For the application of unique serial numbers, or Standard Numerical Identifiers (SNIs), to packages as part of compliance with the California Pedigree Law in 2015-2017 , GS1’s Electronic Product Code (EPC), particularly in barcode form, is the clear winning standard. But there seems to be a very common misconception going around that for pedigree data management, all you need to do to comply with that law is to deploy a system that is based solely on the GS1 Electronic Product Code Information Services (EPCIS) standard. The misconception assumes that there is a formula that can be followed to achieve compliance and that EPCIS is the whole formula.
In truth, EPCIS will almost certainly be an important component in the compliance formula but exactly how it fits, and whether there are other necessary components, has not yet been determined.
There are probably several reasons that this misconception persists. First, GS1 US continues to promote their 2015 “Readiness” Program as if it is that formula. The program documentation strongly implies that, if you simply follow their program, you will “be ready” to comply with the law; but it stops short of actually saying that you will be compliant.
Second, it seems like people are either able to understand the law well but not the technical standards, or they are able to understand the technical standards well but not the law. The legal folks are left to trust what the technical people say about EPCIS, and the technical people assume that as long as the data elements identified in the law are present somewhere then EPCIS must comply.
Now I am not a legal expert but I’ve been looking at the text of the California Pedigree Law for a few years now and I think I understand it at a level that allows me to estimate how various technical approaches might fill its requirements. Let me show you how Continue reading Why GS1 EPCIS Alone Won’t Work For California Pedigree, Part 1
In the healthcare supply chain a significant number of hospital group purchasing organizations (GPO’s) have stipulated, to varying degrees, that their suppliers begin making use of GS1 Global Location Numbers (GLN’s) in all of their trade with their member hospitals by the end of 2010 (Sunrise 2010) and GS1 Global Trade Item Numbers (GTIN’s) by the end of 2012 (Sunrise 2012). Here are the announcements from Novation, Premier, MedAssets and Amerinet. From the wording of their announcements it appears that Continue reading So a customer demands that you use GLN’s and GTIN’s. What next?
Does the supply chain itself make any contribution to patient safety? The legitimate pharmaceutical supply chain is that complex web of companies that move drugs from the manufacturers to the pharmacies that dispense them to patients. The supply chain always includes both of those end points (manufacturer and pharmacy) and, in the U.S., normally also includes at least one wholesaler. The supply chain is typically viewed as “Manufacturer to Wholesaler to Pharmacy”, whether the pharmacy is within a hospital, clinic, retail independent, chain store, grocery store, or mail order. The great majority of prescription drugs arriving in the hands of U.S. patients have passed through this supply chain.
So what contribution does this chain make toward the safety of those patients? In my view, it comes in three ways: Continue reading Supply Chain Data Synchronization and Patient Safety
I am fortunate to have so many friends and colleagues who work in end-user and solution provider companies and who are impacted by the issues I cover in my blog. After each post I often exchange emails and phone calls with some of them and we discuss/debate what I’ve written about. These are great conversations because they sometimes confirm my opinions and sometimes challenge them, but I almost always come away with a more refined understanding of the technology or regulation we discussed. That is, I learn something.
This is exactly what has been happening with my recent series on Supply Chain Master Data (SCMD). As I’ve defined it, SCMD is just like regular old Master Data (MD) except that the identifier and the full data set behind each instance of SCMD has a single owner, and all parties in the supply chain who may encounter the identifier must have a way of obtaining the full set of data from the owner so they know what the identifier means. But this assumes that only the identifier will be used in supply chain data communications in place of the full data set that the ID refers to.
GLN’s On Electronic Invoices
Let’s take GS1’s GLN (Global Location Number), for example. You can use GLN’s in two ways: as true SCMD, or in a non-SCMD way.
An example of using GLN’s as SCMD in an invoice application would result in an electronic invoice that did not have any explicit addresses in it–no customer billing address, no customer shipping address and no “remit payment to” address. Instead, it would simply include the customer’s billing GLN, the customer’s shipping GLN and the “remit payment to” GLN. Each party in this example would have already obtained the full addresses from their respective owners in some way, either through a registry (like GS1 U.S.’s GLN Registry for Healthcare), or directly from the owner, so there is no need to include that data on each invoice between these parties.
The non-SCMD use of GLN’s occurs when a company uses a GLN identifier as a way of obtaining their trading partner’s full address, and then they would put the full address on each of their invoices for that partner. This approach makes use of GLN’s to “synchronize” the address master data that each trading partner keeps locally. Continue reading Use of GLN and GTIN for Pedigree Regulatory Compliance
Conversations about the merits of various pedigree and authentication models usually start from dissatisfaction with some characteristic of the current GS1 DPMS pedigree model. I maintain that the design of DPMS—including its perceived flaws—is merely a reflection of the current state and federal pedigree laws and regulations. Characteristics that people don’t like—like digital signatures, a growing document as drugs move down the supply chain, and the fact that Supply Chain Master Data is not used by DPMS—are actually all characteristics of the laws and/or regulations, so any alternate pedigree model that would truly be usable for compliance would need those characteristics too.
But that’s not exactly what I want to discuss in this essay. Instead, I wanted to explain my theory of what U.S. pedigree laws are trying to accomplish in the first place. Forget about how they do it for now. What were the goals of those who wrote these laws and regulations? I’ll agree that this is impossible to know for sure but I think I can construct a pretty convincing theory. I don’t know any of the legislators or congresspeople who wrote these laws, but I have studied their work for over four years now. I have made the following observations.
- The highest priority goal of the Florida and California laws appears to be to detect the introduction of illegitimate drugs (counterfeit, stolen, up-labeled, diverted, etc.) into the legitimate supply chain as early as possible, preferably at the very first transaction. These laws accomplish this by requiring companies buying drugs within the supply chain to receive the full supply chain history of those drugs at the time of the purchase (contained in a “pedigree”), and, most importantly, by requiring them to verify the legitimacy of those prior transactions. In Florida that verification can be performed by direct contact, such as a phone call, email, fax, etc., or, optionally, through the use if digital signatures. In California, this verification can only be performed through the use of digital signatures. The federal PDMA, on the other hand, does not appear to obligate the buyer to do any verification of the information provided on pedigrees they receive.Finally, Florida and California both require the recipient of the shipment to confirm that the physical drugs they received match those described by the pedigrees they received. That seems obvious, doesn’t it? Why would any legislative body require all or some supply chain participants to go through all the expense to generate and pass pedigree information but stop short of requiring anyone to actually look at it? Well, oddly, the federal PDMA appears to do just that.
- There is a clear attempt in the laws to help identify who participated in the introduction of the illegitimate product. This is important if your goal is to efficiently and quickly investigate the suspected crime. This would aid in shutting down the criminals as quickly as possible before they are able to spread bad medical products very deeply into the supply chain. Continue reading What are Pedigree Laws Trying to Accomplish Anyway?