Tag Archives: standards

California Pedigree

Why GS1 EPCIS Alone Won’t Work For California Pedigree, Part 1

2 Comments

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.For the application of unique serial numbers, or Standard Numerical Identifiers (SNIs), to packages as part of compliance with the California Pedigree Law in 2015-2017 , GS1’s Electronic Product Code (EPC), particularly in barcode form, is the clear winning standard.  But there seems to be a very common misconception going around that for pedigree data management, all you need to do to comply with that law is to deploy a system that is based solely on the GS1 Electronic Product Code Information Services (EPCIS) standard.  The  misconception assumes that there is a formula that can be followed to achieve compliance and that EPCIS is the whole formula.

In truth, EPCIS will almost certainly be an important component in the compliance formula but exactly how it fits, and whether there are other necessary components, has not yet been determined.

There are probably several reasons that this misconception persists.  First, GS1 US continues to promote their 2015 “Readiness” Program as if it is that formula.  The program documentation strongly implies that, if you simply follow their program, you will “be ready” to comply with the law; but it stops short of actually saying that you will be compliant.

Second, it seems like people are either able to understand the law well but not the technical standards, or they are able to understand the technical standards well but not the law.  The legal folks are left to trust what the technical people say about EPCIS, and the technical people assume that as long as the data elements identified in the law are present somewhere then EPCIS must comply.

Now I am not a legal expert but I’ve been looking at the text of the California Pedigree Law for a few years now and I think I understand it at a level that allows me to estimate how various technical approaches might fill its requirements.  Let me show you how Continue reading Why GS1 EPCIS Alone Won’t Work For California Pedigree, Part 1

track and trace

Attributes Of A Global Track & Trace Application

6 Comments

In this essay, I’m not going to discuss the attributes of a track & trace system from a regulator’s point of view.  I’m not going to discuss input into the FDA’s Track & Trace workshop that occurs this week and I’m not going to speculate on the outcome of that meeting.  Instead, I’m going to talk about the attributes of a track & trace application from the viewpoint of any global pharma manufacturer who is facing the regulatory mandates for serialization and traceability in a growing list of countries around the world, and from the viewpoint of any solution provider who is thinking about what they need to include in their solution offering so that those global pharma companies find it attractive enough to buy.

To those kinds of companies, the potential for new non-binding guidance from the U.S. is important, but perhaps less so than an increasing number of binding regulations from around the world.  Whatever the FDA—and especially the U.S. Congress—may do in the future will be important when selecting a track & trace solution, but the U.S. is only one of the countries in the world and pharma companies that do business in those other countries do not have time to wait for the U.S. to figure out their approach before making investments.

The goal is to make investments today that will be Continue reading Attributes Of A Global Track & Trace Application

pedigree certification, security

Electronic Message Security and More on Certifications

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.

Digital electronic messages can be transmitted from one party to another using a wide range of communications technologies.  Today, businesses that make use of the internet to transmit their business messages to and from their trading partners make use of standards-based Electronic Data Interchange (EDI) message formatting.

EDI messages are typically transmitted point-to-point, from one business to one other business.  There are a large number of EDI message types defined but in the pharmaceutical supply chain the most common messages are purchase orders, purchase order acknowledgments, invoices and advance shipment notices (ASN’s).  (While I have the chance, I’d like to point out that ASN’s are not pedigrees for multiple reasons that I will not cover in this essay.)

In the U.S. pharma supply chain AS2 is the most common communications protocol in use for EDI message exchange.  AS2 provides generalized message security to ensure that the messages cannot be understood or tampered with by unauthorized parties during movement from sender to recipient.  According to Wikipedia, these are achieved through the use of digital certificates and encryption.  Messages can optionally be digitally signed by the sender to provide non-repudiation within the AS2 payload context.

Electronic pedigrees as defined by the states of Florida and California are messages that contain fairly complex legal documentation which describe the chain of custody or ownership of a given package of drugs, but they also contain several types of legally required certifications. Continue reading Electronic Message Security and More on Certifications

Writing

Writing Is Thinking. For Example, Ken Traub

3 Comments
Ken Traub

Noted writer, editor, literary critic and teacher, William Zinsser, is known for the quote “writing is thinking on paper”.  Today I don’t think paper has much to do with it, but what I think he means is, the very process of writing something forces a person to think about the thing they are writing about, and then embody that thinking clearly in the written output (paper or electronic).  As you might imagine, I agree with this.  I like to write and I believe that my own experience with writing has greatly improved my thinking.  For a really great essay on the topic of writing and thinking, see The Secret About Writing That No One Has The Balls To Tell You by Pete Michaud…and don’t miss the many excellent comments below his essay.

I’ve been writing about ideas surrounding my professional experience much longer than the year and a half I have been writing RxTrace.  In fact, I have written some pretty legendary emails and other essays over my career.  Legendary because they raised ideas that were either unpopular or otherwise not wanted by the recipient(s).  If you know me very well then chances are you’ve read one or two of those.

