Closing the Gaps in Drug Chain of Custody

Pharmaceutical companies selling prescription drug products in the US market are in the process of implementing programs to uniquely label each drug package sold using a serial number and corresponding database. This work, requiring tens of millions of dollars and years of diligent project management, is being mandated in the US by the Drug Supply Chain Security Act (DSCSA). The DSCSA is part of the Drug Quality Safety Act signed into law in 2013 and is intended to produce end-to-end product traceability throughout the entire distribution supply chain. The original intent behind the DSCSA is that by coordinating transaction records with pharmaceutical distributors and retailers, authorized supply chain workers can “theoretically” follow a drug’s chain of custody to help flag the source of fake or sub-standard drugs entering the chain. 

Does the DSCSA really supply security?

As we canvass the pharma industry from manufacturers to wholesalers/distributors to pharmacies, there is a growing debate over the ultimate effectiveness of a fully implemented drug security law. These concerns are categorized in three interrelated limitations.

1.) The package alone bears the security elements, not the drug product itself. Fake or expired drugs can be encased in a package that is compromised but, nonetheless, resembles a genuine one. “The only absolute truth is the proof of product integrity regardless of the package markings,” says Ron Guido, an expert in the practices of supply chain security known as brand protection. Guido confronted these matters while at Johnson & Johnson for many years, most recently as vice president of global brand protection and supply chain integrity. 

“We have seen many examples of serialized bar codes being re-imaged from genuine packages and applied to fake packages,” says Guido. “In some instances, ‘fake’ authenticating features such as rogue phone numbers, websites, and holograms are added to packages to fool inspectors, traders, and even patients.”

Unless the product within the package can be authenticated, there remains doubt as to whether serializing packages alone can reliably detect fake or unauthorized drug product in the normal course of distribution. 

2.) The law requires “tracing” capabilities once a suspicious trade or violation to the system surfaces. The DSCSA was designed primarily to retroactively trace the chain of custody of fake goods, permitting trading partners ample time to investigate an incident. In the time it takes for this inspection process to conclude, dangerous drugs could enter the legitimate supply chain and unsuspecting patients could be exposed to the fake drugs, with often tragic consequences. Alternately, under a truly real-time tracking system, the first indication that a falsified code is introduced into the legitimate supply chain will immediately alert the system users so that not only can the suspicious drugs be removed at that point from further trade and quarantined, but the trading agent can also be detained and investigated by the authorities. 

There is a huge difference in the level of supply chain integrity between retroactively culling the product from the supply chain after it has made its way to points of dispense or patient administration, versus identifying the bad actors at the time and place their goods are introduced into the supply network.

3.) The drug distribution system in the US lacks interoperability among trading “partners.” While it’s unreasonable to require legislators to dictate the detailed business processes that support the commerce of pharmaceuticals while also protecting patients, it is also recognized that manufacturers, distributors, and retailers in legitimate drug trade now lack end-to-end visibility over transactions throughout the supply chain. The reasons are many, ranging from the “perceived value” of harboring commercial data within one’s business domain to fear of being disintermediated from the chain if trading records were shared. 

However, such lack of “information shorting,” as Guido describes it, opens the door for all kinds of vulnerabilities, including gray market diversion, counterfeits, pilferage, poorly managed recalls, drug shortages, returned goods, fraud, and more generally, suboptimal inventory management. Anytime there are “handoffs” or blind spots in a complex system, cracks are created for the bad guys to squeeze into the legitimate supply chain and exploit these weaknesses. However, in a fully interoperable track and trace system, the integrity of scanned inventory would be easier to verify at the point of sale. For example, the serial codes of stolen cargo would be flagged as such in the interoperable database, and any attempts to reintroduce those goods into the legitimate supply chain would be denied. 

The DSCSA is creating the opportunity for real-time sharing of transactional information, and financial data associated with trade, to illuminate an otherwise dark supply chain. Yet, until all players participate in a fully interoperable pharma supply chain using unique serial numbers (that can be duplicated)  as the “new currency of trade,” the aforementioned vulnerabilities will still exist.

Overcoming DSCSA limitations: 3 Steps

First, the DSCSA should be amended to require some form of authentication on the drug itself. There are many scientific solutions to this issue of what is known as “on-dose” authentication, such as placing inert markers or markings on or in solid oral dosage form drug product, which constitute a substantial portion of the drug market. There are a number of intriguing on-dose technologies that can complement the serialization measures found on packaging, such as covert taggants that can identify drug product origin back to the source of manufacture. 

This kind of technology feature would then allow manufacturers to create a digital lock between an identification code on the package with the identification code on the dosage form. When these two codes match exactly, the information on the package is confirmed as authentic and accurate down to the pill itself.

Second, the law should add “tracking” requirements to the transaction history elements of the current “tracing” rules of engagement. In time, scans of genuine serial numbers can drive the financial and inventory records of each transaction and signal the legitimacy of the package. If the package has been compromised,

perhaps by duplicating an active serial code, that transaction would be electronically suspended until an investigation on-site is conducted. Verifications of the on-dose features in the field with immediate feedback will allow for confirming that the right drug is in the right place, at the right time-true “tracking”-rather than merely providing information for an investigation after the harm has already been done.  

Given the amount of investment the pharmaceutical industry has made to date attempting to comply with the legislation, it would be a shame to stop short of a more fully effective and true “track and trace” system. And with the ability to track and flag suspect packages on-the-spot with on-dose identification measures, the product inside could then be immediately authenticated to help inspectors react faster and mitigate the effects of the compromise.

Third, in the spirit of public-private collaboration, all trading partners should coalesce with regulators around the design of a fully interoperable system. Rules regarding fees for sharing information and disintermediation decisions can be orchestrated to break the seemingly archaic beliefs that information harboring is the source of business success. Other industries, including online retailers of consumer goods, have demonstrated the efficiency and cost-effectiveness of sharing logistics information among commercial partners.

With on-dose authentication measures, true “track and trace” capabilities, and full access to all of the data throughout the supply chain, pharma companies would be able to better ensure the security of their supply chain and close the current gaps in the DSCSA.

Any risk is bad risk

US legislators and regulators recognize the importance of safeguarding pharmaceuticals supply, particularly when global trade practices and international sourcing of goods have increased the potential of substandard and fake drugs being inserted into the domestic distribution network. Our society should adopt a “no tolerance” culture when it comes to counterfeits. Most authorities agree that the rate counterfeit drugs in the US is in the single digits, but for every 1% increase in this rate, it means over 40 million times that patients are ingesting fakes. That is one prescription for every eight or nine patients in the country every year-an intolerable risk. Certainly we can do much better.

Peter M.O. Wong is Chief Operating Officer of TruTag Technologies, Inc. He can be reached at pwong@trutags.com