2014 Product Security Report
A new federal law sets the US industry's agenda for years to come; efforts globally are moving ahead
The transformation won’t come cheap: At its basic level, the product serialization required by DQSA (or, to be more precise, the Drug Supply Chain Security Act—DSCSA, which is Title II of DQSA, and is becoming the preferred acronym for the subject) costs $150–300 thousand per packaging line, and there are tens of thousands of packaging lines around the world. (However, it’s worth noting that thousands of lines have already been serialized.) Additional costs will accrue as manufacturers, and their business partners, install IT systems to store and transmit serial codes and transaction histories with each other. Still to be determined is who, or where, these data repositories will be connected and managed so that any participant in the supply chain—a local pharmacy or doctor’s office, or even patients themselves—can check a product’s history and integrity.
Besides the obvious—meeting a regulatory requirement—what does the US pharma industry gain from the serialization effort? Ron Guido, a former supply-chain security executive at J&J, and now an independent consultant, speaks of a “compliance ROI,” or “C-ROI,” that will be available to not just supply chain managers in pharma, but trade relations, patient support, marketing and other managers. His list includes:
As just one example, Justin Schroeder, marketing coordinator at PCI (Philadelphia), a contract packager now installing more serialization systems in its facilities, cites an unnamed veterinary-health client who wanted to track how much product was flowing through veterinary offices (its preferred channel) and how much through mail-order or direct-to-customer channels, where suggested retail pricing is harder to maintain. With serialized product data and feedback from customers, it could maintain better control of channel inventory and, ultimately, revenue.
These examples are worth citing because a constant criticism of the effort behind DSCSA was a) there’s very little counterfeiting going on in the US market; and b) serialization won’t prevent its occurrence. Both of these are true, at one level, but at another—touching on overall consumer awareness of the dangers of counterfeiting; and building a stronger degree of security into today’s global supply chain—both miss the point. In effect, critics are saying that past security practices will be sufficient for the future marketplace, and that counterfeiters and other bad actors can’t evolve their own countermeasures. In other words, we’re winning the last war, but not preparing for the next one.
With the law in place—and with comparable efforts going on around the world—industry managers are getting very busy. The mantra of “get your RFPs in early, because there’s going to be a crunch in the next 18 months” is being heard again. Here’s a laundry list of industry activities involving, or setting the context for, supply chain security globally:
For now, and for most of the world, a common thread is GS1 standards for 2D barcodes, and some variation on the ASN (Advanced Shipping Notice) guidance that currently exists in US and European standards for electronic data interchange (EDI). (The ASN guidance is a part of GS1’s “version 1.1.” guidance; the question will be, can this years-old standard be extended to cover the new requirements of the DSCSA law.)
“Warehouse management systems live in ASN, which has been commonplace for at least 20 years,” says Tom Kozenski, product manager at JDA Software. “The question now is how to extend ASN to include segments relating to serial data. EPCIS, the GS1 standard, includes ‘event’ information from which the transaction history of a shipment can be obtained; my feeling is that all of this will come together well in time for the 2023 DSCSA deadline.”
Much of the US industry is watching next moves by FDA closely. DSCSA has specific deadlines for FDA to meet. The key, near-term ones are:
Also on January 1, manufacturers, wholesale distributors and dispensers (retail and hospital pharmacies) are to be ready to document that they work with authorized trading partners only, and to have product-verification systems in place that will document, at the lot level, that products have been received in an approved manner. On the one hand, many wholesalers and retailers already have such verification systems in place; on the other, there doesn’t seem to be a stampede, as yet, of retailers building out necessary IT systems. The unofficial word circulating in the industry is that the wholesalers who, for example, manage networks of independent pharmacies will be able to provide the verification processes as a service to their customers.
The pace of actual serialization implementations—both of hardware and of software—never actually stopped during the years between 2008 (when California postponed its statewide program until 2015) and the passage of DSCSA last November.
“Companies that were making preparations for the California e-pedigree rules are in a pretty good position right now to meet 2015 deadlines,” notes Greg Cathcart, president of Excellis Health, a consulting group. “This includes the major wholesalers and retail chains. But many hospital pharmacies, independent pharmacies and others are almost discovering the serialization and tracking rules for the first time.”
But now, industry vendors are cranking up their project activity. One key difference between where manufacturers were headed to meet the now-defunct California e-pedigree rule, and today’s regulatory framework, is that product cartons needn’t have strict “aggregation” practices in effect. When DSCSA established that products would be traced for the next several years, only at the lot level, that enabled both manufacturers and wholesalers to ensure that cartons (which typically contain 24–96 packages, although there are many variations on this) needn’t be opened and verified—a major sticking point for wholesalers, whose high-speed stocking and picking operations would grind to a halt if every incoming carton had to be opened and packages individually verified. This aggregation of “parent” (carton) and “child” (package) data is much simpler as long as different lot numbers aren’t jumbled in the same carton.
The US’s standard to track products at the lot level, for now, means that Europe’s drive to identify individual packages with unique serial numbers will be a more advanced technology (Fig. 2). FDA, along with a number of industry groups, had pushed for unit-level serialization in the run-up to passage of DSCSA (FDA had previously developed a “serialized numeric identifier” [SNI] guideline for this), but the legislators ultimately compromised on the lot-level tracking. In theory, European and US standards will eventually come together as the US industry devises reliable aggregation techniques.
