Accenture's Track-and-Trace Straw Man

A new report from Accenture attempts to assess the financial costs of implementing a serialized track-and-trace system for the U.S. pharmacy supply chain. I commend NACDS and NCPA for correctly highlighting an important barrier to authentication of serialized products at the point of dispensing.

Full report: Current Status of Safety of the U.S. Prescription Drug Distribution System

But even if we assume that Accenture did a credible and impartial job building their pharmacy cost models, the estimates in this report reflect an extreme situation that no one is seriously advocating. In other words, Accenture’s calculations may not be technically wrong (in the way that the recent AMP study was wrong), but its conclusions are highly misleading given actual proposals and practices regarding supply chain security. Thus, you should think of this report as the inflated, upper bound, "worst case" costs of a track-and-trace thought experiment. Caveat lector.

BAR CODES AND DOLLARS AND DATA! OH MY!

Accenture created detailed pharmacy cost models for a 100% compliant “complete track and trace system” that is federally mandated to be implemented at the unique unit-level for all products everywhere at the same time.

I can’t evaluate the assumptions hidden in the pharmacy costs models because Appendix F, a detailed Excel spreadsheet with all of the calculations, was not made publicly available. But my math (see footnote) shows that first-year implementation costs to be +/- 3% of revenues for the following four pharmacy archetypes defined by Accenture:

• Large chain pharmacy (total annual retail sales = $18.8 billion): 2.6% of revenue
• Medium chain pharmacy (total annual retail sales = $450 million): 3.4% of revenue
• Small chain pharmacy (total annual retail sales = $60 million): 2.4% of revenue
• Independent pharmacy (total annual retail sales = $6.5 million): 3.1% of revenue

Note that these figures are much higher than Accenture's previous cost estimates. At the 2007 NACDS/HDMA RFID/Track & Trace Health Care Industry Adoption Summit (yes, that’s really the title), Accenture estimated that one-time implementation costs for pharmacies would be only 0.5% to 1.5% of revenue. (See page 9 of Accenture’s State of the Industry presentation from November 13, 2007.)

I think that some of the newly-discovered costs come from additional pharmacy labor for scanning serialized products in the newer estimates as well as the assumption of complete year one implementation. But given the surprisingly large inflationary bump, I also surmise that NACDS and NCPA got their money's worth from Accenture.

SOMEWHERE OVER THE RAINBOW

Careful readers will note that Accenture’s “complete track and trace system” is much more comprehensive than anything being seriously proposed or considered right now. In my opinion, Accenture has defined a “track and trace” model in an unrealistic manner and then proceeded to explain that such a model is cost prohibitive.

In other words, the report is built upon the Straw Man logical fallacy, which goes as follows:

1. Person A has position X.
2. Person B presents position Y, which is a distorted version of X.
3. Person B attacks position Y.
4. Person B concludes that X is false/incorrect/flawed.

This fallacy plays out in the interplay between the actual study and the press release about the study:

1. Legislators, regulators, and many industry participants want to implement serialized e-pedigree with national standards in the pharmaceutical industry.
2. Accenture has modeled the pharmacy costs of implementing a 100% compliant “complete track and trace system” that is federally mandated to be implemented at the unique unit-level for all products everywhere at the same time, i.e., the Straw Man version of current proposals.
3. Accenture's pharmacy cost models show that the Straw Man track-and-trace system would be ludicrously expensive to implement.
4. Therefore, there is no need for serialized e-pedigree with national standards in the pharmaceutical industry, given the many other steps already taken to secure the pharmacy supply chain. Q.E.D.

I’ll mention just four important ways that the actual implementation of “track and trace” will likely differ from the models estimated in Accenture’s report:

• A risk-based approach to serialization (RBATS) for high-risk products with the greatest likelihood of counterfeiting or diversion, which is included in H.R. 5839 Safeguarding America’s Pharmaceuticals Act of 2008.
• “Normal Channel of Distribution” rules that exempt certain transactions in many states. Even California may incorporate this exemption, judging by the Schwarzenegger’s Administration new legislative proposal for California pedigree regarding an “accredited distribution chain.”
• Central-fill operations and mail order pharmacies that aggregate prescription fulfillment would dramatically lower the per pharmacy costs. (Neither is contemplated in the study.)
• The willingness of wholesaler’s and other third-parties to provide data center services as a fee-based service.

To be fair, Accenture's language is fairly neutral regarding the implications of the study, whereas the NACDS/NCPA press release mistakenly links the "results" to a specific legislative proposal. Hence my view that this report represents unrealistic, upper bound costs of a track-and-trace thought experiment.

I'LL GET YOU, MY PRETTY...AND YOUR LITTLE BLOG, TOO!

I am very sympathetic to the motivation behind this study. A truly closed-loop, interoperable track-and-trace security solution based on serialization requires a massive infrastructure upgrade at the 150,000+ points of pharmacy dispensing in the U.S. I have persistently criticized the RFID hypesters who ignore this practical aspect of the pharmacy supply chain. I keep reminding technology firms, legislators, and regulators that pharmacies do not want to absorb the costs of reading pedigree or serialized data. (See Pharmacists Haggle over Pedigree Costs, among other posts.)

The report correctly highlights the fact that counterfeit drugs are still extremely rare in the United States and summarizes some of the business changes that have occurred to make the supply more secure. However, I do not believe that the cost estimates in this report make an accurate contribution to the debate over supply chain security.

On the other hand, the report should spark some good discussion at this November’s NACDS/HDMA RFID Track & Trace Healthcare Summit. Notice that the word “adoption” has now been discreetly dropped from the event title!

Read the report, make up your own mind, and let me know what you think. Maybe you'll get an honorary degree of Th.D. (Doctor of Thinkology**), too!

----

* Total Corporate Implementation Costs as % of Revenue = [(Cost Per Distribution Facility * No. of Distribution Facilities) + (Cost per Pharmacy Store * No. of Pharmacies) + Pharmacy Data Center Costs] / Annual Revenues

Example: Medium Pharmacy Chain = [($2,752,771 * 1) + ($103,939 * 100) + $2,288,265)] / $450,000 = 3.4%

** Yes, that's the honorary degree awarded by the Wizard of Oz to the scarecrow.

National Standards: It’s About Time! !

