Conversations about the merits of various pedigree and authentication models usually start from dissatisfaction with some characteristic of the current GS1 DPMS pedigree model. I maintain that the design of DPMS—including its perceived flaws—is merely a reflection of the current state and federal pedigree laws and regulations. Characteristics that people don’t like—like digital signatures, a growing document as drugs move down the supply chain, and the fact that Supply Chain Master Data is not used by DPMS—are actually all characteristics of the laws and/or regulations, so any alternate pedigree model that would truly be usable for compliance would need those characteristics too.
But that’s not exactly what I want to discuss in this essay. Instead, I wanted to explain my theory of what U.S. pedigree laws are trying to accomplish in the first place. Forget about how they do it for now. What were the goals of those who wrote these laws and regulations? I’ll agree that this is impossible to know for sure but I think I can construct a pretty convincing theory. I don’t know any of the legislators or congresspeople who wrote these laws, but I have studied their work for over four years now. I have made the following observations.
- The highest priority goal of the Florida and California laws appears to be to detect the introduction of illegitimate drugs (counterfeit, stolen, up-labeled, diverted, etc.) into the legitimate supply chain as early as possible, preferably at the very first transaction. These laws accomplish this by requiring companies buying drugs within the supply chain to receive the full supply chain history of those drugs at the time of the purchase (contained in a “pedigree”), and, most importantly, by requiring them to verify the legitimacy of those prior transactions. In Florida that verification can be performed by direct contact, such as a phone call, email, fax, etc., or, optionally, through the use if digital signatures. In California, this verification can only be performed through the use of digital signatures. The federal PDMA, on the other hand, does not appear to obligate the buyer to do any verification of the information provided on pedigrees they receive.Finally, Florida and California both require the recipient of the shipment to confirm that the physical drugs they received match those described by the pedigrees they received. That seems obvious, doesn’t it? Why would any legislative body require all or some supply chain participants to go through all the expense to generate and pass pedigree information but stop short of requiring anyone to actually look at it? Well, oddly, the federal PDMA appears to do just that.
- There is a clear attempt in the laws to help identify who participated in the introduction of the illegitimate product. This is important if your goal is to efficiently and quickly investigate the suspected crime. This would aid in shutting down the criminals as quickly as possible before they are able to spread bad medical products very deeply into the supply chain. Continue reading What are Pedigree Laws Trying to Accomplish Anyway?