It’s been all quiet on the electronic pedigree front of late. After high-profile epedigree pilot programs and a flurry of legislative activity over the past few years, a lull has set in. Like so many issues in the U.S., epedigree has taken a back seat to the national health care debates and the economy. And with national pedigree laws foundering in Congress, it appears that drug manufacturers are taking a breather and contemplating 2015, when California’s pedigree mandate takes effect.
It’s a welcome respite, says Scott Dicks, a practice manager for Maxiom Group, a life sciences focused consultancy (www.maxiomgroup.com). Manufacturers have been put through the wringer over epedigree—there was a time when 2007 was California’s must-comply deadline, and later 2009. Manufacturers can use the time to regroup. And drug makers are jaundiced when it comes to any “mandate” pitched at them. Eleventh-hour decisions in California and Florida to water down and delay tough pedigree laws have “engendered a degree of skepticism by manufacturers,” says Dicks.
“State legislation isn’t necessarily going to move manufacturers into immediate and robust action,” Dicks adds. “People have been burned twice.”
|Four Levels of Brand Security
By Scott Dicks, Maxiom Group
Level 1: Basic Compliance (paper or electronic pedigree a la Florida): Just hardware, software and ensuring integration with partners with an overlay of simple “process” components (e.g., shipping procedures)
Level 2: Compliance with Serialization (a la California): Above plus management of parent-child relationships of serial numbers, processes for returns/resupply based on individual serial numbers (e.g., I need to return this unit), processes for voiding and recreating pedigrees and a pedigree certification process. Note: Parent-child relationships of serial numbers, in particular, can make the hardware/software/integration with partners hard enough by itself as this process needs to start at the point of manufacture.
Level 3: Compliance plus Supply Chain Visibility: In addition to the above, you potentially need data transfer back from downstream supply chain partners that is tied to either individual serial numbers or case serial numbers, as well as reporting and alerting (which could be from one system or multiple solutions), and integration with other internal systems.
Level 4: Overall Brand Security Approach: In addition to the above, sophisticated data monitoring/trending (Are there any spikes in shipments to a certain location? Are the serial numbers ending up where they were intended to go?), in-field authentication with follow up/compliance processes. All of these functions would work across disparate systems, multiple level supplier/distribution partner hierarchies, etc.
The four levels are akin to a “maturity model” concept. Many companies would love to attain the highest level of maturity, having full visibility across their supply chain with resolution processes for any non-compliance, but not all “need” that level. I suspect that large companies with clout among the wholesaler/distributor community may be able to reach aspects of level 4. Many manufacturers will be happy with level 2 and may not have any internal capabilities. The rest will occupy the middle ground, similar to what you see with any other solution area.
What will move them to action? True brand security issues, for one. Companies that have experienced product diversion or counterfeiting, or are concerned that their products are at risk for those problems, are moving forward with efforts to provide product authentication throughout the supply chain. As a result, some of the focus on pedigree has shifted more towards authentication, and serialization in general.
Whereas pedigree emphasizes documenting the chain of custody between trading partners, California’s concern has been with authenticating the “saleable unit” and ensuring that each carry an electronic product code (EPC) that allows manufacturers to track every bottle or packet to the provider, and from the consumer trace it back to the specific lot in which it was manufactured in the plant. European regulations, too (in Turkey, France, and elsewhere) are focused more on product authentication, and are driving companies to pursue item-level serialization in favor of pedigrees.
Brand security and supply chain optimization are still both vital concerns, Dicks says, and product serialization and electronic pedigree documentation can provide a foundation for both efforts. So it’s not a matter of if, or even when, manufacturers will take action. Rather, they must decide whether their objective is merely epedigree compliance, global compliance, or a broader initiative to ensure supply chain security and product integrity, or improve visibility and performance of the supply chain (Box, right).
A Manufacturer’s Nightmare
Currently, there’s no single and easy way to do electronic pedigree with serialization, since the decisions that need to be made—where to initiate a pedigree, how to reconfigure packaging lines, what software to use, how to integrate with one’s enterprise systems, and how to establish greater visibility and cooperation between supply chain partners—differ by product and market. “There are no standards. It’s a manufacturer’s nightmare,” Dicks says.
