• Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

Drugs

  • Print
  • Share
  • E-mail

Counterfeit Drug Task Force Report 2006 Section V: What technical issues related to electronic track and trace need resolution?

1. Mass Serialization

Issue/Background

Mass serialization involves the incorporation of a unique identifier number on each drug package in order to track the individual drug package as it moves through the drug supply chain. We sought comment on mass serialization numbering schemes, including the preferred numbering convention, the merits of incorporating the National Drug Code (NDC) number and its impact on patient privacy, and the timetable for mass serialization across the drug supply chain.

What We Heard

Almost all the comments recommended that industry use a single numbering convention to reduce costs and complexity. One comment noted that multiple numbering schemes could lead to conflicts (e.g., duplicate numbers for the same item) and incompatibility between points in the distribution chain. Several comments suggested that using random numbers for the product identification component of the electronic product code (EPC) could increase security, while concealing proprietary information about the product or manufacturer. However, other comments suggested that the EPC should include the manufacturer ID as part of the code.

Many comments addressed whether or not the NDC should be included in the unique identifier. Many comments were concerned that RFID tags could be surreptitiously read, and if the NDC was included, it could jeopardize the privacy of patients and potentially endanger the drug supply chain. However, pharmacies and their trade groups supported the inclusion of the NDC, arguing that their information systems currently identify products by using the NDC and that they might incur significant costs to change these systems if they used an EPC that did not include the NDC. Some of these comments also noted that the NDC plays an important role in the dispensing process and it would be disruptive to workflow to have to consult another database to link the EPC number to the NDC number. However, a couple of the comments noted that it is not necessary to include the NDC as a component of the unique identifier because, pursuant to FDA regulations (21 CFR §§ 201.2 or 201.25), the NDC is printed on most drug packaging.

Finally, several comments from stakeholders that are closely involved in developing the EPC standards suggested that the numbering convention be sufficiently flexible to accommodate standards-based numbering systems already in use (e.g. NDC for pharmaceuticals, UID for U.S. Department of Defense, EAN.UCC for consumer goods.)

Discussion

We continue to believe that using mass serialization to uniquely identify all drug product packages in the U.S. is a powerful tool in securing the nation's drug supply. The issues surrounding which numbers should be included in this unique identifier are complex. The NDC number is ubiquitous as an identifier of drug products for inventory, dispensing, and claims adjudication, among other things. However, because it is such a recognized number, an NDC number could compromise patient privacy and supply chain security if it could be read surreptitiously.

We believe that the NDC number is an important product identifier and it should be closely associated with the product. We note that, currently, for most prescription drug product packages, the NDC number is either printed on the packaging or included in a bar code on the package. We do not anticipate this practice to change.

We also recognize that inappropriate access to the NDC number on individual products raises patient privacy and security issues. These competing concerns, however, can be addressed through IT solutions. Therefore, we believe that for drug product packages using RFID or other non-line-of-sight technologies, the unique identifier should either include an encrypted NDC number or provide an accessible link to the NDC number that is readily available to pharmacies to facilitate their needs.

Ideally, there should be one numbering scheme used in the drug supply chain. We recognize that the technology continues to advance and it is difficult to predict what its capabilities will be in the near future.

Recommendation: 

  • We recommend that the NDC number should continue to be closely associated with the product.
  • We recommend that for non-line-of-sight technology, such as RFID, the unique identifier for the product should either include an encrypted NDC number or an accessible link to the NDC number to protect privacy.

 

2. Universal Pedigree and Uniform Pedigree Fields

Issue/Background

The PDMA limits who is required to pass a pedigree and authorizes FDA to determine what information should be included in the drug pedigree. This information is codified at 21 CFR 203.50. Some States have laws imposing pedigree requirements on members of the drug supply chain not covered under the PDMA. Some States have enacted laws requiring additional information to be included in pedigrees passed with drugs sold in their State. In addition, State requirements differ with respect to the information that must be included in the pedigree. We sought comment on what information pedigrees should contain and how such a uniform standard could be achieved.

What We Heard

Nearly all comments encouraged FDA to implement federal uniform pedigree requirements and standards binding on the drug supply chain and States. Several comments noted the work of stakeholder initiatives, including the Uniform Pedigree Task Force and the EPCglobal e-pedigree standards working group. These stakeholder initiatives suggested data fields that could be captured in a uniform pedigree, including:

  • Product Information: drug name, manufacturer, product NDC, dosage form, strength, container size;
  • Item Information: lot number and expiration date, quantity of units by lot, product serial number (if serialized);
  • Transaction Information: transaction identifier (e.g., PO, invoice) and date, transaction type (e.g., sale, transfer, return), date received;
  • Trading Partner Information: business name, address and license of seller, alternate ship-from location of seller, seller contact information for authentication, business name, address and license of recipient, alternate ship-to location of recipient;
  • Signatures/Certifications: digital signature of seller, digital signature of recipient.

There was near complete agreement that all wholesalers, not just non-authorized distributors, should be responsible for passing pedigree information. Many of these comments urged FDA to take appropriate steps to require a universal and nationally uniform e-pedigree so that stakeholders do not have to comply with 50 different State pedigree requirements.

