Pharmaceutical companies increasingly are turning to RFID to help stem drug counterfeiting and to comply with various ePedigree laws around the world. ePedigree refers to an electronic document that tracks a drug and its change of custody as it passes through the supply chain, from manufacturing plants to distribution centres to pharmacies and hospitals. John Delpizzo, who heads up IBM's sensors and actuators RFID division, answers the questions.
Q. Does ePedigree require the use of RFID?
A. Let us start with the concept of serialisation: Can I uniquely identify each item as it moves through the supply chain? For that you can use RFID or any other unique data character you like, including 2D barcode, which sometimes goes by Data Matrix. From a data carrier perspective, you will frequently see high-value, high-volume drugs get RFID because they can support a higher cost; for lower cost drugs you will typically see the use 2D bar codes.
A pedigree is simply a document that shows you the chain of custody.
Now it can be electronic or paper depending on the state regulator.
Florida has said it can be either. In the case of California, they require electronic identification. In the state of Florida they have a non-serialised pedigree, so they are only tracking things at the batch or lot level. That is the lowest level they are identifying to. In California, they are driving it down to the item level because they feel at the batch level you really cannot get unique enough to know whether this particular drug is valid or has not been counterfeited.
Q. How would you characterise the adoption of RFID ePedigree in the US and elsewhere?
A. RFID ePedigree is clearly much more favored in the US than it is in Europe, largely because of the scenarios they are trying to implement. In Europe, they are looking at it from a product validation perspective. They just want to know it is product they produced. In the US, they are looking at it from a pedigree standpoint.
They want to use the pedigree almost as a law enforcement tool.
If there is a counterfeiting event, they want to know where it happened in the chain.
Q. Does ePedigree guarantee against counterfeiting?
A. No. ePedigree makes it more difficult to do counterfeiting.
I would argue that batch and lot level pedigree does not help much at all; it just gives you an inventory tool. When you move down to the item level and you uniquely identify items, you have a unique identifier on the bottle. So your counterfeiter is going to have to counterfeit the unique serialisation on each bottle ... which is more difficult.
The RFID chip is also burned with the unique serial number, so when you read those two ID numbers and if you have a match you probably have the original packaging. Duplicating that chip ID is almost impossible without having a semiconductor fab in your back yard. So there is an added layer of security. But counterfeiters are smart. They are always looking at new methods to counterfeit.
We want to be able to identify when those incidents occur and limit the exposure to anybody.
Q. I understand that in 2009, California will become the first US state to enact ePedigree law for pharmaceuticals. Do other countries also have ePedigree legislation?
A. There are 39 states that have pedigree laws on the books. California is the first to do it at the item level, though. California, which is different from almost any other state legislation, is mandating the items are tagged by the manufacturer, whereas most states have started with the wholesaler. Italy, Belgium, France, Spain, The Netherlands, Germany, Greece and Portugal also have legislation and they are all different.
Q. How do these different laws hamper IBM's efforts in developing ePedigree RFID infrastructure?
A. It does not. So, a couple of thoughts worth mentioning here.
I tend to talk more about it as track-and-trace than pedigree.
Pedigree is one aspect we are trying to address. When you can track drugs that are serialised through the supply chain, you can track other problems, such as shipment verification, within the supply chain.
From the regulatory side, if you think about it, what we have is a software infrastructure that allows for the capturing of all this information. How do I talk to all the RFID readers, and motion sensors, the conveyer belts ... anything that might be involved in the packaging and distribution of product? How do I manage and collect all that information? Then how do I store and share that information with trading partners?
The pedigree is almost a different view on the data you are collecting.
My regulatory form, or my transmission for Florida is going to appear in one format, while my transmission to California may look like a different format: it is just how you organise it that is different.
From our perspective, it certainly would be easier if we had one consistent standard we are trying to meet. Fundamentally, you need to be able to uniquely identify the items, interface with all those devices, and you need to be able to store and manage a huge amount of information ... including batch numbers, expiration dates, etc, as well as the unique IDs on those items. Once you have all that, then it is a relatively simple matter of populating out all those forms for state A or state B or state C.
Q. Given that the law is a moving target, how can you assure your customers that the ePedigree technology they buy from IBM will be relevant in, say, five year's time?
A. Because we are not looking at this from a simple pedigree perspective but indeed looking at it from more a supply-chain perspective.
How do I get a business benefit out of it? That drives a slightly diff thought process ... we have built a software infrastructure that is device agnostic. So it is okay if regulations change or devices change. The same infrastructure we deploy for item level serialisation can be used for other sensor applications, including manufacturing, asset tracking or realtime location services.
Q. Do you think legislative uncertainty has hampered the adoption of ePedigree track-and-trace technology in the US and elsewhere?
A. Yes but not so much as the depth of knowledge on the technical side. While the laws have been evolving the technology has been evolving. A year ago, the debate was how are we going to tag this stuff? With high frequency tags, ultra-high frequency tags or bar codes? And how are we going to do this data collecting without slowing down the process? Now we have got that part mostly figured out; so the focus is, How do I share this information with my trading partners? What is the business benefit of doing this, how do I get RoI on my investment? At the same time, the laws have been evolving.
Q. How do enterprises get RoI out of their RFID ePedigree investment?
A. They do not out of pedigree. Pedigree is simply a way to comply with regulatory schemes. If you are going to look at RoI, you have to look at other areas.
A good example is charge-back resolutions. The pharmaceutical manufactures frequently agree to sell the same product to different audiences in different markets at different prices. They do this geographically and they do this within markets.
Let us say my manufacturer has agreed to sell my product to a nursing home for a 50% discount. The wholesaler buys it for $100 and sells to nursing home for $50. They then ask the manufacturer for a charge-back rebate. Consider that a drug, on average, changes hands up to 10 times. And drug manufactures are paying out of their annual revenue between 5% and 15% in refunds each year. If you have item serialisation you know, first of all, if you paid charge-back on that item already and you are not going to pay it again. So, you eliminate any double charging. Rather than having a small army of people doing this, it could be done electronically.