In a previous job, I did a fair amount of Continue reading Writing Is Thinking. For Example, Ken Traub

Digital Signatures

Certifications In A California-Compliant Drug Pedigree

7 Comments

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.I’ve been involved in a number of conversations lately that included differing opinions about what will be necessary to “certify” a drug pedigree in California after their pedigree law goes into effect (2015-2017, depending on your role in the supply chain).  It’s a contentious issue, especially for those who wish that a distributed pedigree model would comply.

The California Law is fairly clear that the pedigree must contain, “A certification under penalty of perjury from a responsible party of the source of the dangerous drug that the information contained in the pedigree is true and accurate.”  And that, among a list of other things, it must include “…the name and address of each person certifying delivery or receipt of the dangerous drug.”

In the California language, a “dangerous drug” is Continue reading Certifications In A California-Compliant Drug Pedigree

GS1 Healthcare US

Before You Participate in The GS1 US 2015 Readiness Program, Read This

2 Comments

Important Notice To Readers of This Essay On November 27, 2013, President Barack Obama signed the Drug Quality and Security Act of 2013 into law. That act has many provisions, but one is to pre-empt all existing and future state serialization and pedigree laws like those that previously existed in California and Florida. Some or all of the information contained in this essay is about some aspect of one or more of those state laws and so that information is now obsolete. It is left here only for historical purposes for those wishing to understand those old laws and the industry’s response to them.

GS1 US is dedicated to expanding the adoption of GS1 Global’s standards for supply chain interaction in the U.S. market.  Almost every country in the world has a GS1 “Member Organization” (M.O.) that is dedicated to the same thing within their borders.  With the local M.O.’s primary focus on driving adoption, their most valuable tool is that country’s government.  If they can get the government to reference GS1 standards in their laws, their work is much easier.

This isn’t unique to GS1, or course.  All standards organizations know this and they all have various approaches to getting the attention of each country’s government.  There is nothing wrong with this.  In fact, it makes perfect sense since, unlike standards organizations themselves, countries always have very large enforcement wings.

But what happens when those governments are too big to sway easily?  What if it costs too much and takes too long to get them to see the light?  This is when a standards adoption organization needs to get creative.  In my opinion, that’s what has led GS1 Healthcare US to create the “2015 Readiness Program”.  It was out of frustration with the California State Government and with the U.S. Food and Drug Administration (FDA) and their, so far, unwillingness to create laws and regulations that mandate the use of GS1 standards.  Let me explain. Continue reading Before You Participate in The GS1 US 2015 Readiness Program, Read This

pedigree

A Semi-Centralized, Semi-Distributed Pedigree System Idea

6 Comments

Four years ago the GS1 EPCglobal Software Action Group (SAG) Drug Pedigree Messaging Work Group was wrapping up the standard specification for the GS1 Drug Pedigree Messaging Standard (DPMS, aka GS1 Pedigree Ratified Standard).  That standard was developed through collaboration between U.S. pharmaceutical supply chain members, industry associations, solution providers and GS1.  DPMS 1.0 was ratified by the EPCglobal Board in early January 2007.

DPMS has many benefits.  It results in a self-contained, self-secure electronic document that clearly shows the chain of ownership and/or custody of a given drug package (or a set of packages if they all have the same history).  It works equally well with serialized and non-serialized products.  The security of DMPS documents comes from within the electronic documents themselves rather than just from a security layer wrapped around a given server.  A self-contained, self-secure document model should work well as evidence in a criminal trial.

But even before DPMS was ratified people were raising questions and concerns about it.  Those concerns were Continue reading A Semi-Centralized, Semi-Distributed Pedigree System Idea

serialization

Estimated Rise In Serialized Drugs In The U.S. Supply Chain

4 Comments

Back in 2005 I created a line graph of my personal prediction of the percentage of pharmaceuticals in the U.S. supply chain that would be unit-level serialized by the manufacturer and I circulated it among my co-workers at the time.  I based it purely on guesses that were “supported”–very flimsily–by the number of large pharmaceutical manufacturers who were participating in the GS1 EPCglobal Healthcare and Life Sciences (HLS) Business Action Group (BAG) (the group is now defunct), and the existence of an early version of the California Pedigree Law.  The graph included a high and low line that formed a band that I thought would be where the reality would fall.  In that prediction I didn’t think most manufacturers would achieve 100% serialization of their products until sometime between 2010 (high) and 2015 (low).

In my analysis at that time, I theorized that the actual percentage would start out following my “low” estimate line, but at some unpredictable point, something would happen that would cause the percentage to jump up to the “high” estimate line.  At the time, I assumed the event that would cause that jump would be the U.S. Federal government issuing some kind of pedigree regulation that included a unit-level serialization requirement.

As it turned out, things moved slower than I had guessed.  Here it is 2010 and the percentage of drugs in the supply chain with unit-level serial numbers on them is so small that it’s tough to give it a percentage.  But I think my estimate from way back in 2005 was not bad for its time (but notice I’m not publishing the actual graph).  After all, the California Pedigree deadline has been pushed out at least three times since then (from 2007 to 2009, to 2011, to 2015/1016).

I think the future is a little less murky now because, since 2005, Continue reading Estimated Rise In Serialized Drugs In The U.S. Supply Chain