the concepts of “electronic track and trace” and “item-level serialization” as being inseparable. That is, if you have one but not the other, then you don’t have a pedigree system. Every drug package must have a unique identifier on it, applied by the manufacturer or repackager, and that UID must be included in the pedigree (the electronic record). This is a substantial difference from the Florida law which has no such requirement.
  5. No holes designed to accommodate special interests
    I’m not aware of any special treatment in the Law for any particular segment of the supply chain. Florida opened several holes that seriously compromise the intent of their law. So far, California has resisted opening holes, unless you consider pushing back the effective date to 2015-2017 a “hole”. 😉

Attentive readers will notice that I have listed these differences in the same order as my list of failures of the Florida Pedigree Law in my earlier post about the Florida Law. This is my way of showing that California has, so far, created a pedigree regulation that does not have any of the major failures of the Florida regulation.

These are the major differences, but what about the common characteristics? Here are the key things that the California Law has in common with the Florida Law:

  • Reliance on Digital Signatures
    Florida allows a pedigree to be created, stored and passed in electronic form, though they don’t require it. But if a Florida pedigree is in electronic form, digital signatures are required for the same purpose as a hand-executed signature on a paper document. The digital signature legally binds the signing person or entity to the content of the electronic document. Florida identified some specific standards that ensure that the digital signatures possess the all-important quality of non-repudiation. The California Pedigree Law does not, itself, specify any standards for digital signatures, but the Board of Pharmacy’s Q&A (see their Q72) calls out the fact that the California Code of Regulations identifies the specific characteristics that must result from a compliant digital signature architecture for electronic documents. The digital signature standards that are compliant in Florida would also be compliant in California.The fact that California included the use of digital signatures is significant because it ensures that each pedigree can stand on its own as a self-contained, self-secure package. This maximizes the value of the entire pedigree architecture because the security mechanism that prevents tampering goes with the package itself. No one has to rely on the access security of a given server or group of servers to prevent tampering. And, if tampering does occur, it can be easily detected, unlike tampering of pedigree approaches that rely solely on server access security. In that case, if server security is breached, you can’t tell which pedigrees were modified and which were not, rendering them all suspicious.
  • It distributes responsibility for monitoring supply chain security to all supply chain participants
    This is the one genius concept of the Florida Law and California retained it, thus qualifying those involved for genius status as well. It’s a regulatory approach that is relatively new but is likely to become much more common in the face of perpetual budget “crises” in state and federal government agencies. Instead of requiring trading partners to simply keep records of their own buying and selling history for each drug so that they can be audited by an inspector at some later date, these laws require them to check the validity of the full pedigree at the time of each purchase transaction, in near real-time.Notice the difference. In the first instance, it is up to the State Board of Pharmacy inspector to detect suspicious activity in the supply chain. But how often will a state inspector visit, and how many records will they be able to review? It’s inconceivable that this approach would result in the detection of illegitimate activity.But when every purchase of a drug as it passes down the supply chain requires the buyer to run a validity check on the full transaction history of that specific bottle, it greatly increases the odds that most suspicious transactions will be detected. And for most suspicious events in the history there will normally be multiple opportunities for detection. Here, digital signatures are the enabling technology. They allow all of this supply chain monitoring activity to occur reliably and automatically inside computers that are distributed throughout the supply chain, without human intervention and without slowing the movement of drugs.

So did California succeed in creating a better law than Florida? I propose that there is almost no comparison so the question may be moot. The California Pedigree Law is so much more far-reaching than the one in Florida. While Florida focused on disrupting some very troublesome practices being performed by a few nefarious licensed and unlicensed wholesalers, California’s law is designed to cause a major reorientation of the pharmaceutical supply chain approach to security, monitoring and policing (see also The Deputized Supply Chain). This has major implications that go well beyond those of the Florida law.

Faced with that, it is not surprising that it was necessary to push out the effective dates to 2015-2017. Transformation this big takes time to implement.

FIPS, Florida Pedigree Law, lobbyists, paper pedigrees, serialization

The Florida Pedigree Law

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.What is the fundamental goal of today’s drug pedigree laws? Certainly it has something to do with making it harder for criminals to introduce illegitimate drugs (counterfeit, stolen, diverted, up-labeled, improperly stored, adulterated) into our legitimate drug supply chain. But exactly how they are to accomplish that is sometimes hard to see. Like most of our laws, pedigree laws seem to suffer from design-by-committee and then they are contorted beyond comprehension by lobbyists. If a lobbyist can’t prevent new regulations from being enacted in the first place, the next best thing seems to be to ensure that the law that is passed is so twisted that it doesn’t entirely make sense.

