model and building block for a European shield against counterfeit pharmaceuticals a system description

Transcription

1 model and building block for a European shield against counterfeit pharmaceuticals a system description

2

3 I. Introduction 4 II. Stakeholder Governance of the securpharm verification system 6 a Serialisation and labelling process is extremely complex 7 b Development, setup and running of extremely complex databases central, EU-wide model impossible 8 c Direct financing of the databases by the stakeholders 10 d Good tradition / experience with stakeholder models / self-governing models in Germany accessibility and supervision by competent authorities are a given 10 Conclusion to II 11 III. encoding of the data matrix code 12 Conclusion to III 13 IV. end to end -Verification 13 Conclusion to IV 14 V. Market and system accessibility 14 Conclusion to V 15 VI. data protection and data security 15 Conclusion to VI 16 VII. Fee model 17 Conclusion to VII 18 VIII. securpharm as blueprint for national verification systems 18 IX. Afterword 19 This system description is available in German and can be requested via info@securpharm.de

4 I. Introduction According to article 54a, section 1, of the amended anti-counterfeiting directive 2001/83/EC, prescription drugs are generally to be marked with security features that allow people to validate their authenticity and identify individual packages. The details of the properties and technical specifications of the unique identifier for the security features as well as the modalities of verification will be determined by the European Commission in delegated legal acts. According to article 2, section 2, b) of the anti-counterfeiting directive, member states will need to comply with the provisions regarding labelling and security features no later than three years after the publication of the delegated legal acts i.e. by the end of 2017, if nothing changes. The organisational, logistical and technical process of the entire drug-verification system from applying the safety features on the packaging of pharmaceuticals to checking and identifying the authenticity of the individual packages at the pharmacy is very complex. That is why in Germany the associations of market operators, namely the federal union of ABDA Federal Union of German Associations of Pharmacists (ABDA - Bundesvereinigung Deutscher Apothekerverbände), the federal association of pharmaceutical wholesalers (Bundesverband des pharmazeutischen Großhandels, PHAGRO), the federal association of pharmaceutical manufacturers (Bundesverband der Arzneimittel-Hersteller, BAH), the German pharmaceutical industry association (Bundesverband der pharmazeutischen Industrie, BPI) and the association of researching pharmaceutical companies (Verband Forschender Arzneimittelhersteller, vfa), have already agreed in mid to implement the anticounterfeiting directive and to develop and run a drug verification system using data

5 matrix codes and following the end-to-end approach. In this securpharm project, which is supported by the stakeholders, the authenticity of the drug packages marked by the pharmaceutical companies with the security features is verified online against a database of packaging details prior to being sold to the patients. Independent of this procedure, the wholesalers can initiate additional checks. Verification requests from pharmacies or wholesalers are passed on anonymously to the pharmaceutical manufacturers (MAH database) via the database of the pharmacies server, which is being developed and operated by the ABDATA pharmaceutical data service central. The MAH database has been developed and is operated by the manufacturers associations BAH, BPI and vfa as part of ACS PharmaProtect GmbH. Since January 2013, the secur- Pharm verification system is being successfully tested and constantly developed further under the real conditions of the German pharmaceutical market, i.e. without targeted deliveries of securpharm drugs to the pharmacies participating in the project. The securpharm verification system will be fully marketable by 2016 at the latest, i.e. it will be technically and organisationally sufficiently developed to verify all drugs requiring verification in Germany (depending on the configuration of the exception lists in the delegated legal acts, this will amount to 600 to 700 million packages of pharmaceuticals per year). 5

6 II. Stakeholder Governance of the securpharm verification system In Germany, the associations of market participants, i.e. the stakeholders, have agreed to implement the anti-counterfeiting directive by developing, testing and running the securpharm verification project. With regard to governance, i.e. the development, installation, management and accessibility of the data storage and retrieval system, the anti-counterfeiting directive (see article 54a paragraph 2, e) is open, meaning it does not prescribe a form of governance. Within the framework of the stakeholder workshop on 6 December 2013, the EU Commission has presented three governance options: a (national) stakeholder model, which would be surveyed by the responsible (national) authorities a central authority model at EU level a national authority model On 31 January 2014, subsequent to the workshop and as a result of the so-called impact assessment, the Commission notified the stakeholders in writing that it would establish a binding stakeholder model for the member states while taking into account the cost-effectiveness in the delegated legal acts. Quote: The repository containing the unique identifiers will be set up and managed by stakeholders. National competent authorities will be able to access and supervise the database. This means that the stakeholder verification system by securpharm complies with all terms of the anti-counterfeiting directive and the binding pan-european guidelines of the delegated legal acts. Incidentally, the following reasons speak for a verification system developed by the market operators..

