2014 Product Security Report

Nicholas Basta;

2014 Product Security Report

April 28, 2014

By Nicholas Basta

Publication

Article

Pharmaceutical CommercePharmaceutical Commerce - May/June 2014

A new federal law sets the US industry's agenda for years to come; efforts globally are moving ahead

Fig. 1. What the US is avoiding? The fragmented serialization framework of EU countries will change as the Falsified Medicines directive takes effect. Source: EFPIA

With the passage of the Drug Quality and Security Act (DQSA) last November, there’s a sense in the US pharma industry that the way forward is now clear: over the next nine years, the industry will adopt expanded serial codes on product packages, first at the lot level and then at the unit level; and they will exchange information on the disposition of these packages up and down the supply chain. Moreover, there appears to be enough overlap between what manufacturers selling into the US market need to do and what those selling into Europe will deal with, so that a broad international consensus is developing. (There are exceptions, of course; notably China).

The transformation won’t come cheap: At its basic level, the product serialization required by DQSA (or, to be more precise, the Drug Supply Chain Security Act—DSCSA, which is Title II of DQSA, and is becoming the preferred acronym for the subject) costs $150—300 thousand per packaging line, and there are tens of thousands of packaging lines around the world. (However, it’s worth noting that thousands of lines have already been serialized.) Additional costs will accrue as manufacturers, and their business partners, install IT systems to store and transmit serial codes and transaction histories with each other. Still to be determined is who, or where, these data repositories will be connected and managed so that any participant in the supply chain—a local pharmacy or doctor’s office, or even patients themselves—can check a product’s history and integrity.

Besides the obvious—meeting a regulatory requirement—what does the US pharma industry gain from the serialization effort? Ron Guido, a former supply-chain security executive at J&J, and now an independent consultant, speaks of a “compliance ROI,” or “C-ROI,” that will be available to not just supply chain managers in pharma, but trade relations, patient support, marketing and other managers. His list includes:

Increased accuracy of inventory accounting and disposition
Improved supply-demand balancing to better signal production requirements
Improved tracking of new product sales and reorders
Reduced time and expense devoted to chargeback and rebate reconciliation
Reduced cargo security risks and inventory theft
Improved effectiveness and efficiency of the product recall process
Increased supply chain velocity—reduced lead times
Increased knowledge of shipments into each class of trade—fewer drug shortages
Improved effectiveness and efficiency of product returns processing
Reduced financial exposure and liability due to expired and damaged goods
Improved tracking and tracing of drug samples and clinical trials inventory
Reduced gray market diversion and unauthorized pricing arbitrage

As just one example, Justin Schroeder, marketing coordinator at PCI (Philadelphia), a contract packager now installing more serialization systems in its facilities, cites an unnamed veterinary-health client who wanted to track how much product was flowing through veterinary offices (its preferred channel) and how much through mail-order or direct-to-customer channels, where suggested retail pricing is harder to maintain. With serialized product data and feedback from customers, it could maintain better control of channel inventory and, ultimately, revenue.

These examples are worth citing because a constant criticism of the effort behind DSCSA was a) there’s very little counterfeiting going on in the US market; and b) serialization won’t prevent its occurrence. Both of these are true, at one level, but at another—touching on overall consumer awareness of the dangers of counterfeiting; and building a stronger degree of security into today’s global supply chain—both miss the point. In effect, critics are saying that past security practices will be sufficient for the future marketplace, and that counterfeiters and other bad actors can’t evolve their own countermeasures. In other words, we’re winning the last war, but not preparing for the next one.

