Barcode Quality and Drug Safety
So far so good with the Drug Quality and Security Act (DQSA) and the supply chain safety initiatives it includes. Now begins the formidable task of actually making it effective—and there is much to do. There is a lot of ground-level detail to be added in order to make the DQSA do what it is intended to do: Make it quicker and easier to recall problematic drugs from the legitimate supply chain and more effectively protect the legitimate supply chain from counterfeit, adulterated and fraudulently obtained or mishandled drugs. But what about barcode quality?
Thanks to recent criminal activity in the pharmaceutical supply chain, we are now aware that it is not enough to secure the movement of ready-to-prescribe drugs. The ingredients used to manufacture legitimate drugs also need to be protected from fraudulent tampering or substitution. This has created a need for a new and different level of upstream security on the inbound supply side of pharmaceutical manufacturing. What good does it do to secure outbound shipments of pharmaceuticals if they are formulated from uncertain ingredients? And what methodology is available to effectively secure not only the outbound finished product but the upstream manufacturing process? Is the existing FDA Standardized Numerical Identification system capable of doing this? Or would a Good Manufacturing Process guideline for pharmaceuticals be a better solution?
There are at least two schools of thought on how to do this tracking validation of manufacturing components. One proposed method is to secure the ingredients-side supply chain with a documented transaction history (called a pedigree), and further securing the pedigree with a digital signature, which electronically authenticates the identity of the document by including an encrypted key that is available only from a central authority. In this model the movement of inbound ingredients for manufacturing, or finished products for distribution is validated by the presence of the pedigree, but the movement of ingredients and products is tracked with barcodes.
Another method is to use the barcode itself as the product validation tool. This would be done by serializing the barcode data sequence in a protected way, through use of secured algorithms; by randomizing the serialization sequence; by releasing only a packet of legitimate numbers, or by any number of other closely guarded numbering schemes. The key to the success using printed barcodes is that a single source both issues and validates the secure barcode. This prevents both having multiple lists of valid bar code IDs in the field, and reissuance of valid barcodes on duplicate or counterfeit product because once used throughout the supply chain, the number is declared no longer valid, and a counterfeit product using that secure number will be caught the next time it is presented to the central registration and validation authority
Both of these methodologies rely on barcodes, which are capable of accommodating additional security requirements described here. But conventional barcodes simply do not have sufficient data capacity to do this, and they are too sensitive to printing problems and damage to do it well. And there is also the issue of limited pharmaceutical package space, which mitigate against long linear barcodes.
The DQSA must abandon all thought of using linear barcodes in favor of adopting the proven Data Matrix 2D symbology, which is highly resilient both to poor printing and to physical damage. Data Matrix is highly space efficient, encoding vastly greater amounts of data than any linear barcode in a much smaller footprint. More information capacity means more capacity for security related encrypted information. Data Matrix’s error-correcting capabilities enable recovery of data from many damaged symbols, improving both reader and system reliability. It is a proven technology: Data Matrix is already being for pharmaceutical tracking in over 95 nations.
But here is the most important point: none of this means a thing if the symbol (or the barcode) doesn’t read. The whole security system fails and the supply chain breaks if the machine-readable information cannot be acquired by the scanner. The DQSA must include a requirement that all encoded information, whether a barcode or a 2D symbol, must be verified by an ISO-compliant device. While 100% verification is the ideal, at least a sampling process needed to be employed… and whichever process is used, it needs to be institutionalized into the manufacturing and packaging GMP processes to ensure compliance.
The author expresses his gratitude to Clive Hohberger, an AIDC industry pioneer, former AIM Chairman of the Board and recipient of the ICCBBA One World Award 2011-2012, for his generous assistance.