The movement to make the pharmacy supply chain safer just took a huge step forward with Friday’s introduction of H.R. 5839 Safeguarding America’s Pharmaceuticals Act of 2008. The bill is co-sponsored by Representatives Steve Buyer (R-IN), Gene Green (D-TX), Jim Matheson (D-UT), and Mike Rogers (R-MI).

I enthusiastically support this bill, which finally offers Federal preemption of the multiple disorganized, uncoordinated, and underfunded state-level mandates. Ultimately, patients will be the biggest beneficiaries of a more secure supply chain.

KEY POINTS

Federal Preemption with Uniform National Standards – “no State or political subdivision of a State may establish or continue in effect any requirement with respect to statements of distribution history, manufacturer packing lists, unique standardized numerical identifiers, or drug identification and tracking systems for prescription drugs that is different from, or in addition to, any requirement under this subsection.’’ Got that, States? The bill also establishes new Federal minimum standards for wholesale licensing.

Phased Implementation – The Bill sensibly requires earlier compliance for “High-Risk Drugs.” The precise timing will depend on when the bill becomes law, but it looks like High-Risk Drugs would not have to serialized until mid-2011. (I touted a risk-based approach last July.) There are many places in the bill where the speed of implementation will be based on sensible factors such as “operational and technical feasibility.”

Support for “Independents” – A truly closed-loop, interoperable track-and-trace system based on serialization will require a massive infrastructure upgrade at the 150,000+ points of pharmacy dispensing in the U.S. The bill permits grants for technology upgrades to a “small pharmacy,” which is defined as “a pharmacy which is not owned (or operated) by a publicly traded company.” Of course, some privately-held pharmacies can be quite large (um, Duane Reade?), so this language will need to be cleaned up.

And the pedigree starts with… The bill also clears up a major area of disagreement between various state and federal definitions of pedigree: Where does pedigree begin? According to H.R. 5839, it begins with the Authorized Distributor of Record (ADR) that purchased directly from the manufacturer, a.k.a. “Direct Purchase Pedigree.”

OBSERVATIONS

H.R. 5839 Safeguarding America’s Pharmaceuticals Act of 2008 is only a bill, just sitting there on Capitol Hill. Nonetheless, here are a few implications if this bill becomes a law.

Amateur hour will be officially over. Today’s crazy patchwork of pedigree regulations creates uncertainty for everyone involved in the pharmacy supply chain. These decisions need to be made in a structured, logical, and public manner. Supply chain security regulations are too important to be left to the personal whims of a few volunteers at an underfunded state agency. Yes, I’m thinking about you, California State Board of Pharmacy!

Serialization will not be optional. The momentum for serialization is now inescapable, which is one reason that I joined the Advisory Board of Secure Symbology. Track-and-trace at the unit level only becomes possible with serialization, which is complex and must begin with the manufacturer/packager. At a minimum, serialization with pedigree requires: affixing a unique number during the packaging process; capturing and managing petabytes of data; adding pedigree information as the product moves down the supply chain; and then making these data easily (but securely) accessible. It also requires substantial lead time since serialization must happen during the drug packaging process, which can be months (or longer) from the time that the product is dispensed to a patient.

The pharmacy lobby will oppose national standards. I warned in December that pharmacists do not want pedigree. State Boards of Pharmacy – composed mainly of independent pharmacists – don’t want to lose local control (read: influence, power) and want to avoid any additional burdens on pharmacy operations. In fact, before the text of H.R. 5839 was even posted online, Steve Anderson of NACDS leapt into action with this statement asking Congress to “refrain from mandating serialization, e-pedigrees or track and trace requirements, since they are still experimental and will prove extraordinarily costly for pharmacies and other supply chain operators.” Unfortunately, pharmacies must close the loop if we are all to benefit from complete track-and-trace and ensure that pharmacy purchasing is not the weak link in the supply chain. Plus, wouldn't a single national standard lower compliance costs for NACDS members such as CVS Caremark or Walgreens (WAG)?

--

All in all, a very promising start for reducing counterfeits in the legitimate supply chain. Now, we just need to convince consumers to stop buying from shady online pharmacies.

BONUS FUN FACT: Did you know that "PEDIGREE" is a registered trademark of Mars, Inc., the makers of M&Ms? Woof!

The FDA and EC Dive into Supply Chain Security

Today, the Food and Drug Administration (FDA) began soliciting comments and information about technologies behind pharmacy supply chain security. Here are the links for your commenting and informing pleasure:

Standards for Standardized Numerical Identifier, Validation, Track and Trace, and Authentication for Prescription Drugs (Request for Comments)

Technologies for Prescription Drug Identification, Validation, Track and Trace, or Authentication (Request for Information)

In an interesting coincidence of timing, the European Commission (EC) recently made a similar request regarding closely related issues. See the EC’s just-issued Public Consultation In Preparation Of A Legal Proposal To Combat Counterfeit Medicines For Human Use.

These requests provide a good opportunity to educate regulators about the progress being made in our industry along with the real-world implementation hurdles. So far, the clarity and professionalism of the questions posed by the EC and FDA offer an interesting contrast with a certain Board of Pharmacy’s approach to information gathering and assessment.

What’s Going On?

In the U.S., states currently have the greatest influence over the wholesale and retail distribution of drugs, presenting some practical hurdles for any manufacturer, wholesaler, or pharmacy that operates in multiple states. Say hello to 50 different pedigree requirements!

Last September's Food and Drug Administration Amendments Act of 2007 (or FDAAAAAAAAAAA) empowered the FDA to take a stronger hand in these matters with Section 913, entitled “Assuring Pharmaceutical Safety.” Download this handy-dandy 2-page extract to read this section for yourself. I first discussed the importance of this Act in PDUFA & Supply-Chain Security.

In plain English, Section 913 requires the FDA to “develop standards and identify and validate effective technologies for the purpose of securing the drug supply chain against counterfeit, diverted, subpotent, substandard, adulterated, misbranded, or expired drugs.” The deadline is March 2010. The most notable requirements include:

• The development of a standard numerical identifier at the package or pallet level; and


• The evaluation of “promising technologies,” including RFID, nanotechnology, encryption technologies, and “other track-and-trace or authentication technologies.”