Discussion

The PDMA requires a statement/pedigree ("in such form and containing such information as the Secretary may require") to be passed with certain wholesale distributions. The PDMA and FDA's pedigree-related implementing regulations define the information that must be included in a pedigree.

We continue to believe that a universal e-pedigree (i.e., a pedigree passed by all wholesalers, not just those who are not authorized distributors of record) that documents the movement of every prescription drug product from the manufacturer to the dispenser would be an important step in preventing counterfeit drugs from entering the drug supply chain.

We also agree with the comments that a single, national, uniform pedigree would be ideal to help ensure efficient distribution of safe and effective medicines. To be most effective and efficiently communicate chain of custody and other information about the drug product, it would be ideal if all members of the drug supply chain passed a pedigree that was uniform across all States. Fifty different State pedigrees will no doubt create confusion in the marketplace and could stifle interstate drug trade. For example, the pedigree laws that were enacted in Florida, California, Indiana, and other States contain different requirements.

Under existing law, FDA lacks statutory authority to implement a universal and nationally uniform pedigree. If legislation is considered in this area, we stand ready to provide technical assistance.

Recommendation: 

  • We recommend that FDA provide technical assistance if legislation in this area is considered in Congress.

 

3. Data Management/Data Security

Issue/Background

For e-pedigree transmission to be successful throughout the drug supply chain, business partners at each point in the supply chain should be able to share information effectively and efficiently. The choice of data management practices and standards becomes an important one for all stakeholders. One issue that has been raised is whether the data/information should be stored in one central database or if a distributed approach (where each stakeholder's system exchanges information with other systems) should be used.

What We Heard

A majority of the comments advocated the use of a distributed database approach to data management. Many noted that a centralized database would be more costly, slower to implement, a threat to patient privacy, and could disrupt drug distribution if the database was unavailable or compromised for some reason. Comments suggested that secure peer-to-peer transactions would be possible under the distributed model. One comment suggested that data management be controlled centrally via a third party, contractually-managed by FDA.

A few comments suggested specific data security measures, such as pedigree documents having digital signatures to maximize document integrity, authentication, and non-repudiation. Some comments referred to existing data transmission standards used elsewhere, specifically Public Key Infrastructure, Federal Information Processing Standards, and the ISO/ICE standards 17799 or 12207. One comment noted that e-pedigrees could be authenticated electronically, using electronic verification of the digital signature and the signed transaction content for each transaction. One comment promoted the use of biometric log-on methods to improve security.

Discussion

It is vital that specific event information contained in the electronic pedigree be secure. We have no preference as to whether the data is housed in a central database or in a distributed scheme. Based on what we heard, it is our understanding that e-pedigree is technologically feasible with either model and even in a hybrid environment, where some data is stored in a central database while other data is distributed across company servers. We believe it would be most efficient to let the market and technology dictate how to best capture and access the data in e-pedigrees.

We do believe that it is essential that every entity in a drug product's chain of custody has access to the product's pedigree data all the way back to the manufacturer, in order to verify and authenticate the pedigree. It is also important for FDA to have access to the information in matters of suspect illegal activity.

Recommendation: 

  • We have no preference whether a distributed versus central database is used, as long as every entity in the chain of custody for the product has access to information about that product all the way back to the manufacturer.

 

4. Privacy Issues

A. Labeling/Disclosure/Education

Issue/Background

There is general concern that an unauthorized person might be able to read the information from an RFID tag on a drug without the possessor of the drug knowing it, possibly disclosing personally identifiable information or the name of the drug. We sought comment on whether privacy concerns are warranted and whether it is possible for an unauthorized person to read the information from an RFID tag on a drug once that drug is in the consumer's possession. If so, what type of information could be accessed? We also sought comment on how to make consumers aware that an RFID tag is on the drug package and the type of consumer education that would be needed as the use of RFID in the drug supply chain becomes more prevalent.

What We Heard

The majority of the comments indicated that privacy safeguards are needed. However, some pharmaceutical organizations said that patient privacy issues are not a major concern because many of the prescriptions filled at pharmacies are not dispensed in the original bottles from the manufacturer; the prescriptions are instead placed in a consumer-size container, which would not have an RFID tag. Some comments cited concern about persons gaining unauthorized access to information about the type of drug being taken as well as personal identifying information. Several comments said that the RFID tag should not contain information that identifies the drug (e.g., NDC number). Instead, these comments suggested that the tag should contain a random serialized number so that anyone reading the tag would see only a meaningless number.

Many comments referred to the importance of consumer notice and choice and the use of fair information practices. Comments noted that notice of the presence of an RFID tag on a drug package should be clear, conspicuous, and accurate. Several comments indicated that one way to address the issue of consumer notice is to use a symbol on the package. There was uncertainty, however, as to where the symbol should be placed.

Some comments pointed out that many concerns about privacy are due to concerns about database security (i.e., once the data is collected from an RFID tag, how secure is the database where it is stored?).

