How Can Global Markets Establish and Implement Efficient, Flexible, and Effective Global Pharmaceutical Serialization and Traceability Systems?

Eric Marshall, Senior Director, Leavitt Partners
Alissa McCaffrey, Senior Associate, Leavitt Partners

I.  Introduction

The safe and efficient development, transport, and dispensing of pharmaceutical products is essential to health maintenance, the treatment of illness, and the curing of disease. Increasingly, this movement of capital, information, and goods through the supply chain has occurred across borders as new pharmaceutical markets emerge around the world, and particularly as commercial manufacturers increase outsourcing activities for raw materials and active pharmaceutical ingredients.[1] As a means of securing and protecting these more complex and interconnected global pharmaceutical distribution networks and supply chains, the pace of regulations that mandate pharmaceutical serialization and traceability has quickened. Therefore, understanding serialization, the ways in which serialized data should be used, and the implementation process for traceability systems and functionalities is of primary importance.

Serialization is the process by which products are marked with a unique identifier—typically a unique number or alphanumeric code—and is beginning to be leveraged to enhance supply chain security. The unique serial number, along with other related information, is typically encoded in a barcode that can be read electronically. Serialization itself provides virtually no benefit to the supply chain, rather, it is the use of that serialized data in a traceability system that enhances supply chain security.[2] The infrastructure and processes that leverage serialized data in some manner to improve supply chain security are collectively referred to as a “traceability” or “track and trace” system.

Traceability, or track and trace, systems can provide an audit trail of the path of a package from the current entity/owner back to the manufacturer, or identify the current owner of the product and the pathway the product has taken to get to its current location. (Throughout this paper, we will use “traceability” or “track and trace” interchangeably to refer to any system used to verify, authenticate, track, and/or trace product throughout the supply chain, whether retrospectively or in real time.)[3] Serialization is the enabler for various systems to trace or track product. For example, once a unique serial number is affixed to an individual product package (referred to as serialization), then systems can be developed to generate a report from the supply chain of when each trading partner purchased and sold the package carrying that unique serial number (referred to as traceability). Although serialization requires large investments of time and resources, with the appropriate infrastructure and technology, the data acquired from serialized product can be leveraged to address challenges that countries face, such as counterfeiting and diversion, by increasing visibility and control in the supply chain. Further, knowledge of product location and product owners throughout the supply chain can help identify where an illegitimate product entered the legitimate supply chain or can allow for more precise and rapid recall of pharmaceutical products if necessary.[4] The relative benefits of such systems depend on the specific data discovery and data reporting models used in a given country.

A breach of the pharmaceutical supply chain can have serious public health consequences from product shortages to medical complications, and in severe cases, even death. The market for counterfeit drugs has expanded in recent years, posing a risk to patients, as these are often substandard products that are physically indistinguishable from valid product. The risk of medication diversion and theft is an additional supply chain security concern. When drugs are diverted or stolen, the quality and safety of the product cannot be assured or maintained as these drugs may be intentionally altered or damaged due to improper storage or exposure to contaminants. According to the World Health Organization (WHO), the existence of substandard, spurious, falsely labeled, falsified, and counterfeit (SSFFC) medical products affect every region of the world, and medicines from all major therapeutic categories.[5]

The processes of serialization, authentication, and traceability of product would fight counterfeits by enabling stakeholders to catch duplicative and unauthorized serial numbers and enabling the creation of a supply chain visibility for each product (e.g., to see the specific distribution path for a product). Though these functionalities depend on system accuracy and sustainability, a well-implemented, well-tested, and accurate model could provide great public health benefits.

Cost-saving mechanisms inherent in well implemented and optimized serialization and traceability systems include improved recall efficiency—product can be automatically blocked from continuing in the supply chain as soon as a recall notice is issued. Further, over time, systems leveraging serialization can reduce waste and excess inventory through increased collaboration and sharing across the supply chain.

