Traceability end-of-year update

FDA plods along; industry builds out barcode installations, and IT experts pay closer attention to blockchain technology


serialization bottle

Fig. 1. Barcoded bottles coming down the line. Credit: Woodfield Distribution

At the beginning of this year, Pharmaceutical Commerce called 2017 “Year Zero” in the march toward end-to-end pharma traceability. The ostensible reason was that November 2017 was to be the date when effectively all new pharmaceutical packages entering US commercial distribution were to have a unique serial code on them. An insider’s reason was humor: pharma traceability has been progressing, with much backtracking, for over a decade, ever since guidances came out of FDA in the early 2000s recommending some way to identify the “pedigree” of authentic products in distribution. (Historians can note that counterfeit healthcare products became an issue at multiple times over the 20th century, even predating FDA. In the 19th century, there actually was “snake oil” as a healthcare product—and it was counterfeited, too.) Traceability has been a never-ending journey for the pharma industry.

Well. Soon after the “Year Zero” label was applied, FDA announced a one-year delay to enforcing the November 2017 requirement. (We’ll hold off on calling 2018 Year Zero, Year One or anything else!) So now, under the mandates of the Drug Supply Chain Security Act of 2013 (DSCSA), the serialization will occur in 2018, to be followed by requirements among US wholesaler-distributors and others to verify the authenticity and sell-by dates of drugs they receive by 2019. Pharmacies and health systems have requirements to be met during 2020–2022, and everything is supposed to be digitized, recorded and verifiable by 2023.

The US activity is paralleled by the Falsified Medicines Directive (FMD) in Europe, and similar efforts in approximately 40 countries around the world that will apply some level of traceability to pharma packages. Europe’s effort goes back to an initiative set in 2011; the date when packages in distribution are to be verified at the point of dispensing is February 2019. Most countries around the world are holding closely to the US model of tracking pharma shipments point by point; the European model, coming out of the parallel trade policies in the European Union (which are intended to streamline trade between EU members) is a so-called “bookend” approach that verifies package authenticity at the point of origin and point of dispensing, but leaves out most of what happens in between.

The specific goal for FMD’s promulgation is to minimize or thwart altogether the entry of counterfeit products into commercial distribution. That’s the ostensible goal of DSCSA as well; however, as critics of the DSCSA effort have maintained all the way back to the early 2000s, counterfeit product is a relatively insignificant part of US distribution. While the DSCSA system will also hinder counterfeit introductions, commercial managers in pharma see potential value in minimizing drug diversion, where distributors shift products intended for one commercial channel (and one price) into another (and another price). Achieving Amazon- or Walmart-like supply chain efficiency and transparency is also a potential benefit.

There has been relatively little regulatory action since FDA announced the one-year postponement of serialization requirements, and at the time, the delay elicited only a subdued response. FDA is behind schedule on several guidances that were supposed to be issued; one thing it did do last spring was to reopen a request for comments on proposed pilot projects to demonstrate industry capability to meet the 2023 goals (the first request was made a year earlier). The comment period ended in September, but FDA has yet to announce an actual solicitation.

Some of the industry commentary was that pilots have been successfully carried out (by Johnson & Johnson, and by a joint project of the Healthcare Distribution Alliance and wholesalers and manufacturers: the “Saleable Returns Pilot” to test the ability to process items returned to wholesalers from retail pharmacies). Other comments—such as from the community and chain pharmacy sector—were to caution FDA that the technical requirements of DSCSA are likely to be beyond the capability of many pharmacies (the National Assn. of Chain Drug Stores noted that “there are some small dispensers that do not even have an IT department. For any pilot project to work on a larger scale, those running the pilot project must ensure that they test whether the pilot project will work for even those with the most basic IT capabilities.”

FDA is scheduled to hold a second and third public workshop at FDA headquarters on Dec. 6 and Feb. 28.

