Tracking Pharma’s Serialization Efforts

Pharmaceutical serialization deadlines are almost here, but many companies are not all that far along in their implementations (or even, in some cases, their strategy development). Pharmaceutical Technology asked a number of experts to share what they are seeing out there regarding serialization readiness.

In the first interview in this series, Brian Daleiden, vice president of marketing for TraceLink, shares detailed observations on pharma's readiness for serialization and track and trace in general. 

PhamTech:  From your observations, how well are pharma companies progressing in their serialization and track and trace efforts?  

Daleiden: Progress in the implementation of track and trace requirements has been highly variable across the industry. There seems to be a growing realization among companies that implementation of serialization and track and trace is much more complicated and time-consuming than many people in the industry initially believed.  The process can entail massive complexity at the systems, data and operational levels.

In general, we see the following types of approaches among pharma companies:

• Proactive, aggressive rollout of global track and trace programs. Companies taking this type of approach want to build an agile infrastructure that embraces the global regulatory/data management diversity and builds in flexibility to respond to new regulations or changes in existing regulations. These companies are looking to reduce the cost, risk and time for secure compliance, to ensure market availability for drug products across their diverse global markets, or to potentially gain a competitive advantage over industry rivals in key markets or supply channels.

• Incremental deployment in a “just in time,” localized approach. Companies that adopt this type of approach are looking to isolate their serialization and track and trace deployments on a country-by-country basis. This type of strategy is often driven by resource constraints or by operating models that focus on strong local decision-making.

• Just getting started in understanding the regulatory and business requirements, and compliance planning. There is a segment of the market, particularly in the small-to-mid-sized company or the pure virtual space, where companies are really just beginning to define the serialization and compliance infrastructure they need. These companies  are just starting to deeply engage with the contract manufacturing organizations and third-party logistics (CMO/3PL) partners they rely upon and the wholesale distribution customers they serve to discuss regulatory requirements and business expectations. Some of these companies were originally looking to outsource all of their serialization and traceability compliance efforts or to postpone investment for another year. But, as the knowledge of serialization complexity and timelines has started to flow across the industry, they are now realizing the internal requirements they face even in an outsourced model or even now planning to shift some work in-house due to the potential risks and hidden costs of outsourcing.

• Haven’t undertaken a formal internal serialization compliance program at all. Some companies are currently outsourcing their serialization compliance and completely placing all decision-making in the hands of their partner. Others believe that enforcement of the regulations will be delayed.

PhamTech: How advanced are contract manufacturing and packaging organizations’ efforts? Do you see more operating companies involving them in planning/implementations?

Daleiden: Some contract manufacturing and contract packaging organization (CMO and CPO) programs are quite advanced, with a comprehensive analysis of their customer base and regulatory requirements that have fed a detailed serialization program and serialization management infrastructure. For a large segment of CMOs though, there is a lot to do. Many CMOs have taken a "wait and see" approach whereby they will determine their serialization approach based on incoming customer requirements. This creates several challenges for the CMO. Customer requirements often pile up late as deadlines approach without some guidance from the CMO as to realistic implementation timelines. Customer requirements often conflict with each other as some customers may require things such as aggregation while others don’t. Different enterprise serialization systems in use by customers may also impose diverse integration and data management challenges on the CMO’s internal serialization infrastructure. These CMOs that take a passive approach will face a myriad of business challenges meeting near-term regulatory timelines effectively while setting themselves up for long-term success.

More companies are actively involving CMOs in planning and design
We have recently seen a significant increase in the number of pharmaceutical companies that are actively involving their CMOs in planning and design processes, rather than just presenting a set of requirements for implementation. As operating companies started to survey their supply partners to gauge serialization readiness, interpretation of regulatory requirements and preferences/capabilities for data exchange ---from serial number generation and commissioning through the shipment of serialized products--- it became evident that there was a very wide disparity of opinions and plans across the supply partner community. In response, many operating companies have started to take a very hands-on approach toward engaging their CMO partners, from one-on-one planning meetings to broad educational webinars across their entire CMO ecosystem, seeking to drive some measure of standardization on operating requirements and data management standards.