Ironically, most of the successful pilots have been shut down and mothballed, says Bob Neagle, Business Unit Manager in the Brand Protection group at Videojet, which provides hardware and solutions for many pharma epedigree programs. But after a quiet 2009, Neagle believes 2010 is the year in which these manufacturers will draw upon past experience , qualify epedigree-related vendors, and ready themselves for wholesale epedigree implementations. Neagle sees this happening in 2011.
Second- and third-tier manufacturers don’t have the benefit of experience, Neagle notes. Many of them are looking to co-packers and distributors for answers, but they have time to figure things out, he says. If you’re one of the big manufacturers like a Merck or Pfizer that has hundreds of packaging lines, there’s no time to waste. If you have one or two products and a few production lines, time is on your side. One caveat, however: those who wait until the last minute may encounter difficulty in finding a vendor available to complete the installation before the deadline, he says.
Contract manufacturers have decisions to make, too, says John Danese, director of life sciences product strategy for Oracle. “CMOs vary widely in the level of technical infrastructure in place to manage product serialization and the two-way data communication required to receive and export serialized product data,” he says. Some CMOs will see epedigree and serialization expertise as a value-added and a way to separate themselves from the pack. On the other hand, he says, “CMOs who rely on faxes for communication with their customers are going to be blindsided.” (Editor’s Note: For a full Q&A with Danese regarding epedigree, click here.)
From a technology standpoint, the path to epedigree has been cleared. Standards body GS1 has developed standards for item coding, data capture, and data exchange, whether a manufacturer wants to use barcodes or RFID chips (via the EPCglobal standards). GS1’s U.S. arm has developed a 2015 Readiness Program to benefit members and build upon their collective experiences. And most major IT vendors (SAP, Oracle, IBM) have either specific, workable pedigree options as part of their suites, or partnerships with an array of targeted pedigree solutions providers.
On the hardware side, there’s less confusion as well. Equipment and technology standards are in place, and the notorious barcode vs. RFID debate has essentially been put to bed. “Everybody’s going 2-D barcode now,” says Kim Loughead, director of solutions marketing for Axway, a software company which helps clients manage pedigree requirements. Dicks, Neagle, and Danese concur. Barcoding is much cheaper, and initial concerns about barcodes not being fast enough to accommodate certain production speeds have now been resolved, she says.
EMEA-regulated countries have standardized on barcodes as well, she says, making it an easy call for most global manufacturers. Even labels for Viagra and Oxycontin—the subjects of RFID pilots at Pfizer and Purdue Pharma—are also barcoded, she notes. RFID at the item level may crop up again in the future, but for now you’ll see it at the case and pallet level to help manage bulk shipments, she says.
Lest we forget, some manufacturers are still doing product pedigree by paper. Florida and a few other states still allow paper, Loughead says, but manufacturers will need to change, if not by law (as in California) then by pressure from distributors who won’t accept paper pedigrees from their manufacturing partners. “McKesson, for example, simply won’t take paper,” Loughead says.
Loughead agrees with Neagle that 2010 will be a critical year for major manufacturers. “The top 20 all have workable serialization plans, but of those only a handful—maybe five to eight—actually have programs already,” she says.
Where to start, or restart, depends on the manufacturer, she continues. Many are implementing first in one of their smaller facilities so that they can work out the bugs before introducing pedigree in larger sites. Others with high-risk products have started there out of necessity to address counterfeiting and diversion issues. Most global manufacturers, Loughead says, are piloting serialization in facilities in the EU or in EMEA-regulated countries, since chain of custody requirements are more immediate there to address reimbursement fraud issues.
In the Plant
To implement epedigree, manufacturers have myriad hardware and software concerns to deal with. On the hardware side, they must establish what serialization coding structure they will adopt (typically GS1-related), what labels and labeling equipment to incorporate, what barcode or other readers they’ll use, where and how often they’ll collect data, and how to get lines revalidated after they are retrofitted.
A growing list of vendor companies and consultants are providing either turnkey or fairly standardized solutions, Neagle notes. Videojet, for its part, counsels clients on the above concerns, how to integrate data with manufacturing and warehouse execution systems, and to aggregate information so that it is available to partners and regulators.
Cost is an issue, but not the primary driver for the plant-level implementation, Neagle says. Manufacturers will do some shopping around for software, printers, vision systems, and professional services, but will ultimately go with what works best and causes the least pain.