While there has been intense wrangling over the processes for managing traceability data throughout the supply chain, the initial step—encoding pharma packages with 2D barcodes—has many commercially demonstrated installations up and running. A large and growing set of vendors provide this equipment, and most manufacturers have functioning packaging lines. Over the past couple years, there had been concern that contract manufacturing organizations (CMOs) were far behind the major manufacturers in serializing their lines, and while there are still many not yet equipped, the picture is considerably better now. TraceLink, one of the leading vendors of network serialization software, announced in mid-October that more than 100 CMO’s were linked to its platform, the TraceLink Life Sciences Cloud (presumably, a CMO wouldn’t do this unless it were able to produce serialized packages on its lines.)

Open SCS LogoOpen-SCS
An industry standardization effort, initiated by packaging equipment vendors but now with a number of manufacturers and enterprise-software vendors participating,* announced a helpful industry standard for data exchange between a manufacturing site and the business enterprise, i.e., Level 3 and 4 (Fig. 1). The Open-Serialization Communication Standard (Open-SCS) Working Group is in the process of publishing a voluntary standard, “Packaging Serialization Specification 1.0” (PSS 1.0).

PSS 1.0 aims to resolve communication variations among IT systems handling Level 3 (plant or distribution center sites) and Level 4 (corporate enterprises) for four common use cases:

  • Serial number provisioning
  • Serialization report transmission
  • Batch & master data repository
  • Unused serial number return.

To date, the IT traceability systems of such vendors as TraceLink, Systech, SAP and others have their own methods for carrying out these functions; it is easy to envision a scenario where serialization systems of different vendors co-exist under one enterprise, or—a common situation—where the serialization processes being carried out at a contract packaging organization need to be communicated to the enterprise client of the contractor. In theory, having a common standard for these communications will simplify the implementation of serialization systems, reducing implementation costs, and give packagers more flexibility in mixing and matching the various IT solutions. Vendors are also looking at a global serialization mandate, where various countries are putting their own spin on what data needs to be reported to whom.

Optel Vision, which organized an industry meeting in 2014 on the interoperability topic, has been pushing hard for serialization vendors to come together on the standards. “As a systems integrator of packaging-line serialization, we estimate that between 500 and 1,000 hours are needed to build interfaces among the various pieces of equipment and software systems,” says JP Allard, global serialization program manager at Optel Vision. “Standardization could cut that down to 30–50 hours, with added benefits later on as software and hardware upgrading occurs.”

PSS 1.0, according to announcements at September’s Pack Expo meeting, will be formally issued in November, and will include functional specifications, IQ/OQ templates, a validation test and a certification plan, among other elements. The working group is finalizing documentation, running a multi-vendor test and setting up the certification program. “This important announcement follows more than two years of committed collaboration by our technical group,” Marcel de Grutter, executive director of the Open-SCS Group (and an IT manager at Abbott). “Now that the initial standard is released, we are hoping for its expedient adoption across the industry: that will be our next challenge.”

Open-SCS is not done, by any stretch. Plans are already in place for PSS 2.0, intended to address communications issues between Level 3 and Level 2 (the packaging line; i.e., controllers and smart devices on the line). Use cases are still being determined; presumably, this standard will encompass nagging serialization issues like parent-to-child relationships among serial numbers (e.g., when multiple units are aggregated to a single case). PSS 2.0 is scheduled to arrive during 2018.

A helpful aspect of PSS 1.0, and the Open-SCS Working Group overall, is simply to bring the serialization process into a format that industrial automation vendors are accustomed to in other aspects of pharma manufacturing—specifically, the Level 1-4 “stack” of automation levels. This terminology is common to the automation frameworks of organizations like the International Soc. of Automation (ISA), with which Open-SCS is coordinating its activities. It’s reasonable to ask why this standardization didn’t occur five or more years ago as serialization systems began to be installed; better late than never, one can assume. Then there’s the question of where the GS1 standard for serialized supply chain events (EPCIS) leaves off and Open-SCS steps in.

