e-Pedigree to the Next Degree

Electronic pedigree is the future of supply chain security. Those still waiting and seeing might want to stop waiting and start tracking.
Mar 01, 2008

Peter Spellman
The debate over the desirability of electronic pedigrees is largely over. With less than a year until the kickoff of California's e-pedigree law, companies are moving toward implementation. The new conventional wisdom: Electronic pedigrees not only improve patient safety and product security but also enable business value.

Industry experts have concluded that e-pedigrees are the most effective way to prevent counterfeit drugs from entering the drug supply chain. The rich, precise, and secure product information and transaction detail within the e-pedigree provides a chain of custody as a drug moves through trading networks. The result is a new level of threat detection and investigative capability for all companies in the pharmaceutical supply chain.

These security investments can be turned into business value: Sharing the electronically captured information with trade relations, sales, supply chain management, and manufacturing operations groups can improve supply chain operations and related business processes.

As the January 1 deadline to meet California's mandate approaches, companies need an e-pedigree road map to expedite their path to regulatory compliance and product security and to position themselves to capitalize on their e-pedigree investment by gaining greater control of their supply chain.

Laying the Foundation

The e-pedigree movement reached an important milestone in 2007 with the ratification of the EPCglobal Drug Pedigree Messaging Standard (DPMS). The standard provides a data format that complies with all state and federal government regulations and allows trading partners to send and receive data in a secure, interoperable manner, using existing data-transfer technologies.

The standard's security mechanisms ensure that data cannot be forged without easy detection, while interoperability provisions ensure pedigrees are understandable by all trading partners, regardless of e-pedigree vendor.

The standard is the key to enabling pedigree compliance in California—and the rest of the country. More than 100 companies across the industry are implementing electronic pedigrees based on DPMS. They are establishing an interoperable information network to support secure trading-partner collaborations and communications.

E-pedigree's security and business potential are apparent from its contents. E-pedigrees contain data on a product's physical movement and financial flows with a granularity and timeliness not previously available. Product information includes the drug name, National Drug Code (NDC), unique pedigree serial number, lot numbers, expiration dates, quantity and strength, and product serial number (if product is serialized at the item level). Transaction information consists of transaction dates; trading-partner identification (name, address, license number); date received; related financial transaction information (such as purchase order or invoice number); company representative receiving the product; and each transaction's validation.

Planning Pedigree

You must understand state and federal regulations and how your company will be affected by these complex and varying requirements. With that analysis in hand, you can develop your specific regulatory requirements and map your pedigree initiatives to your company's product-security and business requirements. As part of the plan, you will identify how e-pedigree will affect operations, which IT systems are affected, and the scope of required resources.

It is important to plan nationally. While initial deployment may focus on a single state, you should build the foundation for a national rollout, since most pharma products are sold in all states.

To develop an e-pedigree road map that aligns your business goals with an e-pedigree technology solution, consider these main components:

Vendor/product selection The first step is the selection of an e-pedigree software vendor. Look specifically at exception-processing support, integration points, deployment requirements, hardware and software prerequisites, costs, and how much operational support a vendor's product provides.

Product functionality The software should provide all the capabilities you require. Otherwise, you'll incur higher operational costs or require custom development to supply the functionality.

Software delivery Will the software be delivered as a packaged solution or as a toolkit? If you go with a toolkit approach, you will need to plan for custom code development. If you select a packaged solution vendor, make sure the vendor is committed to future-proofing its solution as regulatory standards, operational factors, and technologies evolve.

lorem ipsum