As mentioned, the pace and volume of pharmaceutical serialization requirements are growing quickly. Several jurisdictions, including the United States and the EU, currently have active serialization and traceability requirements.[6]^,[7] Additionally, at least twenty countries are considering, or in the process of developing, their own serialization requirements.[8] This rapid expansion of serialization around the world has great potential to result in conflicting requirements and/or operational challenges for supply chain members, particularly those who manufacturer and/or distribute product in several different markets. This puts a premium on the development of serialization requirements that are aligned and interoperable across borders.

II.  Key Principles

For the various markets in pursuit of enhanced pharmaceutical supply chain security, the following are ten key principles for effective, consistent use of serialization. These principles were developed through collaborative discussions within RxGPS, a stakeholder alliance with representatives from each of the four major sectors of the pharmaceutical supply chain (manufacturers, wholesale distributors, third-party logistics providers, and dispensers) who have first-hand experience implementing serialization and traceability requirements in the United States and around the world. The principles therefore reflect the technical and policy expertise of industry leaders with broad knowledge, and deep understanding, of effective approaches to serialization. The following principles contain the flexibility to adapt a serialization system to specific market goals and characteristics, but highlight the interconnectedness of the global pharmaceutical market, and therefore, a need to establish interoperable requirements around the world.

1. Any country mandating serialization or traceability should clearly identify the goals and purposes of the mandate.

Serialization of pharmaceuticals can have various applications in the marketplace. However, there are also many supply chain problems for which serialization may not be the appropriate solution. Further, there are multiple approaches to traceability following the serialization of product, each with their own considerations including ease, cost, and duration of implementation. Therefore, it is imperative that each country identify its goals prior to the development of serialization laws or regulations in order to identify the best way to achieve that goal.

For markets where the primary concern is ensuring that patients receive authentic medication, a “point of dispense” model—where products are authenticated by the end user (i.e., pharmacist) using data from the manufacturer—may be the most appropriate. This approach offers the benefits of being less complex and less costly; it also provides a baseline that can be built on by future requirements, if desired. Alternatively, if the primary goal is to monitor supply chain velocity or to enable visibility of the specific location of product currently within the supply chain, a full track and trace model may be most appropriate. A traceability system, involving every member of the supply chain, may be necessary to meet the goals of a country, but it requires substantial amounts of planning, investment, and coordination among industry and government. Ensuring that the goals of a serialization system are articulated prior to development of that system will ensure maximum return on investment.

However, it is important to remember that serialization in and of itself is not the sole answer to full supply chain security. In fact, serialization has little value unless the serialized data are leveraged in a traceability system to verify, authenticate, track, or trace products in the supply chain. Even then, many other security protocols (e.g., Good Manufacturing Practices, licensure and registration requirements) are integral in maintaining the safety, efficacy, and authenticity of pharmaceutical products. Serialization is one important tool that can advance the security of the legitimate supply chain and reduce fraud, but it is by no means the only tool, or the most appropriate tool, for addressing all supply chain security concerns.

Further, serialization, as done specifically for pharmaceutical products, does not necessarily have broad applicability across products or industries. For countries seeking to secure their medical device supply chain or incorporate enhanced security measures for food products, separate systems and protocols that work within the confines and regulations of each type of industry and supply chain are likely necessary. The pharmaceutical industry has specific supply chain members, stakeholders, and protocols, used around the world, for which the serialization systems discussed here are uniquely adapted and relevant. Countries are advised to maintain this distinction for both ease of implementation and probability of success in achieving enhanced security for pharmaceutical products.

2. Mandatory requirements should be limited to those requirements necessary to secure the supply chain and should provide flexibility that allows for the addition of voluntary complementary functionalities.

Serialization and traceability requirements should be specifically tailored to achieve a country’s goals. The implementation of a serialization and traceability system is very expensive and burdensome; overbroad and unnecessary requirements add to that burden while slowing implementation of the system. If limited initially to those requirements necessary to establish sufficient supply chain security, serialization then presents significant opportunity for the development of valuable additional services such as inventory management and improved dispensing accuracy, and legal requirements should not prevent or impede the development of such additional, complementary practices. However, these additional functionalities should only be pursued once a baseline level of supply chain security has been established.