PhamTech: Can you please comment on any significant projects you’ve been working on?

Daleiden: We’ve been working on dozens of major projects across multiple geographical serialization / track and trace compliance requirements, including US DSCSA (lot-level and serialized), China, EU, Brazil, South Korea, India and others. These projects span myriad regulatory requirements (serialization, traceability, verification and government compliance reporting), operating ecosystems (internal packaging, CMO/CPO packaging, 3PL distribution, supply chain distribution), and data exchange methods (Healthcare Distribution Management Association Electronic Data Interchange/Advance Ship Notice (HDMA ASN), GS1 EPCIS, XML, CSV). Some of the projects are designed to test and deploy the concept of a global serialization control tower to centrally manage diverse supply networks across diverse country compliance regimes. Others are designed to test out live integrated connections to new compliance systems such as the European Hub operated by the EMVO for implementation of the Falsified Medicines Directive for 2019. Still others are designed to test out new data exchange and operating models such as the EPCIS pilots being undertaken to test out serialized data exchange models for the Drug Supply Chain Security Act (DSCSA) compliance. Every year, we’re seeing one to three significant new country regulations become finalized which kick off a whole new set of implementation projects.

PhamTech: What are the greatest technical challenges that industry still faces in terms of meeting serialization efforts, but also establishing pre-requisites for tracking and traceability?  

Daleiden: As I see it, the pharmaceutical industry really faces four key challenges in meeting serialization regulations while appropriately managing the cost, risk and time for track and trace programs. These challenges include:

Network definition. A pharmaceutical company preparing for the US Drug Supply Chain Security Act (DSCSA) or other serialization deadlines needs to establish complicated bi-directional data exchange connections with a diverse set of supply and trade partners. Serialization is not simply putting a number on a bottle. From internal packaging sites and CMO packaging facilities to 3PLs and downstream trading partners, the pharmaceutical company’s serialization and compliance infrastructure must share extensive master data (product, partner and company) and transactional event information that is coupled to operational triggers. This may involve orchestrating connections between dozens to thousands of systems across a company’s supply and trade network, connections which have to be made with companies that simultaneously making their own decisions on many of the same issues.

Clear understanding of scale. The transition from lot-level tracking to unit-level serialization and traceability creates an explosion of compliance data, which must be generated and managed along with a massive increase in transaction events, which must be managed at operational speeds.

Traditional enterprise infrastructures and relational databases simply aren’t designed to deal with these information flows. The serialization data generated, and the master data and transactional information related to a uniquely serialized product that is captured and shared as a product is packaged, shipped and verified across the supply chain is an order of magnitude larger than the related information associated with a product under lot-level production and distribution. The serialization events which need to be tracked and managed are much more diverse than lot-level events, and much more intimately connected to the real-time operational processes from packaging site through internal distribution and out into the supply chain.  

Changing regulations. Change and evolution are constant with respect to track and trace regulations, mandating that the serialization and compliance infrastructure be designed to support this new reality. Governments continuously launch new regulations or evolve new rules on existing regulations. We see this in the United States, where the overall regulation evolves from lot-level traceability and verification to interoperable, electronic item-level traceability over the course of several years. Other regulatory bodies from the EU to Brazil continue to publish updated rules and regulations. Trade partners impose new business requirements related to track and trace regulations. Under the US Drug Supply Chain Security Act (DSCSA), for example, wholesale distributors and other supply chain members have now started to publish their expectations for the aggregation of serialized drug product identifiers between unit-level and case-level product.