Well, this first item should be a breeze since we are only 9 months away from having all products sold in California serialized at the unit of use level for use in e-pedigree, right? Just kidding! (I’ll have more on the CA 2009 deadline next week.)

Let’s Get It On

I’ll admit to being just a wee bit critical of the FDA’s love affair with RFID. As I see it, the FDA has not always demonstrated an understanding of business realities within the pharmacy supply chain. Drug Channels readership has grown dramatically in the past year, so new readers may want to check out two RFID posts from a year ago: RFID Un-Hype and More RFID Un-Hype.

Back in June 2006 (when I had about 11 subscribers), I wrote that the FDA was blind to the supply chain’s evolution, stating: “I guess it’s easier to blame companies for not spending enough money on premature solutions than to understand the real-world complexity of having 160,000 unique points of drug dispensing.” Hopefully, we’ve all come a long way since then.

Comments are due to the FDA by May 19, 2008 and due to the EC by May 8, 2008. Happy submitting!

The Supply Chain Security Rivalry: Part 2

This is part 2 of my Supply Chain Security Rivalry story.

In Friday’s post (Part 1), I described the pedigree vs. track-and-trace division that has emerged among advocates of better supply chain security. I got a lot of private feedback on my comments. Many people gave me additional insight about the behind-the-scenes machinations, although it’s getting harder and harder to tell truth from spin. (Also check out the posted comments.)

As I see it, the battle will increasingly be fought via legislation, where track-and-trace is at a disadvantage relative to pedigree. This gives more influence to wholesalers and pharmacies, although their supply chain interests are not aligned on the implementation issues. No one wants to admit this obvious reality, creating uncertainty for everyone else and making me wonder whether the drug supply chain can ever be truly secure.

Pedigree not Track-and-Trace?

As I noted in California Dreamin’, the U.S. is many, many, many years from a workable track-and-trace security solution based on serialization. This practical reality is forcing HDMA to shift tactics away from track-and-trace in favor of federal pedigree standards.

At the 2006 RFID Adoption Summit (note the omission of “track-and-trace” in the event’s title), Mark Parrish issued a “call to action” for “the creation of a broad coalition to establish a target date for industry-wide implementation of a consistent track and trace system.”

Well, things change. In his remarks at the 2007 HDMA Leadership Meeting last month, Mr. Parrish stated: “Rx SafeTrack has fallen short of our ambition to have a date for when track-and-trace systems would be implemented.”

Translation: the HDMA and RxSafeTrack have now shifted toward a much more meaningful and achievable goal: “Rx SafeTrack will shift focus and drive efforts for uniform federal pedigree requirements.” So, we're now talking about Federal preemption of state pedigree requirements, which has the intuitive appeal of avoiding 50 different standards.

And as I have pointed out repeatedly on this blog, various pieces of Federal legislation have pedigree and serialization requirements buried in the details, including PDUFA. The primary House importation bill (HR 380) includes detailed requirements about pedigree and track-and-trace systems. Presidential candidate John Edwards has even made pedigree into a campaign issue. And let’s not forget the still-unimplemented pedigree requirements of the Prescription Drug Marketing Act?

Local Roadblocks

Unfortunately, I fear that lobbying will reduce any Federal pedigree to a lowest-common-denominator standard, putting us right back to where we started with the PDMA in 1987. And despite all the happy talk about collaboration and idea-sharing, I don’t think we can easily gloss over the challenges of federal preemption.

Most boards of pharmacy are composed of independent pharmacists who will want to maintain local control. Some states would gladly give up responsibility (blame?) for pedigree/counterfeits -- but other states now have pride of authorship (CA?). Florida has even been able to levy large fines for non-compliance against some wholesalers (like PSSI), giving states a financial incentive to maintain local authority.

Federal pedigree would make it harder for pharmacy to leverage local control unless the legislation is written to suit their needs. I presume that pharmacy associations will use their newfound political influence to shape supply chain standards. For example, chain pharmacies do not want to absorb the costs of reading pedigree or serialized data. They also recognize that these data have monetary value, which will throw a monkey wrench into the data sharing aspects of fee-for-service agreements.

---

I wrote these two posts to stimulate more public discussion about the real issues at stake. We risk having the supply chain security debate evolve from a technology competition into a legislative quagmire. Who will win if safety becomes a legislative issue? Will patients really be safer?

What do you think?

The Supply Chain Security Rivalry: Part 1

What's the best system for keeping the drug supply chain safe?

As the California deadline for ePedigree draws closer, the battle to define supply chain security standards will be getting much more intense. Two upcoming events will bring these distinctions more clearly into the open:

• November 11-13: The 2007 RFID/Track & Trace meeting, sponsored by HDMA and NACDS


• December 5: California E-Pedigree Work Group Meeting

I advise you to pay close attention to the announcements and signals coming out of your favorite trade associations over the next few months. The game is changing and participants are aligning on different sides on key questions:

• Who will manage the track-and-trace infrastructure?
• Who will own and control the data generated from a track-and-trace system?
• Will there be more than one repository of track-and-trace data?

My comments will be split into two parts. Part 1 provides some background on the two most likely approaches for supply chain security. I've dropped some hints throughout this post about one possible set of answers to the questions above.

Part 2 will appear on Monday. I’ll discuss where legislation could be going in the next few years.

Pedigree vs. Track-and-Trace

IBM and its supply chain partners are well represented on the RFID/Track & Trace agenda (hint #1) and IBM’s WebSphere RFID Information Center is already being used by AmerisourceBergen in Sacramento (hint #2). So, you should be paying attention to what IBM says.

Now I’ve been a wee bit critical of IBM’s annual RFID announcements but was pleasantly surprised to read a comparatively hype-free interview with John Delpizzo, head of IBM's sensors and actuators RFID division. Mr. Delpizzo seems downright reasonable in his discussion of serialization and the limits of epedigree as a solution to counterfeiting. Full interview here: IBM RFID chief on tracking counterfeit drugs.

But take note of the way he carefully distinguishes "track and trace" from "epedigree." (emphasis added)

• “ePedigree makes it more difficult to do counterfeiting. I would argue that batch and lot level pedigree doesn't help much at all; it just gives you an inventory tool. When you move down to the item level and you uniquely identify items, you have a unique identifier on the bottle. So your counterfeiter is going to have to counterfeit the unique serialization on each bottle...which is more difficult.”


• “I tend to talk more about it as track-and-trace than pedigree. Pedigree is one aspect we're trying to address. When you can track drugs that are serialized through the supply chain, you can track other problems, such as shipment verification, within the supply chain.”

Ironically, many people--including me--have criticized RFID tags as being not much more than inventory control tags. (See Myth #1 of More RFID Un-Hype.)

As a counterpoint to IBM's worldview, check out Pedigree Now, or Track and Trace Later. Which Is the Right Plan?, an editorial by Dirk Rodgers of Supplyscape. He claims:

• “there are no standards today for track-and-trace and so any solution that claims to have those features will be proprietary software which leads to failed interoperability and wasted investment.”
  
• “While it is true that there are teams within EPCglobal that are in the early stages of developing requirements for a track and trace extension to today’s pedigree messaging standard, these efforts will not result in usable changes prior to the January 2009 effective date of the California Pedigree regulation.”

Granted, Dirk works for a pedigree technology vendor. But he is correct in saying that there are no T&T standards nor is there genuine agreement on what "track & trace" even means. And as I noted in California Dreamin’, a truly closed-loop, interoperable track-and-trace security solution based on serialization will require a massive infrastructure upgrade at the 150,000+ points of pharmacy dispensing in the U.S. Plus, no one knows if pharmacies will have the technology and/or willingness to read serialized RFID tags.

Hmmm, SupplyScape is not on the official RFID/Track & Trace agenda . . . (Hint #3)

---

On Monday, I’ll discuss the coming legislative battles over supply chain security standards.

In the meantime, I'll remain skeptical of the Motley Fool’s prediction that “demand for IBM's ePedigree system could soar.” Foolish, indeed.

PDUFA & Supply-Chain Security

Like you, I spent Sunday reading through the just-passed Food and Drug Administration Amendments Act of 2007, a.k.a. Prescription Drug User Fee Act (PDUFA), which now awaits the President’s signature. What, you had something better to do on the last Sunday of the summer?

In case you missed it, section 913 is entitled “Assuring Pharmaceutical Safety.” See page 355 of H.R.3580 (424 pages) or simply print this handy-dandy 4-page extract.

Subsection (a) states: “The Secretary [of HHS] shall develop standards and identify and validate effective technologies for the purpose of securing the drug supply chain against counterfeit, diverted, subpotent, substandard, adulterated, misbranded, or expired drugs.”

Ah yes, just what the industry needs – more standards! Standards must be totally awesome because we have so many of them in the pharma industry.

In plain English, the Act requires the following:

• The development of a standard numerical identifier at the package or pallet level
• The identifier must link repackaged products back to the original product
• The standard must be developed within 30 months (September 2010?)
• The evaluation of “promising technologies,” including RFID, nanotechnology, encryption technologies, and “other track-and-trace or authentication technologies.”
• Interagency cooperation by FDA with Federal and State agencies

I asked a few people around the industry for their opinions. No one wanted to be quoted on the record (‘natch), but here are a few reactions:

• “As a manufacturer, I am pleased with the 30 month timeframe to evaluate/develop a standardized numerical identifier. I also like the fact that it encourages some degree of harmonization with coding requirements outside the U.S.”


• “I don't know who drafts this language, but either (A) they intentionally include vagaries so that makes it impossible to execute, or (B) they don't really understand what their talking about. I think it is the latter.” (AJF: ROTFL!)

Adding to my confusion is that fact that H.R.3850 raises a whole new set of state vs. Federal preemption issues regarding our drug distribution system. States have been moving forward in multiple directions on pedigree while the FDA struggles to implement the 20-year old PDMA. Yet the FDA is now supposed to lead them all?

We are already dealing with California law, which requires a “unique identification number…that is uniformly used by manufacturers, wholesalers, and pharmacies.” Pedigree in California must be at the “smallest package or immediate container,” but probably only for high-risk products. (See California Dreamin'.)

So, how will the new Federal ID number relate to the numbers developed in California? Or interact with the mysterious Rx SafeTrack initiative being pursued by HDMA, NACDS, PhRMA, and GPhA? Will this Act upsize the smallest package to a pallet because of the pesky "or" written into the legislation?

Brenda Kelly of SupplyScape, which is helping companies get ready for California’s January 2009 deadline, strikes an optimistic note: “This reinforces patient safety efforts like California’s. With two and a half years to define a standardized numerical identifier and consider a wide range of technologies, the Agency can benefit from the states’ initiatives.”

I certainly hope that Brenda is right. Since my web logs show many visitors from State and Federal agencies, anyone care to post some comments on the new Act for their benefit? (Yes, you can post anonymously, if you want.)

GSK bashes RFID but quickly recants

Welcome back! Let's kick off September with some RFID anti-hype.

Now, I have nothing against RFID, which has many useful applications. However, I think RFID has been massively oversold relative to its actual ability to be a cross-company supply chain solution to counterfeiting and diversion. Read the many comments to my RFID Un-Hype post to get a flavor for the debate.

I must be developing a reputation as an RFID skeptic because multiple people sent me last week's story from The Times (London) reporting that GlaxoSmithKline’s (GSK) may abandon RFID in favor of “more reliable, less costly technology.” See GSK plan to beat drug counterfeiters may be scrapped. According to the article:

“[T]he programme, which uses technology developed by IBM, has been riddled with technical hitches. They include RFID tags breaking as they are attached to products, a failure of tracking technology to read them during transit and a widespread failure by wholesalers and retailers further down the supply chain to embrace the technology.”

Oooh, that’s gotta hurt!

Apparently GSK had second thoughts about this statement because their PR flack quickly recanted three days later in the not-quite-objective RFID Journal saying:

“RFID remains in place,” says GSK spokesperson Mary Ann Rhyne. “In fact, we've extended the RFID testing, and no cut-off time has been determined.”

Personally, I’m skeptical about anything in RFID Journal because it is a primary source of unabashed boosterism. They run polls that ask leading questions such as “Should the FDA mandate the use of RFID?” (68% of RFID Journals say yes!) I almost expect them to run a poll asking: “Is RFID a great technology for the pharma supply chain … or the greatest technology?”

So, what’s going on? Here are two theories:

One, I’ve learned that GSK will be presenting at the California Board of Pharmacy’s September 20 Enforcement Committee Meeting, so it would be bad form to suggest any delays with only 16 months left before the deadline. I’m curious to see how much they spin the Times story there. BTW, Pfizer (PFE) gave a very thorough and insightful presentation at the June 20 meeting, which I’ve posted online here. (Be patient -- it’s a 10MB file.) See page 3 of the meeting minutes for highlights. FYI, I discussed Pfizer’s doubts about RFID back in June.

Two, GSK may also feel embarrassed because the Times story mentioned IBM, who just two weeks earlier released its latest hype-filled press release about ePedigree. This time, they tout IBM's proprietary RFID Information Center (RFIDIC – pronounced “Riffy-Dick”?). One tech trade mag notes that IBM has nothing more than a reporting mechanism to "churn out a so-called ePedigree report."

Gosh, it seems like only yesterday that Paul Chang of IBM went on CNBC to announce that the pharmaceutical industry is rallying around RFID technology. Actually, it was August 8, 2006, and yes, I still have the transcript. Since it looks like IBM is planning to make this an annual summer event, I hope you will plan to join me in August 2008 for the Third Annual IBM RFID Barbeque and Pedigree Roast!

But seriously, I was quite impressed with how much Miss Teen USA (South Carolina) knew about geography. So, I've asked her to guest blog in a future Drug Channels posting so she can explain how RFID will make the pharma supply chain safer. Stay tuned!

----

Coming on Thursday: An exclusive peek behind the curtains of the CVS-Caremark combination.

California Dreamin'

Supply chain theorist and professional surfer Chicken Joe (pictured at left) once said: Le mieux est l'ennemi du bien. Translation: “Perfect is the enemy of good.”

Sound advice for serialization fans who are surfing some gnarly waves in advance of California’s 2009 e-pedigree deadline. Serialization by manufacturers will not magically make the supply chain secure, so rushing to meet an arbitrary and unrealistic serialization deadline within 17 months does not promote safety.

Monday’s Pink Sheet (subscriber link) reports that manufacturers are lobbying the Board of Pharmacy to execute a roundhouse cutback on the state’s item-level serialization requirements. From the article:

Pfizer recently told the California Board of Pharmacy that by its best estimate, it would take five to seven years to serialize all products at a cost of $95 million to $100 million. "That's just in one-time implementation costs and does not include the cost to the rest of the supply chain to be able to read the serial numbers and pass along the pedigree information," Peggy Staver, director of product integrity for Pfizer, told "The Pink Sheet."

According to IMS, there were 290 million Pfizer prescriptions last year. If Pfizer spends $20 million per year for 5 years on one time implementation, they will only pay a trifling 7 cents per prescription. So what’s the problem?

Frankly speaking, everyone else in the pharmacy supply chain. A truly closed-loop, interoperable track-and-trace security solution based on serialization will require a massive infrastructure upgrade at the 150,000+ points of pharmacy dispensing in the U.S. John Theriault, Pfizer's vice president of global security, made a similar point when talking about RFID last month. (See Pfizer questions RFID.)

Greg Cathcart from SupplyScape told me that their larger customers are using a “risked based approach to serialization” (RBATS - my term) but aiming for full pedigree compliance by the Jan '09 deadline. In other words, serialize high risk products and rely on pedigree for the rest.

RBATS also makes a lot of sense to me even if the California deadline slips. It’s also one more reason why e-pedigree (not RFID) will not wipe out as an enhancement to supply chain security even if practical serialization takes longer and costs more than many people expect.

Pfizer questions RFID

At this year's HDMA DMC meeting, I was pleasantly surprised by how many manufacturers and wholesalers actively read this blog. I got a lot of questions about my RFID posts: RFID Un-Hype and More RFID Un-Hype.

One individual vehemently argued that Pfizer's RFID trial "proves" the viability of RFID technology for the pharmacy supply chain. (Perhaps unsurprisingly, he worked for a technology vendor.)

Therefore, I was especially interested in a just-published interview with John Theriault, Pfizer's vice president of global security. (See Pfizer security exec offers status report on counterfeiting - note that this link is only free for 14 days.) Check out these statements:

• "RFID is a long way from being deployable. It's very expensive and, for it to work, you have to have the technology deployed at every point along the supply chain."
• "As long as repackaging is legal in the United States and actually encouraged in the E.U., whatever anti-tampering or anti-counterfeiting placed on the packaging is lost as soon as it changes hands."
• "The technology solution is not a solution. It's an interesting area to explore, but I don't see it solving the counterfeit problem any time soon."

'nuff said.

Pharmacy Supply Chain: News Update

Here are three news stories that should interest anyone involved in the pharmacy supply chain.

1) ABC Agrees to Monitor Customers

AmerisourceBergen (ABC) announced that it will get its suspended DEA license for controlled substances resinstated in Orlando as long as the company begins monitoring customers more carefully.

According to the press release: “The new order monitoring program requires more rapid identification and daily reporting of orders that may indicate diversion of controlled substances, including in some instances, halting the shipment of orders that require further investigation by the Company. The program also requires a more rigorous examination process before the delivery of controlled substances to newly signed customers.” (Source: AmerisourceBergen Signs Agreement with DEA Leading to Reinstatement of Its Orlando Distribution Center's Suspended License to Distribute Controlled Substances)

Hmmm, this reminds me of Cardinal Health’s (CAH) agreement with the New York State Attorney General’s office (described in Cardinal's Sins.) Are regulators now deputizing wholesalers to keep an eye on the bad guys? Keep an eye on this trend.

