Despite the current regulatory uncertainty, pharmaceutical companies should move forward with planning for serialization and pedigree.
Pharmaceutical companies and their trading partners face significant challenges in securing the supply chain against counterfeiting, diversion, and product adulteration. The high price of prescription drugs and the relative ease of duplication and diversion make them a prime target for counterfeiters. In response to a rising number of drug counterfeiting incidents, several state and federal governments have drafted legislation to track the distribution of pharmaceuticals.
Todd Applebaum
The most stringent of these laws was passed by the state of California, requiring a pedigree in electronic form for all drug shipments into California. The pedigree is a statement of distribution history that lists each change of ownership starting with the manufacturer. At the time of writing this article, the California pedigree law is currently scheduled for enforcement on January 1, 2011. However, it is likely that enforcement will be delayed based on pending legislation (S.B. 1307) awaiting signature from the governor. If signed into law, this new bill would push requirements for drug serialization to January 1, 2015, and only for 50% of a company's products (with the balance required a year later). Meanwhile, at the federal level, the Safeguarding America's Pharmaceuticals Act (H.R. 5839) was introduced in the House earlier this year and proposes a graduated implementation schedule beginning in September 2011. If enacted in its current form, the federal bill would override all current and pending state legislation, including California's.
Despite the uncertainties in the regulatory environment, most pharmaceutical and biotechnology companies have begun planning, and in some cases preparing, for compliance with serialization and pedigree requirements. They quickly find that a compliant solution involves complex interactions extending broadly across their organization, spanning business processes and operations across packaging, warehousing and distribution, and information technology. For many manufacturers of pharmaceuticals, where some or all of these functions are commonly outsourced, the challenges are compounded. For these companies, a compliant solution must span the operations of their contract manufacturers (CMOs), third party logistics providers (3PLs), marketing and distribution partners, and any internal operations.
Although each situation is unique in aspects of product and packaging, supply model and network, and IT infrastructure, there are several common challenges faced by these virtual manufacturers, and lessons to be learned.
The most significant operational implications arise at the packaging operations. Because a core requirement of most current pedigree laws involves applying a unique serial number at the salable item level, achieving mass serialization can require a significant investment in equipment capable of printing and applying serial numbers to each level in the packaging hierarchy. Beyond the purchase and installation of new equipment, validation of the redesigned packaging line also will be required. Then, in addition to the physical application of the serial number, the necessary IT infrastructure must be in place to accurately generate serial numbers, ensure their uniqueness, and electronically transmit them to trading partners in the form of an RxASN or pedigree.
Although these requirements exist for all companies affected by the laws, the complexities of implementing a pedigree solution are compounded when packaging operations are outsourced. This is caused by the limited influence manufacturers have over their CMO's serialization strategy. Although each manufacturer will have a unique set of requirements specific to their products, they often will share outsourced packaging lines with other companies' products, and for the CMO, it is in their best interest to standardize and implement a universal solution to avoid supporting multiple serialization options in one packaging line. However, most manufacturers cannot just pick up and leave their CMO because of the potential disruption to supply and the additional cost and resource commitment necessary to transfer operations to a new CMO.
Furthermore, manufacturers with multiple CMOs face added challenges coordinating the generation and storage of serial numbers. If more than one CMO is deployed for a product, serial numbers across multiple packaging sites or multiple CMOs must remain unique. Duplication of serial numbers will not only result in non-compliance with pedigree laws but will also hold up the release and sale of product to trading partners. In addition, aggregating serial number data from multiple CMOs may require additional IT solutions. And as the number of packaging sites increases, so does the level of complexity.
Warehousing and distribution centers (DCs) must be properly equipped to store, manage, and ship serialized product as it enters the supply chain. Handling serialized product will require investment in new barcode or RFID scanners and changes to the inbound material and order fulfillment processes. In addition to the equipment and process changes, the necessary IT infrastructure must be in place to couple the serialization data with order details, invoice information, and previous shipment history. This information must then be electronically transmitted to trading partners in the form of a pedigree or RxASN.
Furthermore, both California's and the proposed federal law require a legally-binding certification that the contents of the shipment match the pedigree. As a result, manufacturers must have an authorized representative on site at the distribution center—an individual legally authorized to act on behalf of that source, and whose attestation and accompanying (digital) signature may legally bind the person or entity. At many outsourced distribution centers, however, the manufacturer may not have any employees overseeing the pick, pack, and ship process. Because the manufacturer is ultimately responsible for the accuracy of the pedigree, it is critical that significant attention be given to the controls and procedures in place at the 3PL to reduce the risk of non-compliance.