Technology standards for data exchange that companies need to support and collaborate on with network partners continue to evolve, including HDMA ASN and GS1 EPCIS. Finally, the ability to connect to and interoperate with diverse enterprise infrastructures is also a big challenge. Mergers and acquisitions create technical challenges when companies or operating facilities are acquired which use different ERP, WMS or line management systems from those currently in use. These create significant master data management issues for the crucial product, partner and company master data that needs to be provided to the serialization and track and trace systems for compliance. A heterogeneous internal and supply ecosystem also creates a diverse set of existing operating processes and triggers which need to be harmonized for integration with the compliance system.

Ensuring supply. The emergence of serialization and related compliance regulations now means that there is a new layer of systems that are part of the critical production and distribution process. Now, the ability of a pharma company to supply medicines to its customers depends on the ability of the serialization and compliance system to be operational 24x7x365.

Pharmaceutical companies and other supply chain stakeholders need to prepare, check and provide a variety of compliance data as drug products are shipped, received or analyzed by operating facilities, creating great technical challenges for the compliance system,  which needs not only to manage massive data but also needs to be ready to respond (at operational speeds) to queries on this data from a diverse set of business systems. Serialized product returns verification under FDA's Drug Supply Chain Security Act (DSCSA) is one example of an emerging challenge where operational processes from one industry stakeholder (the wholesale distributors) can be tightly coupled with the compliance system of another stakeholder (pharmaceutical company).

In addition, master data is becoming an unexpectedly difficult to master for global compliance. A diverse set of over 30 distinct product, partner and company master data fields must be captured, cleansed and incorporated into track and trace compliance activities, from serial number generation and commissioning to government compliance reporting. These master data fields include not only expected data elements (e.g., product code or unique company identifier) but also highly country-specific fields such as scheduled drug and product image in India and the current supply price in South Korea.

PhamTech: Please comment on the unique challenges posed by upcoming deadlines in European regulations under the Supply Chain Directive and their impact on strategy and technology solutions.  In addition, have there been changes to other national regulations and enforcement deadlines in other parts of the world that are having any impact?

Daleiden:  EU False Medicines Directive (FMD) regulations create several data, operational and network challenges for pharmaceutical companies, marketing authorization holders (MAH), CMOs, and others across the supply chain. I think that as companies have started to analyze the Delegated Acts for Safety Features, unexpected issues have started to bubble up which is making EU FMD compliance much more complicated than was first expected.

FMD creates an umbrella regulation covering the member states of the European Union, plus several other countries aligning to FMD requirements. So first off, companies need to treat the EU FMD, not as a single harmonized track and trace law to meet, but instead as a standardized serialization, reporting and verification regulation that is adjusted depending on the products involved and the target markets supplied within the EU. The EU FMD acknowledges the uniqueness of each member state by providing some flexibility in how the regulations apply for drug products targeted for dispensation within a given country.

For example, the law requires the MAH to capture and report in the product master data notification to the EU Hub the target market(s) for a drug product. A drug product may be regulated as a prescription medicine in one member state but not another, thereby creating serialization requirements for some drug packages and not for others depending on the target market.

Certain prescription drug products may be white-listed, or exempted, from the safety feature requirements while certain OTC medicines may be included in FMD regulations due to their risk profiles. One member state may prefer to use the standard GS1 GTIN to identify the drug product, while another country may require a unique national product code. Member states may also require additional data, such as a national reimbursement number, to be captured and stored in the barcode and reported upon with each drug product. Although serialization at the transport container or case level isn’t required by law, and neither is aggregation, as internal distribution sites and 3PLs, wholesale distributors and others in the supply chain look at how they will meet the regulations, it is becoming increasingly apparent that case serialization and aggregation may become necessary business requirements for many pharmaceutical companies serving the EU.

These are some of the complexities facing a pharmaceutical company preparing their internal packaging sites and external CMO network, and the CMO looking to serve a diverse pharma client base for the EU. It imposes the need to have a flexible serialization infrastructure that can support diverse data sets for products targeted across the EU member states, the three EEA countries and Switzerland, which are following EU FMD regulations. Network management is a particular challenge for EU FMD compliance when a pharmaceutical company looks at their sizeable internal packaging network and external CMO packaging network which needs to be on-boarded and serialization-enabled.

