Tag Archives: distributed pedigree

GS1 Healthcare US

Before You Participate in The GS1 US 2015 Readiness Program, Read This

2 Comments

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.

GS1 US is dedicated to expanding the adoption of GS1 Global’s standards for supply chain interaction in the U.S. market.  Almost every country in the world has a GS1 “Member Organization” (M.O.) that is dedicated to the same thing within their borders.  With the local M.O.’s primary focus on driving adoption, their most valuable tool is that country’s government.  If they can get the government to reference GS1 standards in their laws, their work is much easier.

This isn’t unique to GS1, or course.  All standards organizations know this and they all have various approaches to getting the attention of each country’s government.  There is nothing wrong with this.  In fact, it makes perfect sense since, unlike standards organizations themselves, countries always have very large enforcement wings.

But what happens when those governments are too big to sway easily?  What if it costs too much and takes too long to get them to see the light?  This is when a standards adoption organization needs to get creative.  In my opinion, that’s what has led GS1 Healthcare US to create the “2015 Readiness Program”.  It was out of frustration with the California State Government and with the U.S. Food and Drug Administration (FDA) and their, so far, unwillingness to create laws and regulations that mandate the use of GS1 standards.  Let me explain. Continue reading Before You Participate in The GS1 US 2015 Readiness Program, Read This

pedigree

A Semi-Centralized, Semi-Distributed Pedigree System Idea

6 Comments

Four years ago the GS1 EPCglobal Software Action Group (SAG) Drug Pedigree Messaging Work Group was wrapping up the standard specification for the GS1 Drug Pedigree Messaging Standard (DPMS, aka GS1 Pedigree Ratified Standard).  That standard was developed through collaboration between U.S. pharmaceutical supply chain members, industry associations, solution providers and GS1.  DPMS 1.0 was ratified by the EPCglobal Board in early January 2007.

DPMS has many benefits.  It results in a self-contained, self-secure electronic document that clearly shows the chain of ownership and/or custody of a given drug package (or a set of packages if they all have the same history).  It works equally well with serialized and non-serialized products.  The security of DMPS documents comes from within the electronic documents themselves rather than just from a security layer wrapped around a given server.  A self-contained, self-secure document model should work well as evidence in a criminal trial.

But even before DPMS was ratified people were raising questions and concerns about it.  Those concerns were Continue reading A Semi-Centralized, Semi-Distributed Pedigree System Idea

California Pedigree Law

California Pedigree Law: Historic Change to Commerce

7 Comments

 

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.

“…[C]ommencing on July 1, 2016, a wholesaler or repackager may not sell, trade, or transfer a [prescription] drug at wholesale without providing a pedigree.

…[C]ommencing on July 1, 2016, a wholesaler or repackager may not acquire a [prescription] drug without receiving a pedigree.

…[C]ommencing on July 1, 2017, a pharmacy may not sell, trade, or transfer a [prescription] drug at wholesale without providing a pedigree.

…[C]ommencing on July 1, 2017, a pharmacy may not acquire a [prescription] drug without receiving a pedigree.”

With these words the State of California introduced a significant change to the way the pharmaceutical supply chain works (see section 4163 of the California Business and Professions Code) and has written a new page in the history of commerce.  It brings pharmaceutical commerce fully into the computer age.  Adam Smith would not recognize it.  Today, and up to the effective dates of these provisions, the value of a legitimate pharmaceutical in the legitimate U.S. supply chain is determined by the physical condition of the product and its package.  After July 1, 2016, the value of a legitimate pharmaceutical in the supply chain in California will be determined by the combination of the physical condition of the product and its package, and the sellers ability to provide the buyer with an electronic pedigree.

The intended effect of this new regulatory requirement is to place a significant roadblock in front of counterfeiters, diverters and others who would try to scam patients and the legitimate participants in the supply chain.  This is a noble cause.  By requiring sellers to provide buyers with a pedigree at each change in ownership in the supply chain, illegitimate parties will find it very hard to inject illegitimate drugs without exposing their actions and, at the same time, creating evidence that can be used against them in their own prosecution.  By providing a pedigree at each change in ownership, supply chain buyers will be able to check the authenticity of the full supply chain transaction history provided by the seller, maximizing the likelihood that any suspicious activity would be detected long before a patient would receive the drugs.

But I’m more interested today in exploring a surprising unintended effect of these requirements.  I’ve touched on this briefly in past essays but I’ve recently concluded that the implications of these requirements are much more significant than I realized before.  This may be the first time in the history of commerce that Continue reading California Pedigree Law: Historic Change to Commerce

discovery serivces, Uncategorized

Will The Pharma Supply Chain Find Any Value In GS1 Discovery Services?

8 Comments

I’m pretty excited about the kickoff this Wednesday of the GS1 EPCglobal Software Action Group (SAG) Discovery Services Work Group which will take the business and technical requirements that were collected by an earlier group and turn them into an actual standard.  This will be the first new major technical standard GS1 has started for quite a few years.  The most recent kickoff I can remember was the GS1 Drug Pedigree Messaging Standard (DPMS) which kicked off back in late 2005 and completed in January 2007.  The GS1 Electronic Product Code Information Services (EPCIS) standard effort kicked off in late 2004 and completed in April 2007.  That gives you an idea of how long these things take.

The effort to create the business and technical requirements for Discovery Services started just about two years ago and completed this past December.  How long will it take to get to a ratified standard?  The GS1 Discovery Services Work Group Charter predicts it will be done in June of 2011, but predictions in charter documents are notoriously optimistic.  The EPCIS Charter predicted that standard would be ratified in August of 2005, for example—one third the time it actually took.