Fig. 2. Vetter Pharma’s unit, case and pallet serialization schema shows the nature of “parent-child” relationships. Credit: Vetter

Here and now

With the law in place—and with comparable efforts going on around the world—industry managers are getting very busy. The mantra of “get your RFPs in early, because there’s going to be a crunch in the next 18 months” is being heard again. Here’s a laundry list of industry activities involving, or setting the context for, supply chain security globally:

The Pharmaceutical Distribution Security Alliance (PDSA), the grouping of 25 industry associations and distribution companies that helped build the industry consensus that led to the law’s passage, is still up and running, with a focus now on how wholesaler and third-party logistics providers (3PLs) will handle national licensure requirements (a new regulation included in DSCSA)
The Healthcare Distribution Management Assn. (HDMA) has a serialization work group that is digging through the intricate details of DSCSA documentation rules, especially around the “transaction history” data that will have to be available come next January
The GS1 organization, of which GS1 US Healthcare is the key part focused on industry standards for data exchange and barcoding, is developing a “version 1.1” of the EPCIS standard. This standard, which was published a year ago as the latest thinking on how to digitally communicate drug-distribution information (Pharmaceutical Commerce, May/June 2013, p. 12) is getting an interim lookover to ensure that it is meeting the newly passed law. The problem is, a thoroughly compliant guideline must await FDA itself coming out with its guidance—which won’t happen until November. At that time, says Bob Celeste, GS1 US Healthcare director, a full-blown “version 2.0” will be prepared.
In Europe, a crucial agreement was made between SecurPharm, a public-private partnership to establish serialization requirements in Germany, and the “European Stakeholder Model” (ESM), a grouping of four pan-European trade associations. SecurPharm has already built and piloted a system to impose a unit-level, unique code on packages, and then have that code verified at retail pharmacies and other outlets. ESM has established technical parameters for data exchange, and hired a UK IT firm, Solidsoft, to build a central data repository. The merged efforts will bring much of the EU drug-distribution data system interoperable—and per an EU Falsified Medicines Directive, this is to happen by 2017.
Germany is going forward with another, related program within its national standards institute (DIN) for a guideline for “tamper verification features for medicinal packaging.” This standard will become part of the pan-European CEN standard, currently identified as Technical Committee TC 261/SC 5/WG 12. Eventually, tamper-evident features could be combined with the authentication features of serialized products. This effort has a 2015 date for completion.
Serialization and authentication guidelines are moving forward in China, Brazil, India and elsewhere, although the deadline dates and technical requirements keep shifting. India is supposed to have a system in place for exported products this summer. China, unlike most of the rest of the world, is moving forward with a linear barcode requirement, unlike the 2D barcode to be used in the US and Europe.

For now, and for most of the world, a common thread is GS1 standards for 2D barcodes, and some variation on the ASN (Advanced Shipping Notice) guidance that currently exists in US and European standards for electronic data interchange (EDI). (The ASN guidance is a part of GS1’s “version 1.1.” guidance; the question will be, can this years-old standard be extended to cover the new requirements of the DSCSA law.)

“Warehouse management systems live in ASN, which has been commonplace for at least 20 years,” says Tom Kozenski, product manager at JDA Software. “The question now is how to extend ASN to include segments relating to serial data. EPCIS, the GS1 standard, includes ‘event’ information from which the transaction history of a shipment can be obtained; my feeling is that all of this will come together well in time for the 2023 DSCSA deadline.”

Much of the US industry is watching next moves by FDA closely. DSCSA has specific deadlines for FDA to meet. The key, near-term ones are:

May 26, 2014: guidance on identifying suspect product
Nov. 27, 2014: guidance on interoperable exchange of transaction-related information
Jan. 1, 2015: database of authorized wholesale distributors

Also on January 1, manufacturers, wholesale distributors and dispensers (retail and hospital pharmacies) are to be ready to document that they work with authorized trading partners only, and to have product-verification systems in place that will document, at the lot level, that products have been received in an approved manner. On the one hand, many wholesalers and retailers already have such verification systems in place; on the other, there doesn’t seem to be a stampede, as yet, of retailers building out necessary IT systems. The unofficial word circulating in the industry is that the wholesalers who, for example, manage networks of independent pharmacies will be able to provide the verification processes as a service to their customers.

The pace of actual serialization implementations—both of hardware and of software—never actually stopped during the years between 2008 (when California postponed its statewide program until 2015) and the passage of DSCSA last November.

“Companies that were making preparations for the California e-pedigree rules are in a pretty good position right now to meet 2015 deadlines,” notes Greg Cathcart, president of Excellis Health, a consulting group. “This includes the major wholesalers and retail chains. But many hospital pharmacies, independent pharmacies and others are almost discovering the serialization and tracking rules for the first time.”