In addition, scalability is an extreme challenge in preparing for EU compliance. Product packs are manufactured in a unit-of-use presentation in the EU as opposed to the larger bulk containers that many medicines are produced in for the US market. So the unit count for serialization to be implemented across the medicine supply for the EU Falsified Medicines Directive (FMD) is massive, with many estimates topping 10 billion units annually for the industry.

Beyond the EU, there are several other changes, new regulations and modifications of existing enforcement deadlines that are creating significant impact on pharmaceutical companies and their supply network partners. These include:

• South Korea regulations, which set deadlines for phased implementation between Jan. 2016 and July 2017. The nation has established complex government compliance reporting requirements with the Korea Pharmaceutical Information Service (KPIS) system for serialized product shipments, returns, destruction and error corrections for prescription pharmaceuticals coupled with monthly reporting of OTC medicines.

• India. Phased implementation between April 2016 and April 2017 of extensive Drug Authentication and Verification Application (DAVA) compliance reporting for both large pharmaceutical companies and smaller SSI manufacturers including reporting of company, product and distribution partner master data, batch / pre-production notifications, batch withdrawal notifications, production/serialization notifications and shipment notifications.

• Brazil. Modification of the existing 11.903 law and RDC 54 regulation into a new proposed track and trace law whereby information of serialized product products, movements of such drug products across the supply chain and other related transaction events must be captured and reported to a central repository by each industry stakeholder (manufacturer/importer, wholesaler, and pharmacy dispenser). This is a change from the existing regulation where the pharmaceutical marketing authorization holder was responsible for the capture of all product movements and transaction events across the supply chain.

• Saudi Arabia. Phasing in of the serialization requirements for drug products starting in Mar. 2017 and the beginnings of discussions with respect to a central compliance database for reporting purposes. The approach that Saudi Arabia takes for serialization and compliance reporting is setting a baseline which is being closely watched by other countries in the Middle East.

In addition, other events (e.g., publication of the draft Russia track and trace regulation with unique serialization and reporting requirements, and China’s SFDA’s announcement that it intends to suspend the existing traceability system and modify the traceability regulations) highlight the continually evolving nature of regulations.

PhamTech:  Have companies you work with, for the most part, been taking a long-term approach and building in foundations for traceability into their serialization efforts, or are most just focusing on serialization and meeting requirements

Daleiden:  Most of the companies that we have been working with have been trying to incorporate a long-term traceability and business value vision into their serialization efforts. At minimum, even where there is a purely a serialization regulation, it has become clear to most companies that serialization doesn’t mean merely putting numbers on bottles and that the information generated and the network connections developed have great potential value to the business.

To comply with serialization regulations that a pharmaceutical company must meet as well as serialized product management and verification requirements which might be imposed from a business perspective, there are a myriad of network connections to develop and product/transactional data which needs to be exchanged for serialization, shipment, returns, exception management and other operations across the supply chain. So this realization has led to a baseline level of traceability analysis and planning for most companies.

Beyond that, many of the companies that start early in the preparation process find several opportunities for business value and can use this to inform serialization and traceability design to simplify or speed realization of these benefits after the wave of compliance has been met.  There are a myriad of opportunities where a highly connected supply network and rich integrated serialization and traceability data can be leveraged to improve the business. These benefits range from the near-term pragmatic, such as improved inventory management or returns reconciliation, to the transformative, such as direct patient engagement and optimized product launch planning. Even if the detailed infrastructure and operational planning isn’t tackled at this stage, at least more companies are bringing in other stakeholders from across the organization to educate them on the serialization and traceability program, thereby stimulating thinking about the future.

PhamTech: Ideally, how should companies go about laying the groundwork during serialization to simplify implementation of traceability

Fundamentally, a company must take an “outside-in” approach to serialization programs to not only simplify traceability implementation but also ensure that packaging lines and serialization-enabled sites will meet the diverse regulation and business requirements which are coming into force. This approach is the only way that all external influences can be identified, analysed and prepared for which will impact the serialization system and the packaging line configuration.