2) A New RFID Bill

According to The RFID Law Blog, Rep. Dan Burton (R-IN) introduced H.R. 2716, a bill that would mandate anti-counterfeiting technology in prescription drug packages, primarily highlighting RFID technology or “similar trace and track technologies that have an equivalent function.” The bill also mandates an e-pedigree and requires drug packaging to have a feature that would visibly indicate tampering. (Source: House Introduces New Drug Tracking Bill)

I’m not sure what’s really behind the newfound love of track-and-trace technologies among our elected officials. (Recall that the recently debated importation legislation had significant pedigree and track-and-trace requirements.) However, I note that this bill says nothing about serialization, so I’m not sure how far it will actually get.

3) Do technology analysts understand healthcare?

Forrester Research, the technology forecasting and research firm, got some press last week for a study reporting that only one in 10 of consumers who take prescriptions at least weekly buy those drugs online. (Source: Forrester sees no cure for sickly online drug sales.)

Unfortunately, there are some significant errors made about the study's results. For example, the study’s author apparently concludes that “…the main obstacle to purchasing medications online is that consumers most often need the drugs immediately.” He also concludes that mail order is more popular than online sales because "...it's easier to just pick up the phone and call it in."

Huh? Maintenance therapies, which are probably 60-65% of scripts, are needed regularly but not immediately. Yet mail keeps growing, in apparent contrast to the study’s conclusions. Plus, 80% of mail order is operated by a pharmacy benefit manager (PBM) such as Express Scipts (ESRX), Medco (MHS), or Caremark (CVS). The PBM often provides a financial incentive to purchase via the mail, such as 2 co-pays for a 90 days script, and may even have a mandatory mail order program for maintenance therapies. Not to mention that online purchases are risky unless they are from a legitimate licensed pharmacy, as the FDA continually reminds consumers.

Doesn’t anybody at Forrester bother to check these things before releasing the results?

The Anti-RFID Amendment

My good friend Senator Byron Dorgan tacked S.242 Pharmaceutical Market Access and Drug Safety Act of 2007 onto the Senate’s reauthorization of the drug safety bill. Fortunately, an amendment inserted by Senator Cochran neutralized the importation aspect.

In an interesting twist, the RFID Law Blog reports that the Senate’s reauthorization of the PDUFA also includes another amendment that specifically excludes anti-counterfeiting technologies such as RFID or barcodes. According to US Senate Passes Amendment That Bypasses RFID on Pharmaceuticals:

“Buried in the legislation was a provision -- posted earlier on this blog site -- authored by Senator Judd Gregg of New Hampshire, that would require Internet pharmacies selling to US citizens to use tracking technology to minimize the risk of counterfeiting. An amendment to that language, offered by Senator Michael Enzi of Wyoming, legislates a specific technology solution - and it's not RFID. Indeed, it specifically excludes anti-counterfeiting technologies like RFID or barcodes that require readers, scanners or other devices to verify authenticity -- replacing the FDA's preferred tools with anti-counterfeiting technologies akin to those used on US currency.”

Personally, I don’t see how this would anything because it sounds like nothing more than package design security, which has not been a big barrier to counterfeiters. It also becomes irrelevant when products are repackaged or packaging is altered, a persistent concern of Pfizer about parallel trade.

Such a solution also “solves” the authentication challenge facing all anti-counterfeiting system by simply eliminating the need for authentication and serialization.

Whatever -- sounds like I should spend more time in Washington. In the meantime, check out the many comments on RFID Un-Hype. Very lively debate!

More RFID Un-Hype

Wow! I just read a truly thought-provoking and powerful article about RFID – in CIO magazine, no less! Think of it as a counterpart to RFID Un-Hype from last month.

Read it here:
RFID as an Answer to Pharmaceutical Drug Counterfeiting

Sarah Scalet, a senior editor at CSO (a sister publication to CIO magazine), took the time to analyze how RFID technology might actually be used in the pharmaceutical industry. In other words, she ignores trivial technology battles over transmission standards and read rates in favor of objectivity and skepticism -- hallmarks of top-notch journalism.

Here is a quick summary of the five myths she exposes about RFID along with some of my own editorial commentary.

Myth 1: RFID tags are anti-counterfeiting devices.
Nope, they are inventory control devices. The most effective applications to date have been inside individual companies. One typical review article from Supply Chain Management Review notes "...retail efforts focus on backroom inventory-management practices at the case/pallet tagging level." To date, Wal-Mart has used RFID most successfully for reducing stock-outs.

Myth 2: RFID technology is necessary to track the movement of drugs.
Not true. The key to supply chain is authentication at the point of dispensing, which can be done using older technology such as 2D bar codes. Demand-side problems will limit authentication, a topic I will explore in more depth in an upcoming post.

Myth 3: RFID technology can be used to mark pills, tablets, and elixirs themselves.
Again, not true. At the Pharmaceutical Supply Chain Security conference, I heard an executive from Nanoink describe how they can encrypt individual pills and tablets using nanotechnology. Very cool! Of course, this technology still has the exact same authentication challenges facing every labeling/packaging/tagging solution, including RFID.

Myth 4: RFID technology will let consumers verify that they have purchased legitimate products.
Not even close to reality for many, many years, if ever. Besides, 1 out of 9 U.S. adults has ordered drugs from another country to save money, so at least some consumers do not actually care about validation.

Myth 5: The pharmaceutical industry is this close to widespread adoption.
As I pointed out in January, Senator Dorgan would dearly love for everyone to believe this myth so that he can ram through import legislation. But alas, it's also not really true, despite the fervent hopes and occasional misrepresentations of RFID technology vendors.

-----

Unfortunately, articles like this one need to be written because there is still so much misinformation being put forth. Last month, I received an email from a leading industry publication with these (verbatim) statements, each of which is inaccurate and/or untrue:

• “Like other CPG producers, pharmaceutical manufacturers must meet retail or government mandates for RFID tagging at the pallet and case levels.” [Opening paragraph in email]
• “The U.S. Food and Drug Administration is actively promoting the use of RFID to improve the safety and security of the drug supply.” [vendor statement]
• “Fight Phonies: Send Counterfeits and Generics to The Jailhouse With [vendor’s name] RFID” [vendor headline]

I have heard many journalists quote Finley Peter Dunne, who said: "The business of a newspaper is to comfort the afflicted and afflict the comfortable." Ms. Scalet's article will make you uncomfortable, but in a good way. Well done!