One example of an unnecessary and burdensome requirement is the mandate to upload a product, or lot, photo in addition to the serialization data gleaned from scanning of the product barcode. Not only does a product photo provide no discernable security benefit above that which is provided by the capture of serialization data, but a product photo is irrelevant to the tracing of a package of that product. Further, installing the equipment to obtain product photos can be quite costly, and obtaining such photographs is a time-consuming process that impedes the efficient movement of product. Additionally, photo files take up exponentially greater data storage than text, which would put an unnecessary strain on any communication network and database storage facilities.

Also unnecessary and burdensome are any serialization data reporting requirements other than those related to a change of ownership. As product moves through the supply chain, it is often moved through different facilities and by different entities while still under the ownership of one supply chain partner. This may include intracompany transfers by a manufacturer from a manufacturing and packaging facility to a distribution center, instances in which a contract manufacturer produces product for a manufacturer that maintains ownership of the product, or situations where third-party logistics providers (3PLs) are used to transport product between supply chain members. The location of distribution centers may vary with regard to the distance from the packaging facility, including across country borders; however, so long as the product is still under ownership of the manufacturer, the manufacturer is responsible for security of the product and has systems and processes in place to ensure that products are properly and securely handled, transported, and delivered to a new location. The serialization reporting requirements should therefore lie with the manufacturer alone, not with contract manufacturers or the various manufacturer-owned entities. Further, 3PLs should not be separately accountable for serialization data as they are never owners of the product that they are transporting; responsibility for security, and therefore serialization and traceability requirements, should lie with the entity contracting with the 3PL. Traceability data should only be captured and shared when product ownership is transferred from one supply chain partner to another. This will help to ensure that a traceability system is optimized to spot anomalies for further investigation, rather than raise concerns about good product within the legitimate supply chain.

It is also important to put reasonable limits on serialization requirements as inappropriate or unnecessary use and sharing of serialized data can actually enable the use of that data for fraudulent practices and decrease the security of the supply chain. For example, requirements to report data for product intended for export introduces unnecessary risk into the supply chain as (1) product data would be unnecessarily duplicated, which introduces room for errors, and (2) product data stored in servers outside of the country where the product is intended for sale, in addition to within the importing country, multiplies the risk of a security breach. Given that foreign serial numbers and aggregation data are of no use domestically, security breaches would increase the risk of counterfeits. For instance, counterfeit product could be labeled with authentic aggregation data and then sold in foreign markets.

3. The value of serialization is the ability to verify the authenticity of packages introduced into commerce. Serialization and reporting should be tied to the smallest unit intended to be sold to a dispenser.

Industry’s experience with a variety of systems across the globe indicates that the most cost-effective and efficient way to achieve supply chain security is through the ability to authenticate pharmaceutical packages in commerce. This is primarily because the risk that product will be diverted or illegitimate product will be introduced occurs while product is moving through the supply chain. Therefore, security can be achieved by ensuring that product that exits the supply chain and is delivered to patients is authentic. To do so, serialization is necessary for the smallest unit intended to be sold to a dispenser. This is often referred to as the “secondary package” or “salable unit.” It is not necessary to serialize primary packages for this purpose.[9] In fact, the majority of markets implementing or considering serialization focus on affixing an identifier to the secondary and tertiary-level packages.

Serialization at the primary level should be avoided for several reasons. First, serialization of the primary package is operationally difficult and sometimes even impossible (e.g., small packages on which a serial number will not fit or a barcode may not be easily readable). Primary package serialization is also expensive—estimated at an additional $1 million per packaging line over “saleable unit” serialization, and most manufacturers use many lines to package products. Additionally, for markets where serialization information is aggregated up to higher level packaging, serialization of the primary package exponentially increases the amount of serialization data that must be stored in databases and/or communicated between trading partners.