Brian Daleiden, VP of industry marketing at TraceLink, says that there is a “synergy” between EPCIS and PSS 1.0. Dirk Rodgers, regulatory strategist at Systech International, says that EPCIS is mostly about data-sharing between trading partners, while PSS 1.0 handles data moving up and down in the packaging process.

All that being said, the Open-SCS group represents progress in establishing serialization technology. Customers of this technology will do well to check the certification status of their vendors going forward.

data monitoring

Fig. 2. The workflow for data moving between the various automation levels within a site, and from the site to the enterprise, as defined by the Open-SCS Group. Credit: Open-SCS

Who has the data?
As the 2023 finish line gets closer, the debate over how traceability data in supply chains is to be handled has intensified. With Europe’s FMD, the issue is relatively straightforward, helped along by the fact that most of Europe manages pharmaceutical reimbursement through a single, national payment system. Already, the European Union set up a quasi-governmental organization, funded and operated by manufacturers and supply chain participants, the European Medicines Verification Organization (EMVO). Although the mechanisms are still being developed, and there are some variations from country to country in the system, each EU member has a central repository of stored product identifiers. Pharmacies and other end purchasers of pharmaceuticals are to verify the product ID against the national database, and the authentication process is essentially complete. A pan-European data repository acts as a switching point to route verification requests from one nation’s repository to another’s.

In the US, FDA has hinted at getting such a central repository set up, but most industry players are adamantly opposed to this, preferring some type of distributed data repositories. “A centralized system with the ability to see and know a product’s status at any point in the supply chain would also require trading partners to undertake actions the DSCSA does not mandate,” wrote Anita Ducca, HDA’s SVP, regulatory affairs, in comments to an FDA solicitation this year. “Data access, ownership and security would also pose significant hurdles … [and] because of the volume of participants, including dozens of wholesale distributors, hundreds of manufacturers, and hundreds of thousands of dispensers, we anticipate obtaining industry-wide participation in such a system, and governance of it, to present very significant challenges.”

There’s some irony, then, in an effort undertaken by HDA itself to bring some scale and efficiency to data exchange has now entered the courts. This summer, HDA set up a hosted (by ValueCentric, an IT company with long experience in managing pharma supply chain EDI data) database, Origin, to store the GTIN identifiers of products entering commercial distribution. GTINs are not, themselves, the complete traceability record of a package (that would be a serialized GTIN, or sGTIN, plus transaction history information). In late October, TraceLink filed suit in federal court* against HDA.

* There are 25 members currently: Abbott, ACG Inspection Systems, Adents, Advanco, Antares Vision, Arvato Systems GmbH, ATS Global, FacilityBoss, Giesecke & Devrient, Laetus, Mettler Toledo PCE, Omron, Optel Vision, Pfizer, Roche, Rockwell Automation, SAP, Systech International, Tradeticity, Teva, TraceLink, Uhlmann, Vantage Consulting, Werum, and Wipotec-OCS.

TraceLink’s case alleges that Origin is a “conspiracy” by HDA to monopolize product identity information. HDA’s intent, it is claimed, is to “coerce” its members (which constitute the vast majority of primary wholesaling in the US) to use Origin, and has set up “exclusionary license contracts” to hinder pharmacies and other supply chain participants from using alternative products, specifically TraceLink’s Life Sciences Cloud. Already, says TraceLink, “a number of TraceLink’s customers have discontinued their subscription to TraceLink’s Life Sciences Cloud to date, with an unknown number of them switching directly to the HDA’s competing solution.” Earlier this year, TraceLink set up what appears to be a comparable offering, the Network Product Master Data Service, which includes a capability to discover NDC data among its hundreds of clients and make that available to other members of the network.

TraceLink seeks to enjoin HDA from making participation in the Origin data repository mandatory, and to recover $30 million from HDA for damages. “We are reviewing the complaint and do not have any further comment at this time,” according to an HDA spokesman.

