Industry, regulators hit reset button on product serialization

While California’s e-pedigree initiative sits on a shelf, actions in Washington and Brussels point to renewed efforts for track-and-trace of pharmaceuticals



While some wind went out of the sails of the national effort to implement item-level tracking of pharmaceuticals after California postponed its e-pedigree rules in September, new developments continue to push the topic along. These events are occurring both in Washington (at FDA and, potentially, in the U.S. Congress) as well as in Brussels, Belgium, home of both the European Parliament and the GS1 organization, whose GS1 Healthcare Group is producing a lot of paper (if not actually standards) on its campaign for identifying and tracking everything related to healthcare products.

Meanwhile, major pharmaceutical companies, including Pfizer, Eli Lilly, Novartis, Genzyme, Abbott and others are implementing varying degrees of product identification or authentication technologies. Most companies plan to be in some form of compliance with GS1 or other industry standards, but since the standards themselves are evolving, it’s something of a leap of faith.

The latest actions:

  • In January, just before the Obama Administration took office, FDA issued two Federal Register notices: “Secure Supply Chain Pilot Program” and draft guidance for “Standardized Numerical Identification for Pharmaceutical Packages;” both of these are up for 60-day comment periods.
  • In December, the European Commission issued a proposed directive for preventing “falsified” (including, but not limited to, counterfeit) drugs from entering the supply chains of member nations. The action would be up for voting eventually in the European Parliament; it parallels actions going on in member nations, as well as Turkey.
  • In October, GS1 Healthcare, having set up numerous committees or working groups to develop standards for identifying and communicating trade transactions, gave an update of the “Global Traceability Standard for Healthcare” (GTSH) which is in draft form and is expected to be ratified “early in 2009.” In giving the update, GS1 said the organization “will continue to support the Pedigree Ratified Standard v1.0 in its current version, until the GTSH can replace it.” Hanging in the balance (and seeming to be receding from focus) was the effort to bolt together the drug-pedigree standard with the Electronic Product Information Service (EPCIS) standard, which is also a GS1 product.


Anticipated—but not, at presstime, a fact—is the revival of federal legislation that was introduced in the previous U.S. Congress, especially HR 5839, the “Safeguarding America’s Pharmaceuticals Act.” The bill would set a timetable for serializing drug packages and tracking them through distribution, starting in 2015. That year is also the deadline date for California’s now halted e-pedigree program.

Any number of industry vendors, and manufacturers themselves, were frustrated by the off-again, on-again rollercoaster that drug tracking has experienced over the past year. While industry activity has slowed, it hasn’t stopped, they say. “Many companies need to move forward, either for meeting a regulation in Turkey or elsewhere in Europe, or simply to protect their own products better,” says Dan Walles, director, product management, at SupplyScape (Woburn, MA).

“We’re being pulled into a surprising number of internal strategy meetings at our pharma customers,” says Paul Fowler, chief strategy officer at Axway (Scottsdale, AZ). He cites the ongoing concern over counterfeiting, as well as product diversion—some manufacturers are seeing their products show up on E-Bay, and want to know how they got there.

“We haven’t seen a slowdown in activity,” says John Krachenfels, solutions executive for IBM, “but what we are seeing is an increased number of use cases, such as for tracking cold-chain shipments, better handling of product recalls, and claims resolution.” IBM is one of the few companies to have rolled out updated products subsequent to the California postponement: The company has taken its existing WebSphere RFID Info Center (which was designed to meet the requirements of the EPCIS standard) and incorporated elements from its acquisition of the business-intelligence firm Cognos. The new product, called InfoSphere Traceability Server, is said to provide intelligent monitoring of supply chain activity. Another product, IBM WebSphere Premises Server, also enables supply chain data to be gathered in an EPCIS-compliant manner.

Focus on the hospital supply chain
Over the past year, much of the standards-setting agenda for drug tracking has shifted from the supply chain from manufacturers to pharmacies, to the supply chain of the hospital pharmacy (or GPO) to the patient’s bedside. In truth, both of these application areas have been progressing all along, but now the pace of activity in the healthcare setting seems to be dominant.

“This is the first time in four years that I’ve been asked to give a presentation that doesn’t involve pedigree issues,” noted Bob Celeste, a technical director at GS1 Healthcare US, when he spoke at an Anti-Counterfeiting and Anti-Diversion Strategies meeting (Center for Business Intelligence; Oct. 20-21; Vienna, VA) this fall. GS1 Healthcare (for which the U.S. group is just one national representative) is developing a long list of standards for characterizing healthcare products (GTIN, the Global Trade Item Number), identifying locations (GLN, the Global Location Number), and distribution processes (GDSN, the Global Data Synchronization Network), as well as the aforementioned GTSH.

During 2008, several healthcare groups have merged their supply-chain optimization efforts with GS1, including the Healthcare Supply Chain Standards Coalition, the Assn. for Healthcare Resources & Materials Management (AHRMM) (Pharmaceutical Commerce, Sept, p. 21). Celeste says that 6,500 hospitals now use GLN for identifying over 145,000 locations (which could even include multiple locations within one hospital building).

