Tag Archives: Digital Signatures

How the DQSA Will–And Won’t–Protect The Supply Chain, Part 2

Superhero right to leftLast week I published an overly long essay about how the supply chain provisions of the new U.S. Federal DQSA will and won’t protect the pharma supply chain.  Believe it or not, I had more to say on the subject, but because that essay was already too long, I withheld my additional thoughts until now.  Part 1 took another look at a number of supply chain crimes that have occurred over the last 5 to 6 years and attempted to determine how the new Drug Supply Chain Security Act (DSCSA) that is contained within the DQSA will add new protections that will or won’t help prevent crimes like them in the future.

In this Part 2 essay I want to look at the issue in a different way.  I’d like to compare the approach that Continue reading How the DQSA Will–And Won’t–Protect The Supply Chain, Part 2

DQSA: Getting To Electronic Transaction Data Exchange

Files transfer.While we wait for President Obama to sign the Drug Quality and Security Act of 2013 (DQSA, a.k.a. H.R. 3204) we can be confident it will become law in the next week or so.  This President has been presented with over 740 bills so far in his Presidency and he has signed all but two.  He has 10 days to sign the bill or it becomes law anyway but there might be some delay in the process between passage by the Senate and when the President is presented with the bill.

My interest in the DQSA of 2013 is only the Drug Supply Chain Security Act (DSCS) which is Title II within the overall bill.  I’m going to keep referring to it as the DQSA of 2013 but be aware that I probably won’t ever write about the compounding part, Title I.  If that is what brought you here, sorry, look elsewhere.

It is not law yet, but we can now be 100% sure it will be very soon.  Even before the bill was Continue reading DQSA: Getting To Electronic Transaction Data Exchange

Hey California Board of Pharmacy: Your Time Is Running Out!

wicked witch hourglassImportant Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.The California Board of Pharmacy has begun to hold ePedigree-specific meetings with staff and a subset of the Board present.  The first of these occurred on Monday of this week.  The agenda was fairly long and promised action on a number of important topics, including the possibility that the Board would consider the use of EPCIS as a pedigree platform, inference, pedigree certifications and drop shipments.  I came away disappointed that the only thing that happened was a brief discussion of each topic but seemingly no real action.  It was almost as if the Board members and staff had made no progress on any of these topics since the March Enforcement Committee meeting.  All that seemed to happen since that meeting Continue reading Hey California Board of Pharmacy: Your Time Is Running Out!

Draft Regulations On Certifications Within California ePedigrees

Edited by DirkImportant Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.During the March 14, 2013 meeting of the Enforcement Committee of the California Board of Pharmacy, Joshua Room, Supervising Deputy Attorney General at California Department of Justice assigned to the California Board of Pharmacy distributed copies of draft text that he is looking for public comments on.  The draft is for regulations covering pedigree “certification”, the use of “inference” and “inspection” of electronic pedigrees.  Unfortunately the text is Continue reading Draft Regulations On Certifications Within California ePedigrees

“The Shadows Of Things That MAY BE, Only” : EPCIS and California Compliance

Magoo_christmas_futureImportant Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.Currently, we know that companies can use GS1’s Drug Pedigree Messaging Standard (DPMS) to comply with the California pedigree law.  That’s been known for a long time now.  But many companies have been hoping to use GS1’s more general purpose Electronic Product Code Information Services (EPCIS) standard instead for almost as long.  For just as long, it has been known that a number of problems arise when you try to figure out exactly how to apply EPCIS to California compliance.

The problem is, EPCIS was originally envisioned by its creators to share supply chain “visibility” data.  That is, event data that was to be collected automatically based on Radio Frequency IDentification (RFID) reads picked up by readers that were to be spread around the supply chain by each of its members.  The collection of RFID readers were to form a kind of “visibility” of each RFID tag applied to the products in the supply chain.  From this visibility would come benefits.  One of those benefits was to be Continue reading “The Shadows Of Things That MAY BE, Only” : EPCIS and California Compliance

How Counterfeit Avastin Penetrated the U.S. Supply Chain

Counterfeit Avastin

The internet lit up last week when the U.S. Food and Drug Administration (FDA) posted an announcement that they are aware of counterfeit Avastin in the U.S. pharmaceutical supply chain (see “Counterfeit Version of Avastin in U.S. Distribution” on the FDA website and Genentech’s announcement).

