Chuck Schramek passed away on January 9 after losing his battle with cancer. See his obituary here. As I understand it, he spent most of his career working in IT at McNeil Consumer Healthcare, a Johnson & Johnson company, eventually serving in the role of Executive Director of Information Architecture for J&J. He spent the last few years of his career as an executive-on-loan to GS1 EPCglobal from J&J. In that capacity he filled the role of facilitator of work groups related to pharmaceutical supply chain integrity/security. That’s where I met him.
Chuck was a very humble, friendly person who had Continue reading Charles “Chuck” Schramek (1945 – 2010)
I’ve moved the RxTrace blog from BlogSpot (a Google site) to a hosted website using WordPress as the site database. The URL doesn’t change so the move should be transparent to you as a subscriber. I’ve had a couple of hickups along the way but I couldn’t have done it myself. I was fortunate to find someone who is a great artist and who knows his way around the technology. Matt Geiger took a list of my ideas and desires and then went away. The next thing I know he has implemented everything I asked for, and more, and is ready to move the site. I highly recommend his services to anyone needing web site design services, not just blog moves.
Now that the content is moved and the new look is in place, I have a lot to learn about WordPress. I expect to continue tweaking things in the next few weeks as I have time. I have so many ideas I want to write about but so little time.
Who owns supply chain visibility data? Does the manufacturer of a product retain any rights to track that product after it enters the supply chain? What if the product is a pharmaceutical and it is found to have a life-threatening defect? Should technology or standards availability play any role in answering these questions?
These kinds of questions come up occasionally in discussions of track and trace systems design when people talk about the future of “full supply chain visibility” and how easy recalls will be executed because of it. The implication is that the manufacturer of a drug will be able to perform a targeted recall because they will be able to see exactly where their product is in the supply chain.
But one could easily make the argument that it is no longer “their product” once it enters the supply chain. True, they invented, manufactured and labeled it, and in a recall situation we all have a strong desire for them to get it back quickly and efficiently, but that doesn’t change the simple fact that they don’t own it anymore. And if they don’t own the product anymore then they don’t automatically own the knowledge of where it is either.
I’m not a lawyer but it seems to me that once a product is sold the seller gives up all rights to that product. The buyer can do whatever they want to with it, within the law of course. Recalls that are necessary for reasons that might be life-threatening are special and supply chain members should do everything they can to find and return any item that is involved in a recall. But is it necessary for the manufacturer to have instant access to the location of all of the affected product?
Serialization and track and trace will allow all supply chain participants to know a lot more than they do today about the location of recalled items just using the data that they clearly own. Compared with today, an individual company will know very quickly if they have ever received, shipped or currently have in stock the recalled units. If they currently have them in stock they will be able to place an immediate hold on those items to prevent them from being shipped to a customer until they have been collected and returned. If they have previously shipped the items to a customer they will know exactly which customers were involved and which unit went where. But that’s it. The knowledge of what their customers might have done with those products once they receive them is not owned by the seller. Continue reading Who owns supply chain visibility data?
Most of us who work on developing and deploying technologies designed to protect the supply chain usually focus on anti-counterfeiting. But that’s only one of the elements in the list of illegitimate activities that can cause damage to the health of patients and the profitability of legitimate businesses who participate in the U.S. pharma supply chain. I include the following activities in that list:
These activities have all been detected from time to time in the U.S. supply chain for quite a few years, but the frequency of some of them has been on the increase over that same period of time. The question is, how much of each activity should we, as a society, tolerate before we step up counter-measures that are targeted directly on one or more of them?
THE RISE OF PHARMACEUTICAL CARGO THEFT
Over the last 18 months the U.S. has experienced an unprecedented rise in the value of drugs stolen in thefts of entire truckloads as they are being transported from point to point (also see this). I’ve heard lots of theories about who is behind it (organized criminals/gangs, of course) and where the product ends up (outside the U.S., most people think). Continue reading How to Stop Pharmaceutical Cargo Theft
I am fortunate to have so many friends and colleagues who work in end-user and solution provider companies and who are impacted by the issues I cover in my blog. After each post I often exchange emails and phone calls with some of them and we discuss/debate what I’ve written about. These are great conversations because they sometimes confirm my opinions and sometimes challenge them, but I almost always come away with a more refined understanding of the technology or regulation we discussed. That is, I learn something.
This is exactly what has been happening with my recent series on Supply Chain Master Data (SCMD). As I’ve defined it, SCMD is just like regular old Master Data (MD) except that the identifier and the full data set behind each instance of SCMD has a single owner, and all parties in the supply chain who may encounter the identifier must have a way of obtaining the full set of data from the owner so they know what the identifier means. But this assumes that only the identifier will be used in supply chain data communications in place of the full data set that the ID refers to.
GLN’s On Electronic Invoices
Let’s take GS1’s GLN (Global Location Number), for example. You can use GLN’s in two ways: as true SCMD, or in a non-SCMD way.
An example of using GLN’s as SCMD in an invoice application would result in an electronic invoice that did not have any explicit addresses in it–no customer billing address, no customer shipping address and no “remit payment to” address. Instead, it would simply include the customer’s billing GLN, the customer’s shipping GLN and the “remit payment to” GLN. Each party in this example would have already obtained the full addresses from their respective owners in some way, either through a registry (like GS1 U.S.’s GLN Registry for Healthcare), or directly from the owner, so there is no need to include that data on each invoice between these parties.