But now, industry vendors are cranking up their project activity. One key difference between where manufacturers were headed to meet the now-defunct California e-pedigree rule, and today’s regulatory framework, is that product cartons needn’t have strict “aggregation” practices in effect. When DSCSA established that products would be traced for the next several years, only at the lot level, that enabled both manufacturers and wholesalers to ensure that cartons (which typically contain 24—96 packages, although there are many variations on this) needn’t be opened and verified—a major sticking point for wholesalers, whose high-speed stocking and picking operations would grind to a halt if every incoming carton had to be opened and packages individually verified. This aggregation of “parent” (carton) and “child” (package) data is much simpler as long as different lot numbers aren’t jumbled in the same carton.

The US’s standard to track products at the lot level, for now, means that Europe’s drive to identify individual packages with unique serial numbers will be a more advanced technology (Fig. 2). FDA, along with a number of industry groups, had pushed for unit-level serialization in the run-up to passage of DSCSA (FDA had previously developed a “serialized numeric identifier” [SNI] guideline for this), but the legislators ultimately compromised on the lot-level tracking. In theory, European and US standards will eventually come together as the US industry devises reliable aggregation techniques.

Current leaders in the serialization technology market include Acsis, Systech, Optel Vision, Antares-Xyntek and Seidenader (part of the Korber Group). Other contenders include ROC IT, rfXcel, Covectra, Frequentz and Mettler-Toledo. IT companies such as Axway, International Business Systems, JDA Software, Oracle, TraceLink and SAP have enterprise-level data-collection systems to enable line data to be communicated to trading partners. Around these firms, at least in the US, are a wide variety of consulting firms to provide strategic or operational support in a serialization effort: Excellis Health; Accenture; PwC; Pharma Logic Solutions and BrandSure LLC. Additional resources are available from manufacturers of packaging equipment, including such firms as Uhlmann Packaging, Bosch Packaging and Omega Design.

Fig. 3. What you don’t want to see if you’re running a rogue online pharmacy. Credit: US DOJ

Counterfeiting focus

News reports of industry activity to combat counterfeiting provide a mixed message in a serialization context. In early April, Eli Lilly provided some details about its current serialization efforts (into which it is committing $100 million). According to the April 6 Indianapolis Star article, Lilly is “finding a way to stamp unique codes and serial numbers on every drug package it sells worldwide, so each shipment can be tracked and verified as genuine as it moves from plant to patient. The hope is to weed counterfeit product out of legitimate drug distribution channels, since counterfeiters won’t know the right serial numbers to stamp on their fake goods.” Which sounds like a rock-solid defense of Lilly’s supply chain.

But a few days later, a Wall Street J. (April 8) article, recapping news relating to how fake Avastin entered multiple US oncology clinics in 2012, detailed how the fake products were allegedly “smuggled into the US … in small parcels disguised as gifts” by employees of a Turkish drug distributor. Eventually, the drugs found willing buyers in the oncologists office or business managers who purchased them (physician purchasing of oncolytics is a common practice). One realizes that no drug-tracking process will prevent such crimes.

Some physicians implicated in the fake Avastin scandal have been charged and convicted by US Dept. of Justice action. But the report from a Brookings Institution meeting held last summer on the subject (“Reducing the Threat of Counterfeit and Unapproved Drugs in Clinical Settings”) concluded with a call for “targeted education” of healthcare providers involved in drug purchases, providing them “with easily accessible and readily available information” about fakes, and developing “financial and other disincentives” to “deter the purchase and administration” of such drugs. In other words, let’s agree to do the right thing.

Situations like the fake Avastin (which has been followed by illegally distributed Botox, Medicare-reimbursed drugs resold illegally, and a stream of fake product showing up in international mail) bring consumer anticounterfeiting protections to the fore, and according to industry experts, there is a rekindling of activity in this technology.