Markets considering primary package serialization are often seeking effective product authentication, often by the patient. However, product authentication is best achieved via the secondary package. Not only does authentication by the dispenser, rather than by the consumer, facilitate product checking by professional and informed pharmacists and physicians at the point of dispensation, it ensures the best opportunity for authentication of intact packaging, which might otherwise be destroyed after the patient has received the product. Further, difficulties in scanning from small primary packaging or difficulties interacting with a verification portal may cause patients to discard medicines that are perfectly good. Patient-level authentication also complicates the process of data access management and raises important questions, legal and otherwise, about how to handle product that is deemed “invalid” by a consumer, rather than a licensed health care professional.

4. Mandatory requirements should be phased in over time to allow supply chain participants sufficient time to transition to new operational practices.

Implementation of serialization and traceability requirements is expensive, time consuming, and technologically challenging. Each manufacturer has its own strategy for where and how it packages its products and, similarly, each manufacturer will have its own strategy for how it updates its packaging lines to comply with new serialization requirements. Serialization requirements should be staged in a manner that recognizes these important business implications and provides flexibility to manufacturers.

First and foremost, all compliance deadlines should be based on the date of publication of final, clear guidance, as industry cannot begin implementation until a complete and final set of requirements is available. This includes instances when new requirements indicate a change in scope from a previously published law, regulation, or guidance, given that these types of changes will significantly impact the implementation process. Changes in scope should be written and published through a country’s formal rule-making process, and compliance deadlines should be revised accordingly.

Additionally, a single compliance date should not be used for all products. Serialization should be phased in over multiple years with each manufacturer required to serialize a set percentage of its product during the first year after the compliance data, serialize an additional percentage the following year, and so forth.[10] This approach is preferable to an approach in which the regulator identifies the types of products to be serialized in each year because such requirements can have a disproportionate and unfair impact among manufacturers with different product mixes. In addition, a phased approach ensures that stakeholders have sufficient time for implementation, and that each piece of the system is working properly before moving to implementation of the next piece.

In moving toward implementation of a system for using serialization, countries should focus first on implementing product verification by the end-user (i.e., pharmacy). More elaborate requirements provide modest additional value, yet drastically increase the complexity and time for implementation. A verification model, by contrast, is essential to the safety of the supply chain and also provides the highest return on investment. In a verification model, product serial numbers are authenticated prior to the dispensing of the product. Once a product is no longer in circulation, that serial number is decommissioned.

Unlike a verification model, full traceability provides “check points” at every point along the supply chain; each member of the supply chain capture and maintain information about (1) from whom it bought the product, and (2) the person to whom it sold the product. This exponentially increases the number of connections between trading partners and/or any database(s) used to store serialized data. Further, it highlights the need for development of an interoperable system of communication between supply chain members, a time-consuming process. Full traceability also necessitates the development of systems to aggregate serialization data, another complicated and time-consuming process which requires significant testing to ensure functionality, safety, and security. Given the complexity of these additional requirements and the minimal added benefit that they impart on patient safety and supply chain security, they should not be considered until the benefits of authentication and decommissioning of serial numbers have been realized. If traceability is desired, a country must establish an implementation timeline that provides sufficient time to develop, implement, and test the functionalities discussed above.

5. Data ownership rights should be respected and protected across all sectors reporting or sharing data.

Product data, including data related to purchase and sale of the product, is valuable and sensitive. Ownership of, and rights to, that data should be carefully protected and should not be used or shared in a way that has anti-competitive effects. For example, manufacturer access to data regarding specific sales volumes to specific pharmacies could impact the competitive environment for wholesale distributors.

Additionally, each trading partner should only be responsible for the accuracy of the data it generates; a trading partner should not be responsible for the accuracy of data generated by others. Akin to how responsibility for product safety is transferred to the subsequent member of the supply chain following a transactional change of ownership, each trading partner can only understand the accuracy of the data that it, itself generates while it has ownership of the product. Each trading partner will have unique protocols for generation and storage of serialization data, as well as an individual company-specific timeline for upload/sharing of such data. As long as the data are shared in a consistent format, with inclusion of consistent data points, the generation of that data should be governed by internal business practices. Therefore, only that specific trading partner will have sufficient access and insight to ensure data accuracy prior to the upload or sharing of that data with additional trading partners.