The non-SCMD use of GLN’s occurs when a company uses a GLN identifier as a way of obtaining their trading partner’s full address, and then they would put the full address on each of their invoices for that partner. This approach makes use of GLN’s to “synchronize” the address master data that each trading partner keeps locally. Continue reading Use of GLN and GTIN for Pedigree Regulatory Compliance
I recently read in Pharmaceutical Commerce online magazine about the apparent resolution of the RxUSA lawsuit that had delayed implementaton of a couple of the pedigree provisions of the Federal PDMA (Prescription Drug Marketing Act). While Pharmaceutical Commerce did its usual great job of providing historical context, I thought it might be an appropriate topic for the RxTrace blog. But before I had time to document the history of the PDMA in my own words, Brian Daleiden beat me to it in the Supply Network Blog. So rather than writing my own version, I gladly refer you to his post. Between the Pharmaceutical Commerce article and Brian’s post, I have nothing more to say right now.
The Supply Network Blog is a fairly new publication of TraceLink, the successor to SupplyScape, my former employer. I look forward to hearing more from their blog in the future so I recently subscribed. Check it out and see what you think.
Conversations about the merits of various pedigree and authentication models usually start from dissatisfaction with some characteristic of the current GS1 DPMS pedigree model. I maintain that the design of DPMS—including its perceived flaws—is merely a reflection of the current state and federal pedigree laws and regulations. Characteristics that people don’t like—like digital signatures, a growing document as drugs move down the supply chain, and the fact that Supply Chain Master Data is not used by DPMS—are actually all characteristics of the laws and/or regulations, so any alternate pedigree model that would truly be usable for compliance would need those characteristics too.
But that’s not exactly what I want to discuss in this essay. Instead, I wanted to explain my theory of what U.S. pedigree laws are trying to accomplish in the first place. Forget about how they do it for now. What were the goals of those who wrote these laws and regulations? I’ll agree that this is impossible to know for sure but I think I can construct a pretty convincing theory. I don’t know any of the legislators or congresspeople who wrote these laws, but I have studied their work for over four years now. I have made the following observations.
- The highest priority goal of the Florida and California laws appears to be to detect the introduction of illegitimate drugs (counterfeit, stolen, up-labeled, diverted, etc.) into the legitimate supply chain as early as possible, preferably at the very first transaction. These laws accomplish this by requiring companies buying drugs within the supply chain to receive the full supply chain history of those drugs at the time of the purchase (contained in a “pedigree”), and, most importantly, by requiring them to verify the legitimacy of those prior transactions. In Florida that verification can be performed by direct contact, such as a phone call, email, fax, etc., or, optionally, through the use if digital signatures. In California, this verification can only be performed through the use of digital signatures. The federal PDMA, on the other hand, does not appear to obligate the buyer to do any verification of the information provided on pedigrees they receive.Finally, Florida and California both require the recipient of the shipment to confirm that the physical drugs they received match those described by the pedigrees they received. That seems obvious, doesn’t it? Why would any legislative body require all or some supply chain participants to go through all the expense to generate and pass pedigree information but stop short of requiring anyone to actually look at it? Well, oddly, the federal PDMA appears to do just that.
- There is a clear attempt in the laws to help identify who participated in the introduction of the illegitimate product. This is important if your goal is to efficiently and quickly investigate the suspected crime. This would aid in shutting down the criminals as quickly as possible before they are able to spread bad medical products very deeply into the supply chain. Continue reading What are Pedigree Laws Trying to Accomplish Anyway?
Right now there is only one industry standard that can be used to comply with the various drug pedigree laws in the United States. That’s the GS1 Drug Pedigree Messaging Standard (DPMS), which was created in 2006 by a group of technology experts and participants from nearly all segments of the U.S. supply chain culminating in GS1 ratification in January 2007. Many of those companies began using DPMS even before it was ratified because the Florida Pedigree Law went into effect in July 2006. Since then, companies are using it to comply with other state pedigree laws as well as for the pedigree provisions of the federal government’s Prescription Drug Marketing Act (PDMA) of 1988 (stayed until December 2006). Interestingly, a few companies have chosen to require DPMS pedigrees today for trading partner risk mitigation even where there is no existing regulatory requirement to do so.
A few months after GS1 ratified the DPMS standard, they ratified the Electronic Product Code Information Services (EPCIS) standard. This is a more general purpose standard intended for use in all supply chains that have a need to track and trace serialized products. Everyone acknowledges that it doesn’t make sense to try to use it for compliance with PDMA, Florida or other state pedigree laws because they do not require serialization, but in 2015 the California Pedigree Law will go into effect and one of its unique provisions requires item-level serialization. Some see this as an ideal place to apply EPCIS.
There are lots of ways to contrast these two standards and their use for pedigree law compliance, but probably the most striking difference is how they each treat Supply Chain Master Data (SCMD). I defined SCMD in a previous post as “…that persistent, non-transactional data that defines a business entity for which there is, or should be, an agreed upon view across the supply chain.”
GLN as SCMD
Addresses are an example of a “business entity” that can be treated as SCMD. GS1 defines a location identifier they call a Global Location Number (GLN) that can be used to refer to an address. A GLN is a structured series of digits that can be assigned to refer to a single address (among other things). Refer to the GS1 General Specification for the details. Continue reading Pedigree Models and Supply Chain Master Data