Thursday, November 01, 2007

The Supply Chain Security Rivalry: Part 1

What's the best system for keeping the drug supply chain safe?

As the California deadline for ePedigree draws closer, the battle to define supply chain security standards will be getting much more intense. Two upcoming events will bring these distinctions more clearly into the open:
I advise you to pay close attention to the announcements and signals coming out of your favorite trade associations over the next few months. The game is changing and participants are aligning on different sides on key questions:
  • Who will manage the track-and-trace infrastructure?
  • Who will own and control the data generated from a track-and-trace system?
  • Will there be more than one repository of track-and-trace data?
My comments will be split into two parts. Part 1 provides some background on the two most likely approaches for supply chain security. I've dropped some hints throughout this post about one possible set of answers to the questions above.

Part 2 will appear on Monday. I’ll discuss where legislation could be going in the next few years.

Pedigree vs. Track-and-Trace

IBM and its supply chain partners are well represented on the RFID/Track & Trace agenda (hint #1) and IBM’s WebSphere RFID Information Center is already being used by AmerisourceBergen in Sacramento (hint #2). So, you should be paying attention to what IBM says.

Now I’ve been a wee bit critical of IBM’s annual RFID announcements but was pleasantly surprised to read a comparatively hype-free interview with John Delpizzo, head of IBM's sensors and actuators RFID division. Mr. Delpizzo seems downright reasonable in his discussion of serialization and the limits of epedigree as a solution to counterfeiting. Full interview here: IBM RFID chief on tracking counterfeit drugs.

But take note of the way he carefully distinguishes "track and trace" from "epedigree." (emphasis added)
  • “ePedigree makes it more difficult to do counterfeiting. I would argue that batch and lot level pedigree doesn't help much at all; it just gives you an inventory tool. When you move down to the item level and you uniquely identify items, you have a unique identifier on the bottle. So your counterfeiter is going to have to counterfeit the unique serialization on each bottle...which is more difficult.”

  • “I tend to talk more about it as track-and-trace than pedigree. Pedigree is one aspect we're trying to address. When you can track drugs that are serialized through the supply chain, you can track other problems, such as shipment verification, within the supply chain.”
Ironically, many people--including me--have criticized RFID tags as being not much more than inventory control tags. (See Myth #1 of More RFID Un-Hype.)

As a counterpoint to IBM's worldview, check out Pedigree Now, or Track and Trace Later. Which Is the Right Plan?, an editorial by Dirk Rodgers of Supplyscape. He claims:
  • “there are no standards today for track-and-trace and so any solution that claims to have those features will be proprietary software which leads to failed interoperability and wasted investment.”
  • “While it is true that there are teams within EPCglobal that are in the early stages of developing requirements for a track and trace extension to today’s pedigree messaging standard, these efforts will not result in usable changes prior to the January 2009 effective date of the California Pedigree regulation.”
Granted, Dirk works for a pedigree technology vendor. But he is correct in saying that there are no T&T standards nor is there genuine agreement on what "track & trace" even means. And as I noted in California Dreamin’, a truly closed-loop, interoperable track-and-trace security solution based on serialization will require a massive infrastructure upgrade at the 150,000+ points of pharmacy dispensing in the U.S. Plus, no one knows if pharmacies will have the technology and/or willingness to read serialized RFID tags.

Hmmm, SupplyScape is not on the official RFID/Track & Trace agenda . . . (Hint #3)


On Monday, I’ll discuss the coming legislative battles over supply chain security standards.

In the meantime, I'll remain skeptical of the Motley Fool’s prediction that “demand for IBM's ePedigree system could soar.” Foolish, indeed.


  1. As for your HINTS:
    You were WRONG in your prediction California would delay at the 9/20/07 meeting! They made it very clear on 9/20/07 that delay or modification of the regulations would NOT help patient safety!
    SupplyScape openly committs to any EPC Global Standard that emerges in the marketplace contractually.
    They are not married to the current EPC Global standard and it is why Dirk Rogers sits on the EPC Global working group and Lucy Dues is the current editor of the EPC Global Standard.
    You make a note that Dirk Rogers is from a solution provider, isn't the IBM guy from a solution provider as well, why don't you point that out!
    So how much is IBM paying your company for your commentary?

  2. Hmmm, time to switch to decaf?

    Seriously, thanks for taking the time to comment. But I think you need to reread the post -- I doubt IBM likes my POV. Or was I too obscure?

    And for the record -- I never predicted that CA would delay at the 9/20 meeting. I only reported on a published statement about 2011 made by Virginia Herold, which she has since backed away from. See CA e-pedigree delay to 2011?.

    I do stand by my prediction that CA will adopt a risk-based approach, as I discuss in the CA Dreamin' post.


  3. "Plus, no one knows if pharmacies will have the technology and/or willingness to read serialized RFID tags."

    What difference does that make? Guvmint will just require it like they have PILs, etc. and retail pharmacists will have to buy more equipment and try to figure out how to pay for it with shrinking margins.

    Senior PGA tour is looking better and better...

    Tom Connelly, RPh

  4. ePedigree offers an investigative tool and evidence to aid prosecutors. Ahh, if only legislators focus on increased penalties. It can also foster lot trace to help in recalls.

    Wouldn't the European model of authentication provide patient safety without the need of expensive data carriers and less complicated IT infra-structure. Ahhh, your data questions will still need to be resolved but with fewer players.

  5. I don’t want wholesalers controlling data about our products. thier version of track-trace puts wholesalers in the driver seat. Phoenix was the worst in 20 years - a lot of BS about data sharing, but they just want control. We are talking to chains about direct selling-why should wholesalers get a piece of the action for telling where my own product is selling????