It’s the higher-level IT and data management issues that will perplex most manufacturers. One dilemma is whether or not, or to what degree, to merge and manage electronic pedigree with one’s ERP system. There are two schools of thought, says Loughead. There are those who want epedigree information to be integrated and accessible companywide, and prefer the simplicity that working closely with an SAP or Oracle can provide. Most major manufacturers belong in this camp, Loughead says. In the other camp, there are those who feel their ERP should remain “clean” and free from data that is not so much “transactional” as it is for storage.
“First you’ve got to decide to what degree you’re going to integrate with your ERP,” says Neagle. “Is it going to be tightly coupled or sitting off to the side?” Large manufacturers realize economies of scale by adopting serialization IT systems worldwide, he says. Other considerations include hardware costs, as coding equipment and packaging line control systems are necessary for each and every site.
In Neagle’s experience, if the IT department is running the show, they’ll tie epedigree to the ERP. If Operations is calling the shots, they won’t. Ideally both IT and Operations would cooperate, but that’s rarely the case, he says.
Manufacturers are not technically tied down to any software configuration, Dicks notes, but ERP vendors with existing or upcoming pedigree and serialization management add-ons, such as SAP or Oracle, have made it cost-effective to tap their solutions and partners. Still, many SAP and Oracle users still choose to enlist the support of a specialized pedigree solution such as Axway, Tracelink (formerly SupplyScape) or rfXcel to manage pedigree data requests and store information. The key is to be able, in this changing regulatory environment, to have an IT configuration that can adapt as the regulatory requirements change.
Then there’s the question of how to integrate with supply chain partners. If one’s serialization codes are not compatible with their distributors’ (not to mention retailers’), how can data be shared and compliance be ensured? There’s no easy solution. Companies like Axway or provide solutions that allow distributors to pull the right information from manufacturing or enterprise systems to populate their pedigree databases. More and more, this integration is being done via shared web portals.
Still, it’s the in-house stuff that will be hardest, says Danese of Oracle. How do you get the right pedigree information and ensure that it is available, and accurate, in real time? This even trumps coordinating data with partners, he says. “The issue of making it accessible to other parties is not as difficult, as portals, business-to-business standards, etc. have existed for a while, and communication channels have been opened due to innovations like EDI (electronic data interchange) and XML (extensible markup language).
Options and Timelines
So we’re all on course for 2015? Not exactly, says Dicks. Barring legislative upheaval, 80% of product lines across the industry can be epedigree ready by 2015, he predicts. Those that aren’t ready will likely be major manufacturers who implement first on their high-risk, high-value products, and have the regulatory clout to be forgiven for lagging a bit on their lower-priority drug lines.
One year is about the right amount of time to plan for implementing epedigree on a given product’s supply chain, says Dicks—if it’s a straightforward situation. A typical small-molecule product at a smaller manufacturer, with either internal or outsourced operations. Liquids and biologics would add complexity, as would cold chain items.
“There are even those companies with very simple environments, that will be able to simply buy or contract an outsourced solution,’” Dicks says. “If all the partners are willing and working together, that one year could become six months.”
The “nightmare scenario”, however, would be a large manufacturer with a complex product portfolio cobbled together from various mergers and acquisitions. Think Pfizer-Wyeth, Roche-Genentech, or Merck-Schering Plough. These companies have diverse product lines spanning medical device, biotech, small- and large-molecule, scattered facilities, and myriad legacy systems, all of which will require more effort, and time, to sort through.
Neagle agrees that one year is about right, and that six months is possible in some cases. The first month can be spent installing equipment, which will require some slowdown and even shutdown of the line. The major IT implementation and integration comes next, then developing a use case and testing it out. After a few successes, manufacturers will be able to streamline their efforts and make their implementations more systematic.
Loughead advises to get with your distributors and other supply chain partners as soon and as much as possible. “Find out exactly what they’re going to need and when they’re going to need it,” she says.
If there’s one thing that nobody’s giving much thought to yet, it’s the patient, Loughead adds. Manufacturers will need to work with distributors to provide a means—such as a web portal that confirms serial numbers—for pharmacies and health care providers to validate the medicines they disburse. For biotechs and other manufacturers that often distribute directly to retailers and health care providers, this burden will be magnified. .
“Everyone is pointing at someone else to solve the problem,” but manufacturers must take responsibility, she says, adding: “It’s not a huge problem . . . They just need to make sure providers have some way to validate the serial number.”