When Origin was announced, HDA seemed to be clear that the repository was a database only of identifiers, the so-called Global Trade Item Number (GTIN—and specifically, the GTIN-14), which does not include either unique serial numbers, or transaction history information. TraceLink’s suit acknowledges some of this, noting that Origin “is solely a data repository that identifies specific packages of drugs that have been put into the supply chain,” and that “to the contrary, the Life Sciences Cloud provides the user not only with this information, but also with information regarding, among other things, when and to whom the product was sold.” However, that word “specific” in the TraceLink statement points to serialization data.

TraceLink’s suit goes on to note that the use restrictions on Origin “which in the very least require users of competitive track and trace solutions to incur substantial opportunity costs by forcing them to re-enter their data into the competitive systems, effectively prohibit manufacturers and distributors from dealing with competitors, like TraceLink.” And this points to a workable, if onerous, solution: either HDA makes the Origin data available to companies like TraceLink, or TraceLink customers go through the process of entering their GTIN data with both Origin and with TraceLink’s Life Sciences Cloud. Obviously, such duplication of effort runs against the grain of DSCSA, in that it is highly problematic for two data repositories to be exactly identical. (The alternative, that TraceLink be the sole repository of GTIN data, is equally problematic, given that there are numerous competitors to TraceLink.)

“The issue is not over data ownership,” says Shabbir Dahod, president and CEO of TraceLink, “but is about creating an open, interoperable system for GTIN data that allows all solution providers, including TraceLink, to compete” versus what is said to be the closed, proprietary system that HDA has created. “GTIN information is at the core of what must be shared, by trading partners or by vendors like ourselves to service the industry.”

Blockchain coming on
Seemingly from left field, a relatively new technology—the “distributed ledger” technology commonly known as blockchain—is generating more interest among traceability experts (Pharmaceutical Commerce, July/Aug, p. 22). The inherent nature of blockchain is a network of linked databases, with cryptographic methods to store time-stamped data, such that altering the data undetected is virtually impossible. As applied to pharma traceability, blockchain could enable trading partners to exchange transaction data of serialized pharma shipments with each other, with an “immutable” record of the transaction, and with the record being “hashed” (cryptographically encoded) so that the trading partner originating the message can protect all or part of it from others’ view. It is also possible for a blockchain network to run without any central authority, although most conversations about the application involve some method to validate who can participate in the network.

One indicator of interest in blockchain is its growing interest at HDA. From a one-hour session at the 2016 Traceability Seminar, this year’s meeting will feature a five-hour workshop on the technology. Also, the Institute of Electrical and Electronic Engineers (IEEE) held a meeting in mid-2017, with more in the works.

Bob Celeste, a former GS1 US Healthcare manager and now principal of a consulting firm called the Center for Supply Chain Studies (www.c4scs.org) has run a series of study projects on the topic, with a proof of concept study scheduled for 2018. Work to date has determined the six challenges the topic currently faces in pharma traceability:

  • To establish an electronic connection between non-adjacent trading partners
  • To establish trust between these trading partners
  • To share required data without exposing proprietary data
  • To support traceability activity at trading partners
  • To design for expansion beyond DSCSA compliance
  • To fund the architecture.

A feature of C4SCS’ approach is to use simulation modeling tools for network activity: “Study participants suggest use cases or modifications to traceability activity, and the model can determine what is feasible,” he says.

Another effort has been announced by a partnership of two San Francisco startups: The LinkLab LLC and Chronicled, who have developed a prototype blockchain called MediLedger. Genentech, Pfizer, AbbVie, AmerisourceBergen and McKesson have participated in the endeavor to date. Susanne Somerville, co-founder of The LinkLab, says that the prototype is “blockchain agnostic” (i.e., of the variety of blockchain frameworks in existence, there is no preferred version as yet), but the prototype work has been performed with Quorum, an offshoot of the Ethereum protocol, which is supported by J. P. Morgan and Microsoft, among others. Interestingly, both the C4SCS and MediLedger projects, as well as a blockchain effort by Unisys, are looking at pharma cold-chain logistics as a test case for applying the technology to life sciences. A progress report is promised from LinkLab before the end of the year.