Resisting Fragmentation In The Global Serialization Regulatory Landscape

By Anne Marie Polak, Eric Marshall, and Alissa McCaffrey, Leavitt Partners

In 2013, the United States enacted pharmaceutical serialization and traceability requirements under the Drug Supply Chain Security Act (DSCSA). In the years preceding and following passage of the DSCSA, many other countries considered similar regulation for their own markets. Argentina, China, India, South Korea, and Turkey currently require the serialization of pharmaceutical products and the reporting of some type of serialization data. Approximately 40 additional countries — including the U.S., the European Union, Brazil, Russia, and multiple Persian Gulf states — have enacted requirements with future implementation dates or are actively working on requirements.

The Threat Of Non-Harmonized Serialization Requirements

As serialization efforts in these countries have progressed, a key theme has emerged: Implementation of a globally unique, national system for serialization and traceability inhibits pharmaceutical trade. Trade is inhibited because non-harmonized requirements extend the time needed for participants to comply with country-specific requirements and create confusion when regulations in one market overlap and conflict with regulations in another market.

Non-harmonized requirements can take many forms. Such requirements in operation or under consideration in certain countries include:

• Uploading a photo of the product or lot to a serialization database. Posting a photo of each product, or even each lot, is operationally difficult and provides no additional security value over the data elements included in the two-dimensional (2D) barcode (already required to be scanned and uploaded to the database).
• Patient-level authentication. Patient authentication, rather than authentication by the end user (i.e., pharmacist), poses a security concern. In particular, patient-level authentication complicates the process of data access management and raises important questions about how to handle product that is deemed “invalid” by a consumer.
• Serialization of the primary package (, individual blister). The majority of markets implementing or considering serialization focus on affixing an identifier to the secondary (the smallest unit intended by the manufacturer to be sold to the dispenser/pharmacy) and tertiary (the shipper, carton, case, pallet, or tote) packages. Serialization at the primary level (in directly in contact with the product) is operationally difficult expensive, and, in markets where pharmacists dispense drugs, provides no additional security benefit.
• Reporting of serialization data at change of possession rather than change of ownership (, intracompany transfers). The scanning and reporting of serialization data is an integral part of supply chain security and should occur when ownership, and possession, of a product is transferred from one entity to the other. For intracompany transfers, including transfer from a manufacturing facility to a distribution facility, or the use of a third party logistics (3PL) provider, one entity maintains ownership of the product and is therefore responsible for its security. Introducing additional reporting requirements for entities that do not own the product is both an unnecessary complication and a security risk.
• Enforcing serialization and/or traceability requirements in one country for product that will be sold in another country with its own requirements. Regulation of exported products often leads to a duplication of requirements, which can introduce unnecessary confusion to the supply chain. For example, conflicting serialization requirements can lead to products carrying both an international and domestic barcode. This raises questions about which barcode is “legitimate,” which data is to be reported, and how to protect against the sale of that product, or the use of that barcode, in other markets.
• Addition of serialization requirements over and above the 2D barcode specifications under global data standards (, pack size). Global data standards have a prescribed set of data elements that are widely used around the world and enable products to be shipped and sold to various markets without the need to reprint barcodes and relabel products. Any additional data elements complicate pharmaceutical trade. Further, the use of shared packs (i.e., the same exact package for multiple markets) is not feasible if/when the countries that use shared packs have inconsistent requirements.
• Government-issued serial numbers. Government-issued serial numbers place an unnecessary burden on manufacturers shipping to multiple countries, forcing them to download, manage, store, and secure serial numbers for each individual country. Absent country-level serial number requirements, the systems used by manufacturers can automatically general randomized serial numbers for use in whichever market that product is shipped to — a much more efficient process.

Global Serialization And Traceability Regulatory Principles

Importantly, while some countries have successfully passed and are implementing their serialization and traceability laws, many of the unique requirements noted above have stalled efforts in other countries. Whether as a result of legal challenges, ambitious timelines for compliance, operational difficulty, or overly broad objectives, some countries now have an opportunity to revisit their serialization and traceability frameworks. 

