Sunday, May 13, 2007

More RFID Un-Hype

Wow! I just read a truly thought-provoking and powerful article about RFID – in CIO magazine, no less! Think of it as a counterpart to RFID Un-Hype from last month.

Read it here:
RFID as an Answer to Pharmaceutical Drug Counterfeiting

Sarah Scalet, a senior editor at CSO (a sister publication to CIO magazine), took the time to analyze how RFID technology might actually be used in the pharmaceutical industry. In other words, she ignores trivial technology battles over transmission standards and read rates in favor of objectivity and skepticism -- hallmarks of top-notch journalism.

Here is a quick summary of the five myths she exposes about RFID along with some of my own editorial commentary.
Myth 1: RFID tags are anti-counterfeiting devices.
Nope, they are inventory control devices. The most effective applications to date have been inside individual companies. One typical review article from Supply Chain Management Review notes "...retail efforts focus on backroom inventory-management practices at the case/pallet tagging level." To date, Wal-Mart has used RFID most successfully for reducing stock-outs.

Myth 2: RFID technology is necessary to track the movement of drugs.
Not true. The key to supply chain is authentication at the point of dispensing, which can be done using older technology such as 2D bar codes. Demand-side problems will limit authentication, a topic I will explore in more depth in an upcoming post.

Myth 3: RFID technology can be used to mark pills, tablets, and elixirs themselves.
Again, not true. At the Pharmaceutical Supply Chain Security conference, I heard an executive from Nanoink describe how they can encrypt individual pills and tablets using nanotechnology. Very cool! Of course, this technology still has the exact same authentication challenges facing every labeling/packaging/tagging solution, including RFID.

Myth 4: RFID technology will let consumers verify that they have purchased legitimate products.
Not even close to reality for many, many years, if ever. Besides, 1 out of 9 U.S. adults has ordered drugs from another country to save money, so at least some consumers do not actually care about validation.

Myth 5: The pharmaceutical industry is this close to widespread adoption.
As I pointed out in January, Senator Dorgan would dearly love for everyone to believe this myth so that he can ram through import legislation. But alas, it's also not really true, despite the fervent hopes and occasional misrepresentations of RFID technology vendors.


Unfortunately, articles like this one need to be written because there is still so much misinformation being put forth. Last month, I received an email from a leading industry publication with these (verbatim) statements, each of which is inaccurate and/or untrue:
  • “Like other CPG producers, pharmaceutical manufacturers must meet retail or government mandates for RFID tagging at the pallet and case levels.” [Opening paragraph in email]
  • “The U.S. Food and Drug Administration is actively promoting the use of RFID to improve the safety and security of the drug supply.” [vendor statement]
  • “Fight Phonies: Send Counterfeits and Generics to The Jailhouse With [vendor’s name] RFID” [vendor headline]
I have heard many journalists quote Finley Peter Dunne, who said: "The business of a newspaper is to comfort the afflicted and afflict the comfortable." Ms. Scalet's article will make you uncomfortable, but in a good way. Well done!

P.S. CIO has enlisted the help of the always enlightening Jayne Juvan of Juvan's Health Law Update blog to help answer questions about the legal requirements behind RFID and e-pedigree. Another nice touch by CIO.


  1. AnonymousMay 14, 2007

    Myth#1 RFID as Anti-counterfeiting Device.

    I don't hear the RFID industry or Pharma industry saying RFID was a type of anti-counterfeiting or security device. There is big difference between using RFID as an enabler to a more safe and secure supply chain vs. indicating that tags alone is a security device. A lock is of no use if its not attached to a door to a frame to a building.
    RFID is only a component to safe and secure supply chain. A system of laws, regulations, business practices, systems, penalities, and enforcement must work together with RFID is needed.
    Myth#2 RFID needed for Track and Trace.
    A unique identification system (serialization)applied to all levels of packaging is needed for track and trace system. Other data carriers will work to deliver unique identification, but these "line of sight" data carriers provides no additional hurdles for counterfeiters. We want to make it more difficult for them to introduce bad product into the supply chain. Again, its a "system" of activities needed to ensure a safe supply chain.

  2. AnonymousMay 30, 2007

    I can't imagine why a RFID tag would be any impediment to counterfeiters. It has been a well discussed issue that RFID tags are easily acquired and programmed with real serial numbers. If retagged product is placed one step ahead in the supply chain (by say holding the real product in a warehouse), counterfeiters can authenticate fakes, and send the real products for testing.

    Counterfeiters don't have to even access a database, or break open containers, to acquire the serial numbers. The numbers can be obtained using RFID much-touted lack of line-of-site requirement. Say, read an entire shipping container at sea, transmit the serial numbers via satellite, and before the container makes it to land, it could be considered fake by border patrols.

    RFID expert Michael Guillory does a nice job of explaining the process on the AIM website. There are also many instructional videos on the web - even for more encrypted RFID like your car keys.

  3. In response to anon above, if the written ID is tied to the TID in a dbase, the anti-counterfeting scheme works. The TID is not writable, ID's the make and model of the tag, along with a unique ID per tag and is done at the time of manufacture. Tie this to the written ID in a backend dbase and now a counterfeiter cannot duplicate this without buying a silicon processing machine and manufacturing their own tags. Oh ya, they would also need access to the dbase to make the associations right wouldn't they.....