P.S. CIO has enlisted the help of the always enlightening Jayne Juvan of Juvan's Health Law Update blog to help answer questions about the legal requirements behind RFID and e-pedigree. Another nice touch by CIO.

RFID Un-Hype

More bad news for RFID, while e-pedigree looks more like the real deal

Health Industry Insights (HII) just released a very eye-opening survey of RFID adoption of pharmaceutical manufacturers. Eric Newmark, the report’s author, was kind enough to share the full report with me. Unless you are a customer of HII, I’m afraid you will have to pay to read it. Order it here.

Based on a survey of 143 "industry leaders" ("95% manufacturers," Eric tells me), the study found:

• Only one in five (16%) pharmaceutical companies are currently evaluating the benefits of RFID technology
• Only (15%) companies are adopting RFID in some capacity

So, what’s the hold-up? Three reasons averaged more than 7 on a 1-10 scale:

1. Tag cost/Lack of demonstrated ROI
2. Lack of frequency standard
3. Security/privacy concerns

The report indicates average life science company spend on RFID technology is a surprisingly low $25,000! Perhaps the average reflects a few big spenders combined with the majority who are just evaluating RFID.

Reality Bites

To date, the benefits of RFID appear to be greatest when used within a single company on specific projects. For example, independent research by professors at the University of Arkansas found that RFID reduced stock outs in Wal-Mart stores by 30% by improving shelf replenishment from the backroom to store shelves. (I discuss RFID in wholesale distribution in my new Facing the Forces of Change study.)

I encourage you to read The RFID Revolution Starts... Soon?, a nice overview article from Industry Week with a sober look at the real-world benefits from RFID. Key quotes:

• “RFID remains a niche technology, whose broader deployment has been stymied by the usual suspects: high equipment costs, low return-on-investment and a workforce skills shortage.”
• “RFID remains a finicky technology that can behave differently based on any number of factors, such as the orientation of the RFID tag on the box, carton or pallet; the type of products being tagged; and the environment in which the tagged product is stored.”
• “The bottom line for RFID is that it's all about process change and the business case. In the end, business owners, and not the IT department, will be the decision-makers when it comes to adopting RFID.”

IMHO, technology vendors successfully bamboozled the FDA in 2004 into endorsing (but not mandating) RFID as the magic bullet against counterfeits. The FDA’s June 2006 follow-up report contained this classic bit of nonsense: “The technology vendors uniformly told us that their RFID and e-pedigree solutions and technologies are ready to go, but manufacturers, wholesalers, and retailers are slow to implement them.”

Vendors really said that? How ... shocking. Check out An Odd RFID-Importation Connection to read how technology vendors will now be delivering the hype unfiltered to Senators now looking to push importation legislation.

Ready for Pedigree

Given the FDA’s statement above, I want to contrast RFID with e-pedigree, which is a functional technology/process that is ready to go.

California has set the pace for the pharmaceutical industry adoption by explicitly stating that pedigree must be "...in electronic form…" (See for yourself by perusing the fascinating Business and Professions Code – page down to section 4034.) Barring any unexpected delays, California’s pedigree law will take effect in 2009.

Note that RFID will not be required or mandatory to comply with CA code. The only requirement is electronic track-and-trace using a “standardized nonproprietary data format and architecture.”

At the Federal level, some people still think RFID and e-pedigree are synonymous, but that’s simply not true. The Prescription Drug Marketing Act is completely technology agnostic. The FDA was unambiguous on this point Last November: “Both paper and electronic documents and signatures may be used to meet the pedigree requirement of the Act, provided that the requirements of 21 CFR 203.60 are met.” (Neither the FDA nor CA have addressed retail pharmacists' desire or willingness to authenticate inbound product at the point of dispensation -- our demand-side problem.)

Like Norma Desmond, RFID may be ready for its close-up, but e-pedigree will turn out to be the real deal for technology-enhanced supply chain security.

P.S. See me at the TRAX Summit to hear more. You may also get to see RFID vendors throw tomatoes during my keynote...

Chips and Fish?

In case you missed the news, Kodak has applied for a patent on a digestible RFID tag. (Read the edible radio patent application.) The IT editor at Industry Week cleverly refers to the tag as the trackable part of your nutritious breakfast.

I'm sure that this invention has many valuable uses in diagnosis and treatment of disease. Personally, I can't help wondering about the new meaning of "end-to-end" security for the pharmaceutical supply chain ...

An Odd RFID-Importation Connection

Is Senator Dorgan using RFID to push his importation bill? Here’s some conspiracy thinking to chew on.

I came across a press release announcing the formation of the RFID Technology Council, an alliance of eight technology trade groups. One objective of the group is to support the U.S. Senate RFID Caucus.

For those who don’t know, the Caucus was formed last July by U.S. Senators Byron Dorgan (D-N.D.) and John Cornyn (R-Texas) to “promote good public policy for radio frequency identification (RFID) technology.” See Senators Dorgan and Cornyn Launch Bipartisan Senate Caucus to Promote RFID Technology.

Here’s the twist: Senator Dorgan is also co-sponsoring the drug importation bill introduced two weeks ago in the Senate! (See Real News about Fake Drugs.)

Random coincidence? I doubt it.

Supply chain security is one (of the many) hurdles to importation. But check out this statement from Senator Dorgan’s web page about his importation bill: “The basic approach to assuring the drugs are safe in this bill is to give FDA the ability to verify the drug pedigree back to the manufacturer, to require FDA to inspect frequently, and to require fees to give FDA the resources to do this.”

Click! The belief that RFID is just around the corner could help to sell importation legislation.

Think about it -- the FDA has been fanning the flames of RFID hype for three years. Remember this quote from last June’s FDA report: “The technology vendors uniformly told us that their RFID and e-pedigree solutions and technologies are ready to go, but manufacturers, wholesalers, and retailers are slow to implement them.” (See FDA blind to the supply chain’s evolution.)