The implementation of serialization in multiple countries has highlighted several global serialization and traceability principles that, if followed by regulators, will promote the effective and efficient implementation of traceability, help to secure the supply chain, and protect patients from the harmful effects of falsified and counterfeit pharmaceuticals. Such principles include:

1. Any country mandating serialization or traceability should clearly identify the goals and purposes of the mandate.
2. Mandatory requirements should be limited to those requirements necessary to secure patient safety, and should provide flexibility that allows for the addition of voluntary complementary functionalities.
3. The value of serialization is the ability to verify the authenticity of packages introduced into commerce. Serialization and reporting should be tied to the smallest unit intended to be sold to a dispenser.
4. Mandatory requirements should be risk-based and phased in over time to allow supply chain participants sufficient time to transition to new operational practices. (See also the recommendations for phased implementation of serialization requirements from RxGPS, an alliance of multinational pharmaceutical supply chain stakeholders advancing global alignment of drug serialization and tracing requirements.)
5. Data ownership rights should be respected and protected across all sectors reporting or sharing data.
6. The manufacturer and other parties responsible for the product need timely information about authentication attempts to best detect supply chain security concerns.
7. To facilitate harmonization across markets, economies considering serialization should adopt global approaches because they promote efficiency, reliability, and effectiveness.
8. Markets considering new requirements should leverage successful practices and systems from other markets.
9. The implementation and operation of a system for leveraging serialization must be a cross-sector, integrated, and shared effort.
10. No individual sector should bear an inequitable share of responsibility for the requirements of the system.

These principles can be used to guide decision-making for regulators seeking to enhance patient safety, secure the supply chain, and ensure drug availability.

Industry’s Role In Shaping Serialization Regulations

From industry’s perspective, understanding and implementing serialization requirements at the company level is vital — and increasingly pressing is the need to effectively convey the time, investment, planning, and testing required for compliance with serialization mandates. Sharing this “behind the scenes” preparation and planning, and the coordination and testing with trading partners that is necessary, can shape a regulator’s understanding of the serialization process across supply chain participants. Both for companies with knowledge to share, and for companies with much to learn, here are some practical suggestions for advancing your serialization and traceability program:

• Attend regulator workshops and review the comments submitted via the docket that often follows.
• Comment on proposed regulations and review the comments of others.
• Engage actively in trade associations knowledgeable in the space (e.g., Organization of Pharmaceutical Producers of India (OPPI), Association of International Pharmaceutical Manufacturers (Russia) (AIPM), and European Federation of Pharmaceutical Industries and Associations (EFPIA)).
• Consider participation in industry pilots (e.g., the Healthcare Distribution Alliance (HDA) saleable returns pilot and APEC Business Advisory Council (ABAC) serialization pilot project).
• Find credible forums for active discussion of best practices and sharing of information related to the requirements of various markets (e.g., RxGPS and Rx360).

Serialization is a relatively new feature of supply chain security. As such, collaboration between industry and regulators on principles, such as those articulated above, can drastically impact the direction of serialization laws, regulations, or guidance and the timeframes for compliance. As global companies undertake serialization and traceability across multiple markets, sharing the insight and efficiency gained from trial and error can help soften the learning curve.

About The Authors

Eric Marshall is a senior director at Leavitt Partners. He advises complex healthcare coalitions on health policy and provides consulting services to drug and device companies. Eric is an industry specialist in the areas of domestic and international supply chain security; drug, device, and diagnostics regulation; and healthcare compliance. Prior to joining Leavitt Partners, he was an associate with the law firm Faegre Baker Daniels, counseling healthcare and life science clients on regulatory, compliance, and transactional matters. Eric graduated Order of the Coif from the University of Minnesota Law School and has a bachelor’s degree in economics and finance from the University of Northern Iowa.

Alissa McCaffrey is an associate at Leavitt Partners, where she provides primary and secondary policy research and analysis to individual clients and healthcare coalitions. Alissa’s work is focused on issues related to healthcare reform, the transition to value-based payments, and supply chain security. Prior to joining Leavitt Partners, she was a summer associate at Jeffrey J. Kimbell & Associates, where she provided strategic health policy analysis and regulatory support to life science industry clients. Alissa received her bachelor’s degree in biology and history from St. Lawrence University and her master of public health, with a concentration in health policy, from Yale School of Public Health.

Anne Marie Polak is a senior director at Leavitt Partners. In her role, she provides policy counsel and analysis to clients with matters involving regulations, legislation, and business implications. Anne Marie’s experience includes developing strategic messages and policy positions for Capitol Hill, administration, trade associations, and corporate audiences. Prior to joining Leavitt Partners, she was a VP for Faegre BD Consulting in the firm’s health and biosciences group. Anne Marie received her law degree from the George Mason University School of Law and a bachelor’s degree in government from the University of Virginia.