At heart, pedigree requirements are about information capture, visibility, and tracking. As a result, a core component of managing serialization and pedigree data lies in IT infrastructure, and the degree of interoperatility and timeliness it provides. As new IT systems and software are implemented at packaging sites, distribution centers, and at the corporate level to support serialization and pedigree compliance, it will be critical for each of these systems, across different enterprises, to be fully interoperable. Otherwise, the data transfer between systems may be limited, preventing a manufacturer from performing all the necessary activities to generate a pedigree. This places extra emphasis on coordination during the implementation and testing phases at the various locations so that all systems are ready to go live in approximately the same timeframe. A lack of interoperability or a delay at one location will increase the risk of non-compliance.
Because the pedigree must be received before a customer can introduce product into inventory, many companies with outsourced distribution are faced with timing challenges of file transfers. Daily batching of transactions may be inadequate to support expedited or overnight deliveries. Additionally, California law currently mandates that pedigrees must include the invoice number. As a result, in situations where the product is shipped overnight and invoicing is done nightly, it can be problematic to create an invoice and provide the invoice number to the 3PL in time to include it in the pedigree. California law also requires that the pedigree arrive before the physical product can be released for further distribution. If a pedigree is created incorrectly or delayed, trading partners will be unable to accept the product into inventory. A partner's refusal to accept product will not only create more work for both the manufacturer and partner, but will lead to delays in the sale and distribution of product.
As many biotechnology and pharmaceutical manufacturers can attest, outsourced packaging and warehouse operations already lead to a distribution of IT systems and data, not just across sites of the same company, but across multiple partner organizations. The addition of serialization and pedigree data across this network brings a few unique challenges of its own. Although serialization data are captured at the CMO, these data must ultimately be transferred to the manufacturer (or, in fully outsourced environments, to the 3PL) and future trading partners. As a result, the interoperability and the timing of systems integration across multiple companies are critical to the creation of valid pedigrees.
Even after the transactions have been executed and transferred faithfully, an additional challenge lies in the storage and ongoing management of serialization and pedigree data. Because pedigree data will become a compliance issue, access to these data both now and in the future (potentially 5–7 years) is vital. Therefore, control and access to the systems and the data are critically important. Since this level of dependence can tie a manufacturer to a supplier even further, and could potentially cause delays in responding to regulators, many nervous manufacturers struggle with the decision to rely on outsourced partners to control and manage these data.
Because manufacturers are ultimately responsible for the accuracy and timeliness of pedigrees and serialization, they should also take steps to ensure data integrity, system interoperability, and proper and sufficient testing of both internal and external systems. This means that despite the current regulatory uncertainty, manufacturers should move forward cautiously with planning for serialization and pedigree. They should develop a compliance strategy for each product that incorporates an evaluation of current packaging, warehousing, and distribution processes, identifies any gaps, and outlines pr+ocess changes required to be compliant. They should also begin to coordinate with their outsourced partners to address the challenges outlined above, and move forward cautiously with selected pilots. The strategy and plans are inexpensive preparations to ensure that once the regulatory fog clears, the timing of piloting and implementations can be aligned with requirements, and also coordinated with upstream and downstream trading partners to ensure that adequate testing can be performed.
Although the current industry emphasis is on compliance with state and federal laws, (pharmaceutical and biotechnology) manufacturers should also bear in mind that pedigree laws are one facet of the broader industry objective to secure product and supply-chain integrity, and, ultimately, patient safety. Threats to safety and integrity of drug supply can arise from a host of areas, including deliberate counterfeiting and diversion, parallel imports, and product tampering, which are all outside of the scope of serialization and pedigree. The recent highly publicized heparin scandal is an example where product integrity and patient safety was compromised because of poor quality standards, testing methods, and product adulteration at an outsourced manufacturing site. However, pedigree laws are focused on securing the supply chain after a product is manufactured. Therefore, the heparin contaminaton would not have been prevented, or even identified, through compliant pedigrees. Pedigree compliance, and serialization in particular, should be viewed as part of a more comprehensive product security strategy that includes other anticounterfeiting, track-and-trace, and product security measures.
Threats to the integrity of the drug supply are likely to intensify in the coming years. Although enforcement of the California pedigree law has been delayed until January 1, 2011, the complexity of implementing mass serialization across outsourced operations will lead many companies to continue working toward compliance now. Most manufacturers expect that a mass serialization solution will take between 18 and 24 months to design and implement. Furthermore, inventory levels at 3PLs and wholesalers are likely to push companies to become fully compliant with pedigree laws well before the published deadline. This puts added pressure on manufacturers with outsourced partners. Failure to take action could place companies at risk of non-compliance in time, potentially leading to penalties. Consequently, it is important that manufacturers with outsourced operations continue to prepare and engage all outsourced partners to proactively design and implement mass serialization solutions.
Todd Applebaum is the vice president of strategy and operations, Scott Dicks is the practice manager of brand integrity, and Frank Gaibor is a senior consultant, all at Maxiom Group, Waltham, MA, 781.250.4900, tapplebaum@maxiomgroup.com