GLNs and GTINs could be a big help to GPOs, who often have trouble not only ensuring that deliveries get to their member healthcare facilities, but sometimes even to identify which facilities are members of which GPOs. In December, Premier Inc. (Charlotte, NC), one of the largest GPOs in the U.S., sent a letter to its suppliers (which include pharma manufacturers) requiring them to be GS1-compliant 2012, and to take inital steps this year and next to ensure readiness in 2012. It sent a similar letter to member companies recommending that they begin the transition themselves.

“It’s not realistic to expect any organization, whether a supplier or a member company, to adopt these standards overnight,” notes Joe Pleasant, CIO of Premier. “All of us will need some type of interim system, using lookup tables to translate identifiers from existing systems to the GSI system. “Our advice is to start getting the IDs of individual products, sign up for the GLN numbers, and begin making the transition now. These parts of the GS1 system are fully functional today.” Pleasant is on the board of directors of the GS1 Healthcare Group.

Premier isn’t the only GPO getting on the GS1 train. Amerinet, Consorta, Healthtrust, Medassets and Novation have joined the GS1 Healthcare US group, and HealthPro and MedBuy, both in Canada, are participating in that country.

Broadening the base of GS1 supply-chain partners to include healthcare facilities dilutes, to some degree, the focus on counterfeit and diversion in the pharmaceutical supply chain. Another dilution will come from the inclusion of medical devices (where, in some cases, ID codes are embedded in the device itself—not on a package label). However, as Andrew van Ostrand, VP for policy for the Health Industry Distributors Assn. (Alexandria, VA), pointed out at the October meeting in Vienna, VA, “100% of HIDA members deal with drug-pedigree issues” because at least some of their products include pharmaceuticals, and, on average, 25% of their inventory contains some type of pharmaceutical. HIDA members primarily handle medical device distribution, and often, these devices come in a kit that includes a drug to be administered.

Serialized NDC (sNDC)
FDA’s January proposal for “serialized National Drug Codes” (sNDCs) follows through on orders from Congress contained in the FDA Amendments Act of 2007 (FDAAA), requiring the agency to develop a “standardized numerical identifier” system for drug tracking that is “harmonized” with international efforts. By choosing to incorporate NDCs, FDA is trying to settle a debate that has gone on since the early days of drug tracking development, where manufacturers disliked including NDCs in a tag (especially RFID tags), but wholesalers and retailers insisted on it to manage their internal inventory processes.

FDA’s proposal envisions the ten-digit NDC being combined with eight additional digits to provide unique identifiers for drug packages. Expiration dates and lot numbers are not included in the sNDC (but could be encoded within the eight added digits, if a manufacturer decided to do so). The sNDC, in turn, could be incorporated into the overall GTIN schema from GS1. “Use of sNDC is compatible with, and may be presented within, a serialized [GTIN],” says the proposal. However, the FDA proposal does not explicitly endorse the GS1 system.

Blood products, generally speaking, do not use the NDC system for identification; FDA says that the existing International Soc. for Blood Transfusion (ISBT 128) scheme may prove acceptable.

The European Commission announcements are more focused on anti-counterfeiting, with the added complexity of allowing for repackaging for the so-called parallel trade that goes on among EC members, whereby drugs initially sold at one price in one country are exported, repackaged and sold for another in another country. The EC proposal specifies that authentication is established by “assessing overt, covert or forensic devices,” that the system “identify individual packs” (which pretty much mandates a serialization process), and that the recipient “verify whether the outer packaging has been tampered with.” In cases of repackaging, the new package should have features that are “equivalent” to the original protection.

On the private-industry side, the European Federation of Pharmaceutical Industries Assn (Efpia) remains on the verge of issuing an RFP for a comprehensive pilot of serialized pharmaceutical packaging moving through a supply chain to a point of dispensing. The project was to have been started by the end of last year, but at presstime, the RFP is still absent.

Cloud computing comes to pharma
For as much industry participation and planning work going on in the industry today, GTIN and GLN are fairly straightforward technically. Everyone agrees on numbering conventions for the various “G” items, converts their internal reporting and recording processes to handle the codes, and works through the communication issues and exceptions.
The technical issues are more knotty for how these data are to be stored and then made available to supply chain participants. It is one thing for a manufacturer to set up a reporting process for its direct trading partners; it is another to set up a universal data “pool” (the term GS1 uses) whereby any customer or entity can look up product data and verify the accuracy and integrity of a product.

GS1 has set up 1Sync, a data pool for GS1 members in most of the industrialized world; GHX (Louisville, CO), a private company owned by a group of healthcare products suppliers (including J&J, Covidien, Abbott, each of the Big Three wholesalers, and many equipment suppliers) is in the process of setting up another.

Successful use of data pools requires a standardized “Discovery Service” (as GS1 has labeled it) to allow queries to be routed to where they are needed. The overall system (which GS1 is still in the process of defining) shares the attributes of what is coming to be called “cloud computing,” where both data and applications reside in diffuse networks of servers, and information is shared as needed and permitted.

“There is a problem arising in smaller companies being able to manage the IT duties of these processes,” says Axway’s Fowler. “We provide our technology in a SaaS (software as a service) version, which helps the IT departments of smaller manufacturers, but there’s still fair amount of effort to work with these technologies.” The emphasis is changing from compliance with state-level pedigree rules to providing GS1-compliant data to trading partners that require it.