The ideal model would minimize the amount of data moved yet always allow each member of the supply chain to check the prior history—the pedigree—of the drugs they are about to buy.
At a superficial level, this appears to be all you need to do, but when you take a closer look at the details of how the supply chain actually works in the U.S., you will see that there are other characteristics besides data volume per package that need to be considered.
Four views of the U.S. supply chain
In the debates and discussions over pedigree regulatory models, we are used to seeing a view of the supply chain that shows one manufacturer, one distributor, and one pharmacy. That view masks so much important complexity that if we were to select a regulatory model or solution based on that view, it would be far from ideal.
The most striking thing about this view is that it shows how few distributors there are compared with the number of manufacturers and especially compared with the number of pharmacy delivery points.
Now let’s take a magnified look at the immediate view of the supply chain from the perspective of an average drug manufacturer.
Manufacturers typically want to maximize the availability of their products to all licensed pharmacies in the U.S., so they work to set up and maintain connections with as many licensed distributors as they can handle. The largest manufacturers deal with most or all of the roughly 70 distributors in the U.S. Of course, there is bound to be some selectivity by smaller manufacturers, but probably not as much as you might find with many non-commodity consumer products.
Now let’s take a magnified look at the immediate view of the supply chain from the perspective of an average pharmacy.
The great majority of drugs dispensed in U.S. pharmacies are initially sold by the manufacturer to a distributor, which then sells them to the dispensing pharmacy. Pharmacies typically only buy their drug supplies from a small number of the distributors. In fact, most have a single primary distributor and a small number of secondary sources, which they usually order from only when their primary supplier is out-of-stock of a given drug that they need.
This is true even of chain pharmacies, although chains maintain their own internal distribution networks. (The largest chains are big enough to buy the highest-volume drugs directly from the manufacturers.) This is an important exception when considering pedigree models, although even chain pharmacies buy a large number of lower-volume drugs from distributors.
Now let’s take a magnified look at the immediate view of the supply chain from the perspective of an average distributor.
Distributors are at the center of the typical drug supply chain for most drugs in the U.S. To offer a complete catalog, the typical pharma distributor buys their stock from many of the 1,400 manufacturers. The larger the distributor, the more likely they are to buy from most if not all of these manufacturers.
The typical distributor sells to a large number of pharmacies, whether as a primary source or as a secondary source. The number of pharmacies that a given distributor sells and delivers to is one of the primary components in the determination of how “large” they are. The three largest distributors each sell and deliver to tens of thousands of pharmacies.
Pedigree implications of the four views
These four views of the supply chain expose an implication about the various pedigree models that wouldn’t be obvious if you only looked at the simple three-trading-partner view of the supply chain. Because some data would need to move somewhere in all pedigree models, these views can help us evaluate those movements.
In the examples, we refer to “connections” between trading partners. These refer to direct business relationships, but they can also refer to data connections in any model that requires data to be passed directly from seller to buyer. For example, the basic model defined by the GS1 Drug Pedigree Messaging Standard (DPMS) would need to pass data along these connections.
Distributed pedigree models, like those that make use of GS1’s Electronic Product Code Information Services (EPCIS) standard, would also need to pass data along these connections. But in these models, each downstream trading partner would also need to communicate directly with every prior owner of the drugs they buy.
For example, each pharmacy would need to have a data connection to each of the manufacturers that made the drugs that they received, even those they bought from one of the distributors. You can see that the number of connections that a given pharmacy would need to deal with would become much greater than just the small handful they would need to deal with in a DPMS model.
On the other hand, Centralized and Semi-Centralized models would not need to pass data along these connections because in these models, each trading partner communicates directly with a relatively small set of pedigree data repositories.
One common thread between all current pedigree model solutions under consideration in the U.S. right now is their use of Applicability Statement 2, or just AS2, for the secure transmission of data between entities. AS2 is already in use within the U.S. pharma supply chain for the exchange of EDI (Electronic Data Interchange) documents, but not all companies make use of EDI, and not all companies have AS2 capability. Few pharmacies do.
As used today in the supply chain, each AS2 connection has a setup cost, which entails, among other things, exchanging encryption keys between the parties. For every pharmacy to do this with every pharma manufacturer, as would apparently be needed in a distributed pedigree approach, is almost inconceivable. Once set up, keeping up with the changes stemming from mergers and acquisitions activity alone would be a reoccurring nightmare for any company, including the largest distributors and chain pharmacies.
But now look at it from the perspective of a pharma manufacturer that, in a distributed pedigree environment, would have to deal with an AS2 connection to every single pharmacy that buys their drugs–up to 166,000 of them–and you can see how unreasonable and impractical this is.
Minimizing the complexity of connections
A single AS2 connection is not overly complex as long as you understand the technology and make an investment in the right software to handle it for you. Once you have the software, a few dozen connections are reasonable to deal with if you have an IT person who can handle their setup and maintenance. Setting up and maintaining a thousand AS2 connections would be a major complexity. Clearly, any viable U.S. pedigree model must keep the number of AS2 connections that any given company must deal with to a minimum.
While the traditional approach with AS2 is to exchange digital certificates, other techniques do exist to simplify establishing encryption and security for exchanging trading information and certifying the exchange. These include techniques used for consumer online banking, health information, and business virtual private networks (VPN). AS2 actually provides for encrypted communications while avoiding the necessity of obtaining certificates for each connection, in the same way your bank does not have to establish individual certificates with you or other customers when you connect securely to their website using your web browser. These alternate techniques may need to be explored so that the industry can realistically scale to the level that a truly interoperable e-pedigree framework will require.
DPMS does a better job of minimizing the number of AS2 connections than a distributed pedigree model based on EPCIS. The Centralized model would limit the number to just one per company, regardless of supply chain segment, and the Semi-Centralized model could also limit the number to just one per company, if a connection service provider is used.
For a possible alternative approach and reader comments, see the full essay on RxTrace.
Liked this article? Download the entire playbook here.