The RFID Technology Council helpfully removes the middleman and allows technology vendors to deliver the hype unfiltered to Senators looking to “validate” track-and-trace. In other words, Senator Dorgan is now in the perfect position to develop “evidence” that RFID solves any safety problems with importation. Believing is seeing!

Of course, Dorgan et al are dreaming if they think the FDA (or anyone) can monitor 4 billion prescriptions dispensed from 160,000+ locations while simultaneously enforcing pedigree rules with thousands of wholesalers. But I view this coincidence as another dangerous step toward endangering public health by opening up diversion doorways for criminals.

Has anyone else put the pieces of this puzzle together yet? Or do I sound like one of the Lone Gunmen?

TRAX Supply Chain Integrity conference

I will be delivering the State of the Industry opening address at this year’s TRAX Pharmaceutical Supply Chain Integrity conference in May. My talk is called “Building a Truly Secure Supply Chain to Drive Patient Safety.” And unlike this blog, you’ll get to see me live and in color. (Hopefully, a good thing...)

If you check out the agenda, you'll realize that this will be a great event for anyone with an interest in the future of the pharmaceutical supply chain. There will be speakers from Pfizer Inc, Genzyme Corp, Merck & Co, Cardinal Health Inc, Bristol-Myers Squibb Co, Eli Lilly and Co, and Boehringer Ingelheim. Other speakers come from regulatory agencies and technology companies. IMO, the informal conversations and interactions among all these groups will really make the event worthwhile.

Details:
TRAX: Pharmaceutical Supply Chain Integrity
Tremont Grand Hotel, Baltimore, MD
May 2-4, 2007
Website: http://www.traxsummit.com

Hope to see you there!

-------
Source: http://DrugChannels.blogspot.com

Cardinal's Sins

Two weeks ago, Cardinal Health Inc (NYSE:CAH) said it agreed to pay $11 million to settle an investigation by New York Attorney General Eliot Spitzer’s office into improper trading of pharmaceuticals on the secondary market.

The actual Assurance of Discontinuance highlights internal communications about Cardinal’s historical activity with secondary wholesalers (a.k.a. Alternate Source Vendors). More significantly, the Business Reforms in the agreement also provide a roadmap for supply chain security that manufacturers and wholesalers should adopt with appropriate modifications.

A Peek Behind the Curtains
The investigation turned up some very interesting internal information about Cardinal’s past activities before it renounced secondary market activity in 2005. (See “Findings” in paragraphs 1 through 18.) Here are two representative statements:

• In a 2003 internal Cardinal e-mail to a compliance officer, one executive addressed the issue of “smaller vendors” which provided “unique opportunities” to Cardinal. Although acknowledging that the vendors are “high risk,” the writer concluded that “[s]ince we need the margin from these high risk vendors we will continue to buy from them.” (para 5)
• At times, Cardinal purchased from sources despite indications that the vendors may have been unsuitable. For example, in January 2004, one employee examined the pedigrees that Cardinal was receiving, and noted suspicious sources in the chain of custody – in his words – firms “which could be bad.” The employee asked that a plan be put together to review those entities. A Cardinal compliance employee indicated that he had already verified that those entities were licensed as wholesalers. That verification was one appropriate step but insufficient. It does not appear that there was any further response to the request for review, nor that the suspect vendors were excluded. The Investigation has shown that some of the entities the employee identified were, as he suspected, engaging in diversion. Cardinal subsequently discontinued its business relationships with these entities. (para 9)

While reading these statements, please note the following statement in paragraph 22: “Cardinal is willing to enter into this Assurance without admitting or denying the OAG’s findings.” I have not personally reviewed any materials cited in the document. The Attorney General may have misinterpreted the meaning of these emails or taken the statements out of context. You should read the complete document yourself and make up your own mind.

Business Reforms
The Business Reforms (Paragraphs 25 through 33) are the most thought-provoking part of the agreement. Cardinal agrees to:

• Buy only from manufacturers and not from secondary wholesalers (28)
• Sell only to wholesalers that certify compliance with “Wholesaler Safe Product Practices” (Appendix B) and pass appropriate pedigrees or pedigree information to all such Wholesalers when and as required by any federal or state law. (29.c.)
• Create and execute a customer audit program to verify accuracy of certification (31.b.v)

The agreement also addresses the demand side counterfeiting problem (See Thank You for Buying Counterfeits) by requiring Cardinal to monitor customer more carefully. For instance, Cardinal must:

• Create firmwide “know your customer” mechanisms to detect customers who are reselling prescription pharmaceuticals into the Secondary Market. (31.b.i)
• Require closed-door pharmacy customers to certify that they will not redistribute or divert (31.b.ii.)
• Gather, monitor, and analyze sales data to detect instances of possible diversion of prescription pharmaceuticals (31.c.)

To me, it looks like Cardinal taking on the monitoring and enforcement activities that should be the responsibility of state boards of pharmacy. Are these business reforms a tacit acknowledgment that most state pharmacy boards are not doing their job?

A Modest Proposal
This agreement has special significance given the hubbub caused by the successful injunction filed by secondary wholesalers against the FDA’s planned implementation of the pedigree requirements of the PDMA. (See my December posts, such as No PDMA for you! and It's Official: PDMA is Back On Hold.)

While we wait for federal pedigree law to be settled (2007?) and an RFID-enabled track-and-trace infrastructure to arrive (2017?), I would like to make the following suggestions:

1. AmerisourceBergen Corp (NYSE:ABC), McKesson Corp (NYSE:MCK), and all other pharmaceutical wholesalers should voluntarily adopt the Business Reforms outlined in the agreement.
2. All secondary wholesalers should immediately certify their compliance with the Wholesaler Safe Product Practices in Appendix B.
3. Manufacturers should require all Authorized Distributors of Record (ADRs) to adopt the Business Reforms or lose ADR status.
4. Prior to authorizing any reimportation legislation, Congress should require all non-US pharmacies to certify their compliance with a retail-oriented version of the Safe Product Practices in Appendix B. (How about it, Senator Vitter? Check out Of Spammers and Senators first.)

Wholesalers and/or Democratic Senators can send their hate mail to afein@pembrokeconsulting.com.

----------------
Source: http://DrugChannels.blogspot.com