Plateaus of Pharma Supply Chain Security

One of the most recent improvements that California made to their drug pedigree law was to spread out the compliance dates by supply chain segment.   Previously, all segments had to comply with the regulation by January 2011.   Now drug manufacturers will need to comply with half of the products (or sales) by January 2015 and the remainder one year later, distributors must comply by mid-2016 and the pharmacies by mid-2017.   As I understand it, this spread was intended to help the industry fully prepare for the new requirements in their businesses.   Companies would now have time to adjust to the changes implemented by their upstream trading partners according to their earlier deadlines.

This staggered start pleased a lot of people—particularly distributors and pharmacies.   However, to me, the staggered start of the current California regulation doesn’t address the issue of complexity very well and a different kind of ramp up to full operation would be more practical and have better odds for success.

I discussed complexity in my last essay, “U.S. Pharma Supply Chain Complexity”.   I tried to show what it is about the supply chain that leads to difficulty in the setup and execution of a drug pedigree system.   On its own, the U.S. pharma supply chain is naturally complex.   A truly workable and protective pedigree system needs to deal with that natural complexity without exploding in its own complexity and cost.   As I pointed out in that essay, the problem with the more popular pedigree models (like DPMS and the various distributed pedigree models) is the large number of the point-to-point data connections that are necessary to reflect the natural complexity of the supply chain.   That adds a lot of complexity.


No matter which model the industry implements, starting it up will have its own complexities.   In my view, regulators and industry should Continue reading Plateaus of Pharma Supply Chain Security

U.S. Pharma Supply Chain Complexity

© Copyright 2011 Duncan Champney. used with Permission. This image was created with FractalWorks, a high performance fractal renderer for Macintosh computers. FractalWorks is available on the Mac App Store.
© Copyright 2011 Duncan Champney. used with Permission. This image was created with FractalWorks, a high performance fractal renderer for Macintosh computers. FractalWorks is available on the Mac App Store (Click on image).

The debate over pedigree regulatory models in the U.S. pharmaceutical supply chain often centers around how much data for each package of drugs needs to be moved between trading partners as those drugs move down the supply chain from the manufacturer to distributor(s) and ultimately to the pharmacy.  The ideal model would minimize the amount of data moved yet always allow each member of the supply chain to check the prior history—the pedigree—of the drugs they are about to buy.

At a superficial level this appears to be all you need to do, but when you take a closer at the details of how the supply chain actually works in the U.S. you will see that there are other characteristics besides data volume per package that need to be considered.


In the debates and discussions over pedigree regulatory models we are used to seeing a view of the supply chain that shows one manufacturer, one distributor and one pharmacy.  That view masks so much important complexity that if we were to select a regulatory model or solution based on that view it would be far from ideal.

Here is a view of the supply chain where the vertical scale shows something closer to the true proportions between those three segments. Continue reading U.S. Pharma Supply Chain Complexity

The Viability of Global Track & Trace Models

At the end of my last essay I said I had recently concluded that the jump to a fully automated pharma supply chain upstream visibility system is too big and complex to be achievable by every company in the U.S. supply chain by the California dates.  I want to explain that statement in a future essay (soon), but before I do I want to explore some of the track and trace models that are being considered by both GS1 and the FDA.  I particularly want to look at the viability of each model because I think we will find that some just aren’t (viable), and that will help narrow the search.

I’ll look at the three basic models that the FDA mentioned in their recent workshop:  Centralized, Semi-Centralized and Distributed (or Decentralized as the FDA called it).  There are others, but it seems that they can all be either based on, or reduced to, one of these three basic models.

In this essay I am looking at track & trace models from a global viewpoint, which is something that GS1 is doing but the FDA may not.  Attacks on the pharma supply chain are a global problem and global problems demand global solutions or gaps will be left for criminals to exploit.

GS1’s goal is to develop standards that apply globally as much as possible and the FDA will likely find that Continue reading The Viability of Global Track & Trace Models

Reliance on Trust in the U.S. Pharma Supply Chain

Trust plays a big role in today’s U.S. pharmaceutical supply chain.  Patients trust that their doctors know what they are doing when they prescribe a medicine and they trust their pharmacist to fill their prescriptions with real medicines that were:

  • manufactured to tight quality specifications,
  • are well within the expiration date,
  • have not been tampered with,
  • have always been kept within recommended environmental tolerances,
  • and have been in the control of companies who have a strong interest in supply chain integrity and in the safety of the drugs within the supply chain.

When we receive our little amber bottles of repackaged drugs from our pharmacist, we aren’t given any way to check on any of those things ourselves.  We trust that the pharmacy has done something to ensure all that.  And fortunately in the U.S., we are almost always justified in that trust.  We enjoy the safest supply chain in the world.