6. The organizations with responsibility for the product should have access to authentication data.

The manufacturer and other parties responsible for the product need access to data regarding authentication attempts to best detect supply chain security concerns. In practice, this means that regardless of where serialization data are stored (e.g., in individual “distributed” databases, or in a country-wide “central” database) each trading partner who generates and shares data should have access to some basic information about those data as well as the data that are shared/uploaded by upstream and downstream trading partners. It also means that traceability systems must have the capability to record a list of those who have accessed the serialization database(s), and that list must be accessible by the entities who have owned the product.

For example, if multiple verifications are attempted with regard to a single unit, the manufacturer should have access to that information in order to investigate the legitimacy of those attempts. Of course, access to authentication data must be balanced against privacy interests of stakeholders and patient safety. This means that access must be secure, password-protected in some fashion, and limited to those entities that have the capacity to resolve data errors and address any suspect product concerns resulting from notable data discrepancies. It may also mean that certain parts of the data are redacted. 

As described above (Principle 3), patient-level authentication of serial numbers complicates the process of data access management. Not only is primary package level authentication not recommended due to the practical concerns described above, authentication by patients would necessitate a database that is accessible for upload by any person in a country. This would open these secure databases to significant risk of unauthorized access, which would completely undermine supply chain security. Further, supply chain trading partners should not be obligated to respond to data concerns expressed by patients. This would take significant time and resources that would best be spent working with other supply chain members and regulators to ensure that product is authenticated before being dispensed to a patient.

Appropriate regulator access to authentication information is also important to supply chain security. Again, depending on where the data are stored, and who governs the database, systems and processes for ensuring appropriate regulator access may vary. In some cases, particularly when using distributed, trading partner-owned databases, it may be most appropriate for trading partners to share the data in question with the regulator.

7. Economies considering serialization should adopt global approaches because they promote efficiency, reliability, and effectiveness.

The use of standards is critical to developing a working, interoperable system for sharing information. This is especially true in the global market when such an interoperable system must communicate across oceans, borders, and continents. GS1 is a globally-recognized standards-setting body, and virtually every market considering or implementing serialization mandates the use of GS1 global data standards, specifically for identification and serialization of pharmaceutical products. Per GS1 standards, the unit identifier includes four data elements: a 14-digit GTIN (globally unique), a 1-20 digit serial number (at the discretion of the manufacturer), the product expiration date (YYMMDD format), and the batch number (up to 20-digits). The four elements should be included in a human readable form and should also be encoded in a 2-dimensional DataMatrix, as shown below.

[11]

GS1 standards also guide the capture and sharing of data related to products carrying this unit identifier. The Electronic Product Code Information Services (EPCIS) is a widely utilized standard for sharing event data. The goal of EPCIS is to enable disparate applications to create and share data between trading partners and internally about each product event (e.g., the initial serialization or “commissioning” of a product, the shipment of a product, the dispensing of a product). EPCIS can operate within diverse information technology (IT) environments to identify where products are and why they are there.

One benefit of using global data standards is that such standards can speed and ease implementation of systems for serialization and traceability. Global standards promote efficiencies that reduce costs, and simplify compliance projects. This efficiency and costs savings facilitates implementation and speeds up patient access to safe and secure product.

In addition, global data standards facilitate international commerce through interoperability and promote competition and expansion. The use of country-specific standards is a barrier to global trade. Stakeholders must have servers that can communicate with one another, and data must be transferable, without alteration or translation, from trading partner to trading partner. Utilizing data standards creates a common language among different servers, which enables supply chain members to exchange data in a common and understandable format. Further, the use of global standards removes the disincentive associated with exporting to, or from, certain markets that would require a significant investment above and beyond that which is required by manufacturers to do business in the majority of markets.