I found out about it when I received notice of Dr. Adam Fein’s (PhD) excellent blog posting “Greedy Physicians Invite Fake Avastin Into the Supply Chain” on his DrugChannels.net blog, but multiple national news agencies picked the story up and many articles were written about it.  Most simply reflected the contents in the FDA’s announcement.

But at least one news source seemed to do some additional investigating.  Bill Berkrot and John Acher of Reuters published the excellent article “Fake Avastin’s path to U.S. traced to Egypt” on Thursday.  In the article they provide a little more background on the path the drugs allegedly took before apparently arriving on the shelves of U.S. physicians and potentially in the bodies of unsuspecting U.S. patients.

And Pharmaceutical Commerce Online reports that Avastin isn’t the only incident of recent counterfeit injectable cancer drugs making it into the U.S. market that the FDA is currently investigating.

HOW COUNTERFEIT AVASTIN MADE IT INTO THE LEGITIMATE U.S. SUPPLY CHAIN

Now keep in mind, this is only investigative journalism so far, and while the information source listed in the Reuters article is the Danish Medicines Agency, criminal investigators may already know more than this and in the end, some or all of the contents of the Reuters article may eventually be found to be untrue.  Whether ultimately true or not Continue reading How Counterfeit Avastin Penetrated the U.S. Supply Chain

Why GS1 EPCIS Alone Won’t Work For California Pedigree, Part 2

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.There are more than one reasons why you shouldn’t expect to use GS1’s EPCIS by itself to comply with the California pedigree law.  Part 1 of this series showed that the traditional distributed network of EPCIS repositories in the U.S. pharma supply chain doesn’t work.  But that analysis assumed the use of the “vanilla” EPCIS standard, without the use of any “extensions”.  That’s not really the way GS1 intended EPCIS to be used.  In this and future essays of this series I will explore some of the approaches that make full use of the extensibility that is built into the standard.

In this Part of the series I want to take a closer look at the work of the Network Centric ePedigree work group of the GS1 Healthcare Traceability group.  I am one of the leaders of that group along with Dr. Mark Harrison of the Cambridge University AutoId Lab, Dr. Ken Traub, Independent Consultant, and Gena Morgan of GS1, along with strong contributions from Janice Kite of GS1 and Dr. Dale Moberg of Axway.  The larger group consists of people who work for companies in the pharmaceutical supply chain, GS1, and solution providers from around the globe, although I think the majority are from the U.S.

The NCeP group published a very interesting recording of a presentation that explains the details of their work.  It is called “NCeP – Technical Analysis Sub-Group, Event Based Pedigree”.  The purpose of this recording is to help people outside of the close-knit NCeP group to learn about the pedigree models developed there, evaluate them and provide feedback to the group about which model(s) should be Continue reading Why GS1 EPCIS Alone Won’t Work For California Pedigree, Part 2

Inspecting An Electronic Pedigree

Within conversations held during the development of standards for electronic pedigrees it is sometimes common to hear people apply the following test to any pedigree proposal:

“A state inspector arrives at your facility without prior warning, enters the warehouse, picks up any random package of drugs and asks to see ‘the pedigree’ for this package.”

The point being made is that, according to the California Pedigree Law, at the very least, supply chain members will need to be capable of producing a full pedigree for any and every package of drugs in their possession at any time in case of a surprise inspection.

This scenario is an important one when selecting a pedigree model, but it often causes me to think about exactly what the company being inspected would show the inspector, and how they would do that.  Continue reading Inspecting An Electronic Pedigree