The majority of comments said that consumer education is needed for the successful adoption of RFID across the drug supply chain. Many comments indicated that consumers should be informed of the benefits of RFID (e.g., how RFID can help secure the drug supply chain), as well as the risks associated with the technology (e.g., potential threat to privacy). According to some comments, consumers should also be educated about the options that are available for deactivating or removing the RFID tag. Most comments said that FDA, as well as experts in academia, industry, and patient and consumer groups, should be involved in developing education programs.

Discussion

Privacy issues are a real concern for consumers and FDA. These concerns will continue unless there is appropriate disclosure of the presence of an RFID tag on containers given to patients and sufficient education about the application, true risks, benefits, and vulnerabilities associated with RFID tags on drug products. This is no easy task.

Although we support the use of a statement or symbol to disclose the presence of an RFID tag on a drug product package, it is important that manufacturers work with FDA to develop an appropriate message or symbol. Most statements made on the labeling of prescription drug products are regulated by FDA and subject to agency pre-approval. We, therefore, recommend that manufacturers should work with FDA before choosing a statement or symbol to add to their product labeling.

We also are willing to work with stakeholders to develop a uniform statement or symbol that can be used to signal the presence of an RFID tag on a drug product package to use in educational campaigns. Such campaigns would help consumers to readily identify and understand the meaning of the statement or symbol.

We do not propose to issue guidance at this time regarding statements or symbols on drug product labeling to indicate the presence of an RFID tag.

Consumer education is necessary. Potential messages could include educating consumers about RFID, the benefits of its use for patient safety, the privacy risks, possible risks from RF emission, and deactivation and removal of the tag. We do not currently have the resources to lead educational efforts. However, we will work with manufacturers and other stakeholders in their efforts.

Recommendation: 

  • We recommend that FDA work with manufacturers and other stakeholders in their efforts to develop appropriate messages, symbols, or statements for labeling of drug products and packaging that contains an RFID tag.
  • We recommend that FDA work with private and public sector organizations in their efforts to educate consumers about RFID.

B. "Turning Off" the RFID Tag

Issue/Background

Some people have suggested that the RFID tag should be "turned off" or deactivated before it leaves the pharmacy, or that patients should be given the choice of whether it is "turned off". We sought comment on the advantages, disadvantages, and feasibility of deactivating the tag.

What We Heard

Many comments indicated that deactivating or removing the RFID tag at the point of purchase (i.e., the pharmacy) would effectively address privacy concerns. However, some comments pointed out that while deactivating or removing the tag would address privacy concerns, it may also prevent post-sale benefits (e.g., recalls) which would have been possible had the tag remained active/in place.

Some pharmacy groups said that the tag should be deactivated prior to arrival at the pharmacy retailer to ensure that no patient is inadvertently sent home with an active tag. One comment said that in practice, deactivating the tag at the point of sale is not feasible because it would place too much responsibility on pharmacists and may re-expose the drug to unknown radio-frequency effects. Some comments indicated that FDA should provide guidelines to ensure privacy protections through RFID tag deactivation or removal.

Many comments suggested various deactivation methods. Some of the suggested options were: kill function (total or partial), blocker chips, encryption, read protection, decommissioning with individual tag password, tag destruction, placing RFID tagged objects in a foil lined bag (which would prevent unwanted reads), and database controls. There was no consensus on the best deactivation method. However, a standards organization commented that it is evaluating tag deactivation, taking into consideration the consumer and industry benefits of post-sale uses of RFID tags. The point in the supply chain where RFID tags should/could be deactivated is also being evaluated.

Discussion

There are benefits to both keeping the RFID tag active after sale and deactivating it before dispensing the product. We believe that an active tag can provide valuable information if the drug product finds its way back into the drug supply chain. FDA has found counterfeit and diverted drugs in the drug distribution system when drug wholesalers, third-party return entities, or manufacturers return drugs for credit and/or destruction. Those products with active tags would be easier to identify and track through the supply chain. That said, we respect the privacy concerns, however, and do not believe that it is necessary for an active tag to go to the patient.

It is unclear whether technological methods to deactivate the tag in the normal course of business are mature enough for use in the marketplace at this time. We believe that this issue warrants further discussion among stakeholders, technology experts, and consumers, about the viable options and we are not prepared to make a recommendation at this time.

Recommendation: 

  • We recognize that this is an important issue, but do not have sufficient information to make a recommendation at this time.

 

CONCLUSION

 FDA's vision of a safe and secure drug supply chain is premised on transparency and accountability by all persons who handle the prescription drug, starting with the manufacturer and ending with the pharmacist who hands the drug over to the patient. Drug supply chain efforts that capitalize on advances in electronic track and trace technology to create a secure electronic pedigree further this vision.

With the implementation of the PDMA regulations in December 2006, we expect that supply chain stakeholders will move quickly to adopt electronic track and trace technology, implementing RFID in a phased-in approach. We recognize that there are important issues that still need resolution, such as privacy concerns and uniform and universal pedigrees that might benefit from further discussion by stakeholders or Congress. However, these issues should not hinder the forward progress and momentum toward widespread adoption that we have witnessed and expect to continue. Companies should continue to tag drug products, build infrastructure across the supply chain for using an e-pedigree, and remain vigilant in their responsibility to provide a safe and effective drug product to the patient.