8. Markets considering new requirements should leverage successful practices and systems from other markets.

Several countries have made substantial progress toward implementation of serialization and traceability, and the experiences of those countries should inform the development of systems in other countries. By leveraging these experiences, markets can speed and ease implementation by creating efficiencies and lowering implementation costs.

New serialization and data sharing should be consistent with such requirements of other markets. As detailed above, this would include the use of global data standards to ensure compatibility of systems and the applicability of shared learnings. This would also include alignment of requirements with common practices that are used through the supply chain, outside of global standards for product identification and data sharing. One such practice is manufacturer generation of serial numbers. All systems that manage serialization are capable of automatically generating randomized serial numbers in various formats. Allowing manufacturers to generate their own serial numbers promotes efficiency as well as consistency among markets with active serialization requirements (e.g., South Korea, Argentina, Turkey, the United States, and the EU). Another such practice is the automatic upload of serialization data to a database (i.e., rather than manual upload). This approach has been proven effective in a variety of markets including South Korea, Turkey, and Argentina.

9. Serialization and traceability requirements should facilitate, not impede, cross-border trade.

As mentioned above, the first step in facilitating cross-border trade is implementation of serialization requirements that are consistent and aligned with global data standards because a single product often moves between and among multiple markets. In addition, only the requirements of the country where the product will be dispensed should apply. Given that the value of serialization is the ability to verify the authenticity of packages introduced into commerce, any serialization requirement should be set by the country where the packages will be authenticated. Further, since traceability requirements should be tailored to the identified goals and purposes of a country’s mandate (Principle 1), they should be set by the country where the product will be dispensed.

Requirements applicable to exports have significant potential to create confusion in, or conflict with, the requirements of other markets, and also to create security risks. For example, the unnecessary use of serialization data in a country other than the country of dispensation (e.g., an exporting country where product is manufactured) makes the serialization data susceptible to fraudulent use in the country of distribution. As a result, the requirements of one country jeopardize patient safety in another country. Additionally, in practice, conflicting requirements have led to significant logistical challenges, such as the placement of multiple barcodes on a single product. The addition of multiple datamatricies results in scanning confusion, threatens data accuracy, and therefore has the potential to delay product transport and sale.

Serialization requirements should also provide the flexibility for manufacturers to serialize product before or after importation. Product is often packaged in one country and distributed to multiple other countries. Serialization prior to the first in-country sale, by the manufacturer to another supply chain participant, sufficiently facilitates verification and traceability and should be allowed in order to facilitate trade and patient access.

Additionally, shared packs (i.e., the use of the same pack across multiple countries) are common in many regions and are critical to patient access. The use of shared packs allows a manufacturer to utilize the same packaging for multiple markets, resulting in decreased product costs and increased efficiency at the packaging site. Further, shared packs allow use of a single distribution site to service multiple markets, which decreases distribution expense and increases efficiency. The use of global standards (particularly the use of GTINs as the product identifier) is essential to the use of shared packs because all countries where shared packs must, practically speaking, accept the same GS1 product identifier. The addition of data elements, such as national identifier codes, can also increase the size of the 2-dimensional datamatrix past practical feasibility.

10. The implementation and operation of a system for leveraging serialization must be a cross-sector, integrated, and shared effort, and no individual sector should bear an inequitable share of responsibility.

To achieve supply chain security and improved patient safety, the full scope of the supply chain must be considered. Because the pharmaceutical supply chain is a highly complex, interconnected web of companies, the perspectives of all parts of the supply chain (i.e., manufacturers, wholesale distributors, third-party logistics providers, dispensers) are critical to the success of a serialization and traceability system. Stakeholders should be consulted frequently in advance of adoption of serialization/traceability regulations to support transparency and collaboration in system design. The organizations that make up the supply chain are best positioned to understand operational needs and challenges, and their input should be carefully considered when developing serialization and traceability requirements.