Acsis, for one, has entered into a partnership with Kodak Commercial Imaging to combine the former’s data-management software with the latter’s marking systems (both overt and covert) for product authentication. The combined system—which can be applied to many other consumer products besides pharmaceuticals—incorporate “unique, serialized visible and invisible marks onto brand owners’ products or packaging. Marks can then be authenticated, tracked in a database, and traced throughout the distribution chain in a secure, cost-effective, and reliable manner.”

Fig. 4. Vetter Pharma’s planned approach for managing serial codes through the supply chain. Credit: Vetter

Another company touting a combined tracking and anticounterfeiting platform is SICPA, whose business includes government currencies and documents as well as brand protection. The company is commercializing a combined IT and field-detector platform that will enable products to be verified on the spot with a quick check via a Wi-Fi connection.

Multiple vendors of anticounterfeiting attachments, such as holograms or taggants, or various paper-based watermarks, security inks and related resources are being combined with the serialization requirement. The idea is to enable both drug tracking (via the serial number) and authentication (by checking the hologram or other embedded element). The International Hologram Mfrs. Assn. is touting products from, among others, KURZ, to provide such security.

Fig. 5. Some of the line equipment provided by Videojet for barcoding. Credit: Videojet

Fig. 6. Holograms (symbolized at upper right) can be read with smartphones. Credit: Kurz

Anticounterfeiting and serialization is also possible through the use of precoded labels, a business in which CCL Label is a major player. “Besides the serial codes, we can provide a variety of anticounterfeiting features in the labels through partnerships we have with a variety of security-technology providers,” says Franco Diaz, national account manager at CCL Label. “There is resistance to adopting these measures—the ROI is unknown until companies start noticing where their products are being diverted.” Diaz says that the anticounterfeiting team within CCL Label’s healthcare division has now garnered such experience that it’s being called on by other company business units, in food and beverages, among others, to lend their expertise.

Meanwhile, Rondo-Pak (Norristown, PA) is introducing a “digital watermarking” technology, branded as InvisiMarc, to its folding carton product lines for pharmaceuticals and medical devices. The watermark (or multiple watermarks) combines a means of communicating with consumers, providing product-identification information, and adding to brand security, in a manner similar to QR codes that can be read by smartphones—but without taking up package real estate with the QR code itself. “Rondo-Pak’s Digital Watermarking opens up a wide variety of possibilities for customer interaction and brand protection that are not attainable through traditional marketing and authentication techniques,” said Victor Dixon, president.

In the injectables/prefilled syringes arena, Schreiner MediPharm, in combination with its parent’s ProSecure division, has been providing high-functionality labels that provide tamper evidence, brand security and product identification. The company also has access to a variety of proprietary anticounterfeiting technologies that can be used for covert security.

Meanwhile Vetter GmbH (Ravensburg, Germany; US HQ in Skokie, IL) issued a statement in late March announcing that it would provide a “flexible” serialization service, with GTIN codes on cartons, cases and pallets, and that the system would be operational by the end of this year. “Our serialization service will enable that packages include unique identification necessary to support product security and supply chain efficiency,” said Thomas Otto, Managing Director, in a statement.

In testimony, in early March, before a House Subcommittee on Oversight and Investigations, Howard Sklamberg noted the increasingly international scope of FDA’s efforts to control counterfeit distribution. A Cyber Crimes Investigation Unit, within the agency’s Office of Criminal Investigations, is now focused on rogue online pharmacies and distributors selling bulk products or APIs illicitly.

“While the new authorities under DQSA and FDASIA [FDA Safety and Innovation Act of 2012] help address some of the risks posed by counterfeit drugs, they will not prevent all types of illegal diversion or distribution schemes that FDA has discovered in recent years,” he testified. There’s a lot of work yet to be done.

SERVICE PROVIDERS MENTIONED IN THIS REPORT:

ACCENTURE

Dublin, Ireland | www.accenture.com

COVECTRA

Westborough, MA | www.covectra.com

OMEGA DESIGN CORP.

Exton, PA | www.omegadesign.com

SCHREINER MEDIPHARM

Blauvelt, NY | www.schreiner-group.com

ACSIS

Marlton, NJ | www.acsisinc.com

DOMINO NA