This is not a bad thing in my opinion.  A Charter document needs to estimate how long the effort will take, but once things get rolling, GS1 EPCglobal takes as long as needed to get the standard right.  So how long will this one take?  Based on how long the requirements took, I’m guessing Continue reading Will The Pharma Supply Chain Find Any Value In GS1 Discovery Services?

pedigree laws

What are Pedigree Laws Trying to Accomplish Anyway?

6 Comments

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.Conversations about the merits of various pedigree and authentication models usually start from dissatisfaction with some characteristic of the current GS1 DPMS pedigree model. I maintain that the design of DPMS—including its perceived flaws—is merely a reflection of the current state and federal pedigree laws and regulations. Characteristics that people don’t like—like digital signatures, a growing document as drugs move down the supply chain, and the fact that Supply Chain Master Data is not used by DPMS—are actually all characteristics of the laws and/or regulations, so any alternate pedigree model that would truly be usable for compliance would need those characteristics too.

But that’s not exactly what I want to discuss in this essay. Instead, I wanted to explain my theory of what U.S. pedigree laws are trying to accomplish in the first place. Forget about how they do it for now. What were the goals of those who wrote these laws and regulations? I’ll agree that this is impossible to know for sure but I think I can construct a pretty convincing theory. I don’t know any of the legislators or congresspeople who wrote these laws, but I have studied their work for over four years now. I have made the following observations.

  1. The highest priority goal of the Florida and California laws appears to be to detect the introduction of illegitimate drugs (counterfeit, stolen, up-labeled, diverted, etc.) into the legitimate supply chain as early as possible, preferably at the very first transaction. These laws accomplish this by requiring companies buying drugs within the supply chain to receive the full supply chain history of those drugs at the time of the purchase (contained in a “pedigree”), and, most importantly, by requiring them to verify the legitimacy of those prior transactions. In Florida that verification can be performed by direct contact, such as a phone call, email, fax, etc., or, optionally, through the use if digital signatures. In California, this verification can only be performed through the use of digital signatures. The federal PDMA, on the other hand, does not appear to obligate the buyer to do any verification of the information provided on pedigrees they receive.Finally, Florida and California both require the recipient of the shipment to confirm that the physical drugs they received match those described by the pedigrees they received. That seems obvious, doesn’t it? Why would any legislative body require all or some supply chain participants to go through all the expense to generate and pass pedigree information but stop short of requiring anyone to actually look at it? Well, oddly, the federal PDMA appears to do just that.
  2. There is a clear attempt in the laws to help identify who participated in the introduction of the illegitimate product. This is important if your goal is to efficiently and quickly investigate the suspected crime. This would aid in shutting down the criminals as quickly as possible before they are able to spread bad medical products very deeply into the supply chain. Continue reading What are Pedigree Laws Trying to Accomplish Anyway?
pedigree

Fundamental Law of Commerce

Over the last few years I have been kicking around an idea that helps identify an important characteristic that will be necessary in any successful supply chain pedigree or track and trace technology/regulation. I can sum it up as follows:

When regulations mandate that a product’s value is determined by the ability to show, at any time, specific information about the product’s history, then the buyer of that product must receive all of the necessary information from the seller at the same time the product is received.

Take, for instance, a secondary wholesaler in Florida today. Florida requires a secondary wholesaler to be able to show an inspector a complete pedigree for any prescription drug in their possession. If the wholesaler cannot show the proper pedigree, then the product cannot be sold in Florida. The value of the item is reduced, perhaps to zero. If this drug-without-a-pedigree can legally be shipped to sites or customers outside of Florida the reduction in value is equal to the cost of the extra shipment, extra handling and perhaps a temporary out-of-stock situation until the unexpected loss can be backfilled (and possibly a fine).

Now imagine what would happen if there were no other place to legally ship drugs whose pedigree information is unavailable when called upon. The value of the drugs would certainly be zero, or worse. That’s a risk that can be avoided by ensuring that all of the information necessary for the pedigree is in the possession of the secondary wholesaler at the time they purchase the drug.

What would cause the information to not be available? Some technical approaches to maintaining pedigree information under discussion within the industry right now might result in something I call a “distributed” pedigree. That is, one that is stored across multiple organizations; the previous owners of the drug. When it is necessary to show a complete pedigree–to an inspector, a law enforcement organization, or just to a buyer–these other organization must be called upon to provide their part of the pedigree. The occasion that leads to the need to show a complete pedigree will probably occur somewhat unexpectedly (especially in the instance of a regulatory inspection or a law enforcement action). If one or more of the organizations holding part of the pedigree information are temporarily or permanently unable to provide their part of the pedigree, the product cannot be sold and thus has lost all of its value.

The real problem with a distributed pedigree occurs when the supply chain extends beyond just two trading partners. For example, the third owner of a drug in the supply chain probably doesn’t have any business relationship with the manufacturer (the first owner). That’s why they bought the product from the second owner. There is probably no contract between the current owner of the drug and the previous owners (except the most recent seller) so there is no way to ensure that these earlier owners will provide their necessary components to the pedigree when it is called for.

The solution is to make sure that all of the necessary data for the pedigree is always supplied by the seller at the time of purchase. That way, if any of the earlier owners have technical (or other) difficulties that prevent them from being able to serve up data, it won’t affect the value of the drugs that are downstream in the supply chain. In short, a “distributed” pedigree won’t work.

I believe this concept is a corollary to the fundamental law of commerce known as “Buyer Beware”. Transmitting a full pedigree at the time of the sales transaction is one way of arming the buyer with sufficient information so they can beware.