Each sector should bear an equitable share of the responsibility for supply chain security. Given the complex and interconnected nature of the supply chain, the security of the supply chain requires the effort of all participants. The responsibilities that must be shared among supply chain members include the funding for serialization database construction, the development of interoperable systems of communication between trading partners, the storage and maintenance of serialization data (including accuracy of the data), and the investigation of suspect and illegitimate products when deemed necessary by the regulator or other trading partners. Systems that place an inordinate amount of these responsibilities onto one sector (e.g., manufacturers) are unduly burdensome for the supply chain and raise liability concerns, specifically around data accuracy.

III.  Benefits of a Distributed Database

The principles for utilizing serialization outlined above apply to all markets regardless of the type of data model that the country uses. Two different models are often discussed or implemented: a distributed database model (distributed model) and a centralized database model (centralized model). In a distributed model, data are stored in a multitude of separate data repositories (often stakeholder-owned) that have the ability to be interconnected for communication or reporting purposes; supply chain participants or regulators must access and query the various repositories in order to obtain all the data necessary to generate a full report. In a centralized model, all data are accessed from a central storage repository for reporting; all data are mapped to the central location, and all supply chain participants move a copy of their data to that location for storage and query. While there are benefits to a centralized model (particularly if the data will be used by a regulator for purposes other than supply chain security, such as monitoring inventories), a distributed database model may ultimately be the superior option for most markets.

Compared to a centralized model, storing data in distributed databases is much more cost-effective, especially when leveraged by multiple economies. As centralized databases grow larger and larger over time, they become more expensive to maintain and secure, and more difficult to connect with other markets. The enormous size of centralized databases also contributes to the burden of implementation along with the development of a single method of connection for all parties involved. Conversely, a distributed model can leverage existing data and databases and allows multiple methods of connecting and continued use of existing service providers.

Centralized databases are also more susceptible to security breaches given that a multitude of data are available through a single point of entry and single layer of security, and are also more susceptible to errors since the data sets stored in a centralized database are duplicate copies of the original data sets. By contrast, a distributed model protects against data errors by relying on a single, initial source of data. Further, distributed databases inherently provide multiple points of entry and multiple layers of security (i.e., one for each database).

Distributed databases also provide the flexibility to accommodate multiple connections, increase interoperability since development of a shared network allows multiple economies to use the same system. A centralized system stores data in a separate database for each economy and necessitates a single method of communication between parties and across borders. The flexibility inherent in a distributed database structure caters to the development of an interoperable global pharmaceutical economy.

IV.  Conclusion

The complexity of the pharmaceutical supply chain, an interconnected system involving a variety of stakeholders and partners, necessitates a carefully planned, deliberate approach to patient safety and supply chain security. The ever-present risk of counterfeit or otherwise adulterated product around the globe has led to a rise in requirements for the serialization of pharmaceutical products as a means of securing the legitimate supply chain and promoting patient safety. When utilized effectively in a traceability model, serialization is an important tool for promoting the use of authentic, safe, and effective medications.

However, varied, complex, and contradictory requirements across the globe do not provide additional supply chain security or patient safety, but drive up costs for all supply chain participants and regulated markets. Further, the confusion caused by misaligned serialization requirements contradicts the fundamental purpose for implementing those requirements in the first place by introducing additional risk to the system. Adherence to the principles outlined above will help to ensure efficient and effective implementation of serialization requirements, promote interoperability, facilitate cross-border communication and trade, and help markets to tailor their traceability requirements to those that provide the greatest amount of security and patient safety for the lowest amount of time and capital investments.

About the Authors

Eric Marshall is a senior director at Leavitt Partners, where he advises complex health care coalitions and provides consulting services in the areas of domestic and international supply chain security; drug, device, and diagnostics regulation; and health care compliance. Prior to joining Leavitt Partners, Eric was an associate with the law firm Faegre Baker Daniels, counseling health care and life science clients on regulatory, compliance, and transactional matters. Eric received his J.D. from the University of Minnesota Law School and has a B.A. from the University of Northern Iowa.