But, now if the pharmacy doesn’t get the drugs directly from the manufacturer, they trust that their wholesaler will supply them with drugs that have those characteristics too.  And if the pharmacy’s wholesaler doesn’t get the drugs directly from the manufacturer, they trust that their wholesaler’s wholesaler provides them with drugs like that too.  And if the pharmacy’s wholesaler’s wholesaler doesn’t get the drugs directly from the manufacturer, they trust that Continue reading Reliance on Trust in the U.S. Pharma Supply Chain

Lessons from “Drug Theft Goes Big”

If you are a regular reader of RxTrace but you still haven’t read Fortune Magazine’s recent article, “Drug Theft Goes Big” by Katherine Eban, then I suggest that you stop reading this essay right now and spend the next 15 minutes absorbing her article carefully.  And then return here for my analysis.  It’s that good and that important.

Many of you will remember Katherine Eban as the author of the excellent book “Dangerous Doses, A True Story of Cops, Counterfeiters and the Contamination of America’s Drug Supply”.  See my comments on the book here where I point out that a lot has changed since the events that are documented so well in the book.

The new Fortune article is a great update on what drug supply chain criminals have been up to since “Dangerous Doses” was published back in 2005.  The greatest thing about the article is Continue reading Lessons from “Drug Theft Goes Big”

Attributes Of A Global Track & Trace Application

In this essay, I’m not going to discuss the attributes of a track & trace system from a regulator’s point of view.  I’m not going to discuss input into the FDA’s Track & Trace workshop that occurs this week and I’m not going to speculate on the outcome of that meeting.  Instead, I’m going to talk about the attributes of a track & trace application from the viewpoint of any global pharma manufacturer who is facing the regulatory mandates for serialization and traceability in a growing list of countries around the world, and from the viewpoint of any solution provider who is thinking about what they need to include in their solution offering so that those global pharma companies find it attractive enough to buy.

To those kinds of companies, the potential for new non-binding guidance from the U.S. is important, but perhaps less so than an increasing number of binding regulations from around the world.  Whatever the FDA—and especially the U.S. Congress—may do in the future will be important when selecting a track & trace solution, but the U.S. is only one of the countries in the world and pharma companies that do business in those other countries do not have time to wait for the U.S. to figure out their approach before making investments.

The goal is to make investments today that will be Continue reading Attributes Of A Global Track & Trace Application

GS1 Identifiers and EPC’s in EDI Messages: Important New HDMA Guidance

Earlier this month the Healthcare Distribution Management Association (HDMA) published newly updated guidance documents for the use of Accredited Standards Committee (ASC) X12 Electronic Document Interchange (EDI) messages in the U.S. healthcare supply chain.  This is a very important update that supply chain participants should take notice of because it includes new information about how to properly communicate GS1 identifiers, including GLN’s, GTIN’s, and Electronic Product Codes (EPC’s) like SGTIN’s and SSCC’s, within the four document types that are in common use for Order-to-Cash transactions.

The EDI document types included in the updated guidance includes: Continue reading GS1 Identifiers and EPC’s in EDI Messages: Important New HDMA Guidance

Electronic Message Security and More on Certifications

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.

Digital electronic messages can be transmitted from one party to another using a wide range of communications technologies.  Today, businesses that make use of the internet to transmit their business messages to and from their trading partners make use of standards-based Electronic Data Interchange (EDI) message formatting.

EDI messages are typically transmitted point-to-point, from one business to one other business.  There are a large number of EDI message types defined but in the pharmaceutical supply chain the most common messages are purchase orders, purchase order acknowledgments, invoices and advance shipment notices (ASN’s).  (While I have the chance, I’d like to point out that ASN’s are not pedigrees for multiple reasons that I will not cover in this essay.)

In the U.S. pharma supply chain AS2 is the most common communications protocol in use for EDI message exchange.  AS2 provides generalized message security to ensure that the messages cannot be understood or tampered with by unauthorized parties during movement from sender to recipient.  According to Wikipedia, these are achieved through the use of digital certificates and encryption.  Messages can optionally be digitally signed by the sender to provide non-repudiation within the AS2 payload context.

Electronic pedigrees as defined by the states of Florida and California are messages that contain fairly complex legal documentation which describe the chain of custody or ownership of a given package of drugs, but they also contain several types of legally required certifications. Continue reading Electronic Message Security and More on Certifications

DISCLAIMER: RxTrace contains some of the personal thoughts, ideas and opinions of Dirk Rodgers. The material contained in RxTrace is not legal advice. Dirk Rodgers is not a lawyer.
The reader must make their own decisions about the accuracy of the opinions expressed in RxTrace. Readers are encouraged to consult their own legal counsel
and trading partners before taking any actions based on information found in RxTrace. RxTrace is not a vehicle for communicating
the positions of any company, organization or individual other than Dirk Rodgers.

RxTrace, a comprehensive exploration of the intersection between healthcare supply chains, track and trace technology, standards and global regulatory compliance.
Contact Us | Privacy Statement
Copyright © 2009-2019 Dirk Rodgers Consulting, LLC. All Rights Reserved.
RxTrace is a registered trademark of Dirk Rodgers Consulting, LLC
L, A, S, C