There are more than one reasons why you shouldn’t expect to use GS1’s EPCIS by itself to comply with the California pedigree law. Part 1 of this series showed that the traditional distributed network of EPCIS repositories in the U.S. pharma supply chain doesn’t work. But that analysis assumed the use of the “vanilla” EPCIS standard, without the use of any “extensions”. That’s not really the way GS1 intended EPCIS to be used. In this and future essays of this series I will explore some of the approaches that make full use of the extensibility that is built into the standard.
In this Part of the series I want to take a closer look at the work of the Network Centric ePedigree work group of the GS1 Healthcare Traceability group. I am one of the leaders of that group along with Dr. Mark Harrison of the Cambridge University AutoId Lab, Dr. Ken Traub, Independent Consultant, and Gena Morgan of GS1, along with strong contributions from Janice Kite of GS1 and Dr. Dale Moberg of Axway. The larger group consists of people who work for companies in the pharmaceutical supply chain, GS1, and solution providers from around the globe, although I think the majority are from the U.S.
I attended the Partnership for Safe Medicines (PSM) Interchange 2011 conference on October 27 in Washington DC. (I’ll cover that event more fully in a future essay.) For me, the event couldn’t have been better, but I measure events like this perhaps a little differently than most people. The agenda is important and the quality of the speakers is absolutely important, but in my view those are simply the things that lead to the one thing that can transform a merely good conference into a great conference: the quality of the attendees.
In the case of this year’s PSM event, I rate the quality of the attendees very high, and that’s because I had a number of great conversations with some very knowledgeable people during the breaks and at the social event the evening before. That was my interaction with the attendees, not the speakers. One of the topics of conversation surrounded the question of what exactly it was the led to the successful challenge to the Prescription Drug Marketing Act (PDMA) pedigree provisions in the RxUSA v. HHS court case and appeal and whether or not the same thing might occur with other drug pedigree laws.
Within conversations held during the development of standards for electronic pedigrees it is sometimes common to hear people apply the following test to any pedigree proposal:
“A state inspector arrives at your facility without prior warning, enters the warehouse, picks up any random package of drugs and asks to see ‘the pedigree’ for this package.”
The point being made is that, according to the California Pedigree Law, at the very least, supply chain members will need to be capable of producing a full pedigree for any and every package of drugs in their possession at any time in case of a surprise inspection.
In truth, EPCIS will almost certainly be an important component in the compliance formula but exactly how it fits, and whether there are other necessary components, has not yet been determined.
There are probably several reasons that this misconception persists. First, GS1 US continues to promote their 2015 “Readiness” Program as if it is that formula. The program documentation strongly implies that, if you simply follow their program, you will “be ready” to comply with the law; but it stops short of actually saying that you will be compliant.
Second, it seems like people are either able to understand the law well but not the technical standards, or they are able to understand the technical standards well but not the law. The legal folks are left to trust what the technical people say about EPCIS, and the technical people assume that as long as the data elements identified in the law are present somewhere then EPCIS must comply.
The debate over pedigree regulatory models in the U.S. pharmaceutical supply chain often centers around how much data for each package of drugs needs to be moved between trading partners as those drugs move down the supply chain from the manufacturer to distributor(s) and ultimately to the pharmacy. The ideal model would minimize the amount of data moved yet always allow each member of the supply chain to check the prior history—the pedigree—of the drugs they are about to buy.
At a superficial level this appears to be all you need to do, but when you take a closer at the details of how the supply chain actually works in the U.S. you will see that there are other characteristics besides data volume per package that need to be considered.
FOUR VIEWS OF THE U.S. SUPPLY CHAIN
In the debates and discussions over pedigree regulatory models we are used to seeing a view of the supply chain that shows one manufacturer, one distributor and one pharmacy. That view masks so much important complexity that if we were to select a regulatory model or solution based on that view it would be far from ideal.
At the end of my last essay I said I had recently concluded that the jump to a fully automated pharma supply chain upstream visibility system is too big and complex to be achievable by every company in the U.S. supply chain by the California dates. I want to explain that statement in a future essay (soon), but before I do I want to explore some of the track and trace models that are being considered by both GS1 and the FDA. I particularly want to look at the viability of each model because I think we will find that some just aren’t (viable), and that will help narrow the search.
I’ll look at the three basic models that the FDA mentioned in their recent workshop: Centralized, Semi-Centralized and Distributed (or Decentralized as the FDA called it). There are others, but it seems that they can all be either based on, or reduced to, one of these three basic models.
In this essay I am looking at track & trace models from a global viewpoint, which is something that GS1 is doing but the FDA may not. Attacks on the pharma supply chain are a global problem and global problems demand global solutions or gaps will be left for criminals to exploit.
I’ve been involved in a number of conversations lately that included differing opinions about what will be necessary to “certify” a drug pedigree in California after their pedigree law goes into effect (2015-2017, depending on your role in the supply chain). It’s a contentious issue, especially for those who wish that a distributed pedigree model would comply.
The California Law is fairly clear that the pedigree must contain, “A certification under penalty of perjury from a responsible party of the source of the dangerous drug that the information contained in the pedigree is true and accurate.” And that, among a list of other things, it must include “…the name and address of each person certifying delivery or receipt of the dangerous drug.”
DISCLAIMER: RxTrace contains some of the personal thoughts, ideas and opinions of Dirk Rodgers. The material contained in RxTrace is not legal advice. Dirk Rodgers is not a lawyer. The reader must make their own decisions about the accuracy of the opinions expressed in RxTrace. Readers are encouraged to consult their own legal counsel and trading partners before taking any actions based on information found in RxTrace. RxTrace is not a vehicle for communicating the positions of any company, organization or individual other than Dirk Rodgers.