Current leaders in the serialization technology market include Acsis, Systech, Optel Vision, Antares-Xyntek and Seidenader (part of the Korber Group). Other contenders include ROC IT, rfXcel, Covectra, Frequentz and Mettler-Toledo. IT companies such as Axway, International Business Systems, JDA Software, Oracle, TraceLink and SAP have enterprise-level data-collection systems to enable line data to be communicated to trading partners. Around these firms, at least in the US, are a wide variety of consulting firms to provide strategic or operational support in a serialization effort: Excellis Health; Accenture; PwC; Pharma Logic Solutions and BrandSure LLC. Additional resources are available from manufacturers of packaging equipment, including such firms as Uhlmann Packaging, Bosch Packaging and Omega Design.
News reports of industry activity to combat counterfeiting provide a mixed message in a serialization context. In early April, Eli Lilly provided some details about its current serialization efforts (into which it is committing $100 million). According to the April 6 Indianapolis Star article, Lilly is “finding a way to stamp unique codes and serial numbers on every drug package it sells worldwide, so each shipment can be tracked and verified as genuine as it moves from plant to patient. The hope is to weed counterfeit product out of legitimate drug distribution channels, since counterfeiters won’t know the right serial numbers to stamp on their fake goods.” Which sounds like a rock-solid defense of Lilly’s supply chain.
But a few days later, a Wall Street J. (April 8) article, recapping news relating to how fake Avastin entered multiple US oncology clinics in 2012, detailed how the fake products were allegedly “smuggled into the US … in small parcels disguised as gifts” by employees of a Turkish drug distributor. Eventually, the drugs found willing buyers in the oncologists office or business managers who purchased them (physician purchasing of oncolytics is a common practice). One realizes that no drug-tracking process will prevent such crimes.
Some physicians implicated in the fake Avastin scandal have been charged and convicted by US Dept. of Justice action. But the report from a Brookings Institution meeting held last summer on the subject (“Reducing the Threat of Counterfeit and Unapproved Drugs in Clinical Settings”) concluded with a call for “targeted education” of healthcare providers involved in drug purchases, providing them “with easily accessible and readily available information” about fakes, and developing “financial and other disincentives” to “deter the purchase and administration” of such drugs. In other words, let’s agree to do the right thing.
Situations like the fake Avastin (which has been followed by illegally distributed Botox, Medicare-reimbursed drugs resold illegally, and a stream of fake product showing up in international mail) bring consumer anticounterfeiting protections to the fore, and according to industry experts, there is a rekindling of activity in this technology.
Acsis, for one, has entered into a partnership with Kodak Commercial Imaging to combine the former’s data-management software with the latter’s marking systems (both overt and covert) for product authentication. The combined system—which can be applied to many other consumer products besides pharmaceuticals—incorporate “unique, serialized visible and invisible marks onto brand owners’ products or packaging. Marks can then be authenticated, tracked in a database, and traced throughout the distribution chain in a secure, cost-effective, and reliable manner.”
Multiple vendors of anticounterfeiting attachments, such as holograms or taggants, or various paper-based watermarks, security inks and related resources are being combined with the serialization requirement. The idea is to enable both drug tracking (via the serial number) and authentication (by checking the hologram or other embedded element). The International Hologram Mfrs. Assn. is touting products from, among others, KURZ, to provide such security.
Meanwhile, Rondo-Pak (Norristown, PA) is introducing a “digital watermarking” technology, branded as InvisiMarc, to its folding carton product lines for pharmaceuticals and medical devices. The watermark (or multiple watermarks) combines a means of communicating with consumers, providing product-identification information, and adding to brand security, in a manner similar to QR codes that can be read by smartphones—but without taking up package real estate with the QR code itself. “Rondo-Pak’s Digital Watermarking opens up a wide variety of possibilities for customer interaction and brand protection that are not attainable through traditional marketing and authentication techniques,” said Victor Dixon, president.
In the injectables/prefilled syringes arena, Schreiner MediPharm, in combination with its parent’s ProSecure division, has been providing high-functionality labels that provide tamper evidence, brand security and product identification. The company also has access to a variety of proprietary anticounterfeiting technologies that can be used for covert security.
Meanwhile Vetter GmbH (Ravensburg, Germany; US HQ in Skokie, IL) issued a statement in late March announcing that it would provide a “flexible” serialization service, with GTIN codes on cartons, cases and pallets, and that the system would be operational by the end of this year. “Our serialization service will enable that packages include unique identification necessary to support product security and supply chain efficiency,” said Thomas Otto, Managing Director, in a statement.
In testimony, in early March, before a House Subcommittee on Oversight and Investigations, Howard Sklamberg noted the increasingly international scope of FDA’s efforts to control counterfeit distribution. A Cyber Crimes Investigation Unit, within the agency’s Office of Criminal Investigations, is now focused on rogue online pharmacies and distributors selling bulk products or APIs illicitly.
“While the new authorities under DQSA and FDASIA [FDA Safety and Innovation Act of 2012] help address some of the risks posed by counterfeit drugs, they will not prevent all types of illegal diversion or distribution schemes that FDA has discovered in recent years,” he testified. There’s a lot of work yet to be done.
SERVICE PROVIDERS MENTIONED IN THIS REPORT: