Behind the healthy cover of supply chain security

News in March this year that nearly 30 pharmaceutical companies have clubbed together to support Interpol in the creation of a new Pharmaceutical Crime Programme (PCP) highlights the scale of the challenge faced by Big Pharma when it comes to counterfeit drugs.

The companies - including Amgen, AstraZeneca, Bayer, Eisai, GlaxoSmithKline, Johnson & Johnson, Eli Lilly, Merck & Co, Novartis, Pfizer, Roche and Sanofi - between them pledged €4.5m to the PCP over the next three years, which will build on the work of Interpol's Medical Product Counterfeiting and Pharmaceutical Crime unit.

It is not hard to see why they might have felt it right to make such a major industry commitment: between 2006 and 2009, European customs officials seized 7.5 million fake drugs at the point of entry into the EU; and in 2009 alone, more than 11 million counterfeit or illegal medicines were impounded at the borders.

Delegated acts in the pharmaceutical supply chain

But working with law enforcement agencies, while vital, is only one front in the war against counterfeits and the protection of the pharmaceutical supply chain. The approval of the Falsified Medicine Directive in February 2011 was a major step forward and, from 2014, another is set to transform the pharmaceutical manufacturing landscape when new laws - 'delegated acts' - to harmonise the serialisation and verification of pharmaceuticals come into play.

Delegated acts are normally designed to lay out in practical terms what new legislation demands in principle; for example the introduction of obligatory safety features, ways in which a product will be verified and, particularly important in this context, the characteristics and technical specifications of any unique identifier.

Delegated acts will have almost the same status and clout as a full directive, and will outline the requirements for serialisation that the industry will be expected to meet, after which it will have three years in which to implement them, explains Francois-Xavier Lery, head of section for pharmaceutical care, consumer health protection and anti-counterfeiting at the European Directorate for the Quality of Medicines & Healthcare (EDQM).

"The acts will normally say what the data carrier will be for the information - how the information is put on the pack - so it could either be print or a serial number, or a code or a tag," Lery says. "However, manufacturers pretty much know what it is already; the EC has said it will be a 2D barcode. But we still need to discover exactly what information needs to be coded or printed on the pack; the question is the detail.

"A lot of manufacturers, understandably, have been preparing for this for years. But the exact nature of the requirements is still uncertain. So they are preparing without yet knowing what the exact requirements will be, which makes life somewhat difficult. Three years to implement would be a short timeframe if you were starting from scratch, but then the industry is not starting from scratch."

Anti-counterfeiting traceability

Lery is also project manager for eTACT, the EDQM's anti-counterfeiting traceability service for medicines. The project emerged from analysing the situation three or four years ago and seeing all the systems using different standards. Many countries had realised that something had to be done at a national level and that they could not wait for EU legislation, and were starting to develop their own standards at a national level. So there was the potential to have 27 or 28 different standards.

"This is where eTACT has come in, to develop a pan-European approach for traceability systems," Lery says.

So, will the new EU-wide serialisation regime work, and what will it cost the industry to put in place?

"Serialisation will help at the end of the supply chain, at the point of dispensing, and it should stop re-routed or diverted packs from being dispensed to the patient," says Lery. "It will create more traceability in the supply chain, so you are not only verifying the point of dispensing, but also verification and information capture. There is the potential for transparency of vision at different points."

There will, of course, be a cost. Within the packaging side, instead of having thousands or millions of packs with the same information, each should have different data, which will undoubtedly increase costs. It will be the same situation with a pallet containing multiple packs, and whether a new identifier will be required for the pallet.

"It will make a difference," says Lery. "Having said that, the counterfeiter also knows it is happening. It is a never-ending cycle; the counterfeiters are always catching up."

Security, ultimately, does not only come from secret features or coding; it is about using standards to develop systems with inherent security. In some ways, it needs to be the same as what the banking industry went through when it was developing internet banking; there are, obviously, many security elements within e-banking without having to go
down the path of recognition features.

"Serialisation is not going to create a watertight supply chain on its own," explains Lery. "What is, or should be, watertight is a combination of serialisation and tamper-evidence features. It needs to be a combination of different approaches."

David Colombo, global serialisation implementation leader at Eli Lilly, agrees.

"Certainly, the industry should not see serialisation as a panacea," he says. "It is an important weapon in the anti-counterfeiting arsenal, but it needs to be viewed as just one weapon among many."

The need for serialisation and various tamper-evident and product protection features is due to the prevalence of counterfeited, diverted or adulterated drugs. Serialisation, holograms, tamper evidence, secure pallets and trailers equipped with GPS are all attempts to secure the legitimate supply chain. There also has to be an element of addressing this issue through education and public awareness efforts.

This is a complicated space that requires different tactics, of which serialisation is just one. It is part of broader efforts to secure, deter and educate, with serialisation coming under the 'secure' moniker, product protection features and tighter distribution channels categorised as 'deter', and 'educate' encompassing all efforts to raise public awareness on the dangers of counterfeit medicine. Strong collaboration with law enforcement and internet service providers is also a necessary tactic.

Feeling the heat in drug packaging

Manufacturers using old hot-stamping technologies to mark the product's lot number and expiration date might find themselves faced with an expensive upgrade, depending on the number of packaging lines still using this technology.

"We will see technology improvements in printing and automated inspection systems continue as the regulatory and quality bar is raised," explains Colombo. "Most large companies have already updated their packaging lines and technologies to be in a position to physically print and inspect Data Matrix codes, which are 2D barcodes that have been widely adopted to carry serialisation data."

When it comes to preparing for serialisation, there are at least three key elements. Firstly, at the packaging line level, sophisticated IT functionality and automation control systems will be required in the form of a packaging execution layer that can accommodate line speeds without compromising print quality and automated inspection processes.

Secondly, changes at the packaging plant level will be required. The manufacturer will need to ensure they are managing how products are packaged within each plant facility and securely collect the serialisation data from the individual packaging lines; for example, a plant site may have five lines running five different batches concurrently, so controlling and transmitting the resulting data to a plant-level repository is critical.

Thirdly, upgrades will be required at the enterprise level. A manufacturer's ERP system must be able to securely receive and verify serialisation data from multiple plant sites, and store the data in an appropriate repository in order to be externally transmitted to government agencies, trading partners, or customers.

This effort is focused on ensuring that a counterfeit product does not turn up in the legitimate supply chain or, in the unlikely event that it does, precise data on the product and facility in question can be generated for distribution channels deploying track-and-trace models. Such data would be useful evidence in determining possible entry points and the potential broader impact so that appropriate countermeasures can be implemented.

"I would expect serialisation to be effective in that it will be difficult for a criminal to supply illegitimate serialised product using a legitimate transaction that is electronically recorded and digitally signed, through legitimate distribution channels comprising licensed and authorised distributors of a pharmaceutical product," says Colombo.

"They would have to be really good to do that, especially considering that the serial numbers are often randomised or non-sequential, and not easily guessed in advance because they are also linked to the product code, lot number and expiration date. The extra scrutiny that pharmacy authentication systems and track-and-trace systems will provide is invaluable. Imagine that the next package that is dispensed could be for an important person in your life.

"Pharmaceutical product serialisation is definitely achievable from the manufacturer's point of view, but the key is not just to say 'let's do a pilot'; there is enough experience out there to know what the solution entails. Rather, it is important to address this issue holistically; for a manufacturer it is about ensuring that the necessary solutions and systems architecture are in place to handle the global scale and complexities that serialisation brings.

"It is also about understanding how serialisation impacts existing business processes and quality systems in order to be prepared for this significant change.