Alissa McCaffrey is a senior associate at Leavitt Partners, where she provides primary and secondary policy research and analysis to individual clients and health care coalitions, primarily in the areas of supply chain security, health care reform, and the transition to value-based payments. Alissa received her B.S. from St. Lawrence University and her M.P.H., with a concentration in health policy, from Yale School of Public Health.

**Marshall and McCaffrey are both advisors to the RxGPS Alliance, a multi-sector industry group that develops consensus strategies, policy principles, and policy recommendations that advance global alignment of drug serialization and tracing requirements.

 

---

[1] Asia-Pacific Life Sciences Innovation Forum Regulatory Harmonization Steering Committee. (2012). Roadmap to Promote Global Medical Product Quality and Supply Chain Intergrity. APEC/RHSC.; Asia-Pacific Life Sciences Innovation Forum Regulatory Harmonization Steering Committee. (2012). Roadmap to Promote Global Medical Product Quality and Supply Chain Intergrity. APEC/RHSC. 
[2] RxGPS, Serialization Primer, March 29, 2016, http://www.rxgpsalliance.org/wp-content/uploads/2016/03/Serialization-Primer-032916.pdf.
[3] This approach is notable due to its divergence from evolving industry norms. This paper does not contemplate the delineation between “track and trace” and “traceability” systems.
[4] Brown, K.D., Nichols, E.L., and Chang, C.F., Improving Pharmaceutical Supply Chain Security: The Costs and Benefits of Global Standards, A report prepared for the Asia Pacific Economic Corporation (APEC) Business Advisory Council, April 2015.
[5] The World Health Organization, Substandard, Spurious, Falsely labelled, Falsified and Counterfeit (SSFFC) Medical Products, updated January 2016, http://www.who.int/medicines/regulation/ssffc/en/.
[6] On November 27, 2013, President Obama signed into law bipartisan legislation known as the Drug Quality and Security Act (DQSA), P.L. 113-54 (27 Stat. 587). Title II of the DQSA is known as “the Drug Supply Chain Security Act” (DSCSA). The DSCSA establishes a national system for tracing and serializing pharmaceutical products and for establishing national licensure standards for wholesale distributors and third-party logistics providers.
[7] On July 1, 2011, the Falsified Medicines Directive (Directive 2011/62/EU) was adopted by the Council and European Parliament and published in the Official Journal of the European Union. Member states had to transpose Directive 2011/62/EU into national law by January 2, 2013. In addition, the Commission Delegated Regulations (EU) 2016/161 lays down detailed rules for the safety features appearing on the packaging of medicinal products for human use.
[8] In addition to the US and the EU, countries with active serialization/traceability requirements (approved regulations with active or pending deadlines) are: India (for exports), Argentina, Albania, Brazil, China, Iran, Jordan, Nigeria, Saudi Arabia, Serbia, South Korea, and Turkey. Countries with emerging regulations include: India (for domestic product), the United Arab Emirates, Russia, South Africa, Algeria, Singapore, Cameroon, Malaysia, Mexico, Taiwan, Chile, Columbia, Libya, Pakistan, Philippines, Ukraine, Albania, Jordan, Canada, Oman, and Indonesia.
[9] There are three levels of packaging that are generally addressed in serialization laws and regulations worldwide:

• The primary package is the level of packing that is in direct contact with the product (e.g., blister card or vial).
• The secondary package is the smallest unit intended by the manufacturer to be sold to the dispenser/pharmacy. In some instances (e.g., a bottle of tablets without an outer carton), the primary package and the secondary package can be the same.
• The tertiary package is the logistical unit that is shipped, the shipper, carton, case, pallet, or tote that contains one or more primary/secondary levels of packaging.

[10] With this approach, downstream trading partners, such as wholesalers, must be able to assume manufacturers have properly chosen to serialize or not serialize a particular product during the transition period.
[11] Image courtesy of GS1 Global. The use of application identifiers (the numbers included in the parentheticals in this graphic) should conform to the GS1 Global general specification.