The outside-in approach involves doing a detailed network analysis of:

• The markets that a company current serves or is planning to enter in the next three to four years.

• The regulations in force or in the development stage for those countries to determine not only the unique serialization data requirements, but also identify the business events and operational triggers which must be planned for, and the required data exchanges that these events cause across the internal production, internal distribution and supply chain distribution.

• The supply network that the company uses, including internal packaging resources and external CMOs. This helps determine which business and operational systems these resources use, their integration and data exchange requirements, and the implementation and integration preferences of the partners.

• The trade partner network that a company uses. Wholesale distributors and other supply chain partners may make assumptions about how serialization data is captured and configured when they use this information for receiving, product verification and other activities. If a pharmaceutical company doesn’t engage with at least their key downstream trade partners to vet assumptions, data mismatches can occur. We saw this happen during the California ePedigree serialization pilots where pharmaceutical manufacturers and wholesale distributors had different assumptions on issues (e.g., whether a serial number field should be padded with leading zeros or not), which caused receiving errors during distribution when the data from the barcode didn’t match the serialization data sent by the manufacturer for verification.

Using the outside-in approach, a company can get a holistic view of the market-partner-system requirements to identify up-front any data or connectivity conflicts, resolving them during the planning stages when deadlines are distant rather than during commercial go-live stages where retrofit is costly and time is running short.

PhamTech: What progress has been made in standardizing requirements?

Daleiden: There has been only moderate progress globally in standardizing regulatory requirements. Some of the greatest progress in standardization has been made in on-package information and data exchange areas. Increasingly, global regulations are generally aligning to GS1 standards for on-package and product identification, particularly the use of GS1 barcoding standards (2D DataMatrix, etc.) and the use of GTINs.

Data exchange standards are starting to solidify, or at least coalesce around some common themes. In the US for lot-level product traceability, there is strong alignment in the use of HDMA ASN as the baseline data exchange format, although implementation has seen considerable customization from company to company within the use of optional data fields or business extensions to the standard. In the US for DSCSA serialization and serialized product data exchange, there is general consensus in the desire to leverage GS1 EPCIS as the foundational standard. To this end, the GS1 US Healthcare organization and a diverse set of industry stakeholders have been working diligently to create an updated implementation guideline which will serve as the basis for DSCSA serialization data exchange and inquiries. EPCIS is also gaining traction as a common data exchange approach at the packaging line to enterprise serialization system level.

But there is considerable diversity in several of the overall regulatory requirements facing pharmaceutical companies and the rest of the supply chain. Countries continue to implement a diverse mix of overall track and trace regulations designed to meet their unique governmental goals, which span from anti-counterfeiting and healthcare reimbursement to drug supply monitoring and taxation control. The regulatory regime adopted by a country generally includes some mix of the following:

• Serialization. Unique identification of product across one or more packaging levels generally starting at the saleable unit or secondary level. Aggregation is required in some countries and not in others while varied data elements beyond the standard four of product code, lot number, expiry date and serial number may be mandated.

• Traceability. Tracking and tracing products and their transactions across diverse events such as changes of ownership or product movements. These regulations often require direct data exchange and management of traceability information between supply chain partners.

• Verification. Verification of product identity at one or more points in the supply chain, such as at dispensation. Some regulations may mandate verification of transaction data as well during situations such as suspect product investigations.

• Government Reporting. Reporting of a mix of master data, packaging  and serialization information, supply chain transaction events, exception information and other data across the birth to death of a serial number or a product from manufacture to dispenser.

Within each one of these regulatory areas, countries are adopting a variety of master data and operational information requirements, data management rules, data exchange requirements and overall governance policies, which creates a complex patchwork of requirements for global compliance.  No two serialization regulations are ever completely alike. Today, the predominant approach we see globally is the application of serialization and government compliance reporting regulations.