The Florida pedigree law is a case in point. Well intentioned, but apparently designed by people who were not entirely familiar with the massive number of drug packages that pass through distribution centers and on to pharmacies in our modern pharmaceutical supply chain. This law centered around a paper document for every transaction. The proposed law went through many modifications on its way to being enacted, and even then, the legislature continued to modify it as multiple lobbies convinced state senators and representatives of their particular dislike for various requirements. The law that eventually went into effect on July 1, 2006 had a number of strange provisions.

  1. It’s paper-based
    The final law had been modified to allow an electronic representation of a pedigree, but it remained essentially a paper pedigree. Though you could store it and transmit it electronically—they required very secure FIPS standards (Federal Information Processing Standards) for the electronic version—when an inspector wanted to inspect it, the very secure electronic document had to be printed out and presented on paper. A secure electronic pedigree that is printed out onto paper loses all of its security and can be faked very easily.
  2. Pharmacies could return within 7 days without updating the pedigree
    Shortly before the law went into effect, the legislature and governor passed a modification that allows pharmacies to purchase drugs from a wholesaler and then return them to the wholesaler without providing an updated pedigree, as long as both transactions are completed within 7 days. This allows drugs to be re-introduced into the supply chain with pedigrees that legally do not reflect all of the transactions that have occurred, thus hiding potentially important transactions.
  3. Primary wholesaler invoice statement
    Also shortly before the law went into effect a provision was inserted that allowed primary wholesalers to create a “pedigree” by simply printing on their customer’s invoices a statement that asserts that the drugs on the transaction were purchased directly from the manufacturer. Any wholesaler who cannot purchase directly from the manufacturer must purchase their drugs from one of the primary wholesalers. Those drugs must come with a fully documented pedigree that the primary wholesaler created (not the kind with the simple invoice statement). A fully documented pedigree is much harder and much more expensive to generate and maintain.
  4. No manufacturer requirements
    In Florida, the manufacturer of each drug is not involved in the creation and maintenance of drug pedigrees. The first wholesaler to purchase the drugs from the manufacturer must start the pedigree to reflect that purchase. They must then update the pedigree to reflect the sale of the drug to their customer. All of this is necessary whenever the drugs are sold to another wholesaler. If they are sold directly to a pharmacy, the simple invoice statement “pedigree” is sufficient, as described above.
  5. No serialization
    The Florida law requires careful tracing of every package of drugs from first purchase from a manufacturer until distributed to a pharmacy, but without the benefit of a serial number attached to each unit. This is hard to do without costing a lot of time and money because each shipment of a given drug has a different history. It must be traced separately from all other shipments of that same drug. Without serialization, the processes necessary to do it must be performed carefully and exactly. Any mis-step can cause a break in the trace which results in drugs that cannot be sold in the state.
  6. Allows information to be redacted
    Finally, a bizarre late addition allows certain information to be redacted (removed) from a pedigree document if the information is considered sensitive. But when pedigrees are held electronically using the required FIPS standards, any modification will cause the pedigree to be broken. That is, it will appear as though someone has tampered with it—the very condition that would lead a buyer to fear that the drugs may be counterfeit or otherwise illegitimate. The provision that allows redaction is in total conflict with the provision that requires use of FIPS standards.

So with the addition of these strange provisions, what is the Florida pedigree law really accomplishing? I don’t think it is having the effect that was hoped by the original creators. As far as I can tell by reading the original version, it appears that the goal was to force each buyer of drugs to actively verify that the supply chain history shown on each drug pedigree was accurate.

In this way, the responsibility for detection of criminal activity was distributed to all participants in the supply chain, rather than remaining solely with the few inspectors from the Florida Department of Health. This is the one piece of genius in the otherwise flawed law.

Considering the original proposed law and the six strange provisions listed above, a summary of the primary failures of the Florida Pedigree Law would have to include the following:

  • It’s paper-based
  • It doesn’t involve the manufacturer
  • It doesn’t rely on package serial numbers
  • It is full of holes designed to accommodate special interests

I’m afraid this pedigree law is so flawed that it has simply resulted in higher costs with little or no additional protection from criminals; nearly the worst possible outcome. Why have pharma supply chain crimes apparently decreased in Florida since the law was enacted? In my opinion, it’s entirely because the same law greatly increased wholesaler licensing requirements and the penalties for crimes.

With the development of the Florida law as backdrop, California stepped up with the intention of creating a better pedigree law. Were they successful where Florida failed? I’ll discuss their attempt soon.