7 a) Serialisation and labelling process is extremely complex Labelling packages with the security features and verifying them through the anti-counterfeiting directive is mandatory. However, the verification, and especially first of all applying the safety features on the individual drug packages, demands a considerable technical and logistical effort, which can only be made and realised by all parties involved when adhering to previously uniformly defined specifications. The pharmaceutical businesses need to generate serial numbers according to specified encoding rules provide the order data including the serial numbers for the online printing process gather the data along the packaging line specify a method of online printing undertake necessary packaging changes integrate systems and processes into the packaging procedure come to an agreement with ACS PharmaProtect over using the MAH database report the pharmaceuticals that need to be verified to the IFA set up lines of communication with the MAH database create an XML file and upload it onto the MAH database watch out for exceptions, e.g. for so-called multi-country packs or hospital packs, etc. This list of tasks alone shows how complex the serialisation and labelling process is for any pharmaceutical company. Since mid-2011, the stakeholders have jointly developed a comprehensive set of encoding rules, guidelines and specifications concerning the demands, prerequisites and procedures of the serialisation and labelling process. These have been defined and scheduled for the start of the project at the beginning of Even with support from the companies, it is difficult to nigh on impossible for the competent authorities (as a rule, the national approval agencies) to completely realise this complex process and to implement it as specified. Already for this reason alone, organising, executing, determining and supervising this colossal process should be handled by the stakeholders. 7

8 b) Development, setup and running of extremely complex databases central, EU-wide model impossible In Germany, pharmacists dispense approx. 700 million packages of prescription drugs to patients every year. And every year subject to the final list of pharmaceuticals that will require verification according to the delegated legal acts of the Commission the data of approx. 700 million packages will need to be recorded on a database for the verification process. In addition to the so-called product master data such as the name of the pharmaceutical company, drug name, dosage form etc., the packaging data which is vitally important for the verification namely the product number and serial number (securpharm also records the batch number and expiry date) need to be uploaded onto a database, saved and kept available for verification by authorised persons. Moreover, the MAH database also needs to recognise exceptions, i.e. packages that have been identified as not to be dispensed. The volume of the data that needs to be uploaded and the functionalities of this MAH database are both immense and complex. The associations of pharmaceutical producers BAH, BPI and vfa do not themselves have the necessary knowhow in the area of information technology to develop, test and run such a complex database. That is why, in August 2012, the specially founded joint subsidiary ACS PharmaProtect GmbH has commissioned a globally leading IT company to develop, test, run and host the MAH database. It is not imperative that only the market operators (can) develop, run and finance this complex database structure. However, due to the pharmaceutical companies special expertise and familiarity with the subject of processing all the data from generating, applying and uploading it down to making the verification request it is objectively necessary that the participants organise, manage, execute, and finance the whole process. These commonly defined rules and structures are market-oriented, i.e. they reflect the experiences and needs of the real pharmaceutical market. It is unlikely that a process initiated and controlled by the authorities would be quicker, cheaper and better. The process, for which the stakeholders are directly responsible, is ideally suited to implement the anti-counterfeiting directive which the securpharm project demonstrates impressively. From this, it also follows that a central EU-wide predetermined authorities model (possibly joined with the European Medicines Agency EMA) would be extremely expensive, complex and very difficult

9 to implement due to the fact that ten billion packages of pharmaceuticals are sold in Europe every year, which means a huge amount of data that needs to be processed. Moreover, up until now, the databases that are to be created by the EMA have either been implemented too late or not at all, especially in the area of pharmacovigilance this implies that experience with large, complex, central databases is not good. This is another argument for decentralised, i.e. national, database and verification systems. Experience shows that highly complex IT systems like this one need a long test and optimisation phase. The securpharm system has been up and running since January The time since then has been used to continually improve and further develop the system on the basis of the concrete experiences gained when operating it. This continuous improvement is ongoing and will remain necessary for quite some time. Within this framework, software faults have been and are being eliminated. Predominantly, however, the software is being adjusted to suit the requirements, which can only be figured out when using the programme for real. Experience has thus far shown that the greatest challenges do not arise on a technical level within the database systems: the greatest challenge is to adjust the operational procedures at the manufacturers, wholesalers and pharmacies. Making the necessary changes requires a considerable amount of time. Every new participant irrespective of whether he is on the manufacturers, wholesalers or pharmacists level runs through his own individual learning curve regarding the technical requirements and the internal processes that need to be adjusted. These long lead times, which take well over two years according to the experience gained in the context of the securpharm project, also speak for a stakeholder model analogue to the securpharm project. If the anti-counterfeiting directive comes into full effect in 2017, the verification systems would have to go online in 2014 due to the necessary lead times. To our knowledge, there are currently no projects in existence throughout Europe that are this advanced. 9

10 c) Direct financing of the databases by the stakeholders The database developed and operated by the stakeholders is financed exclusively by the stakeholders, even though the directive 2001/83/EC, article 54a, paragraph 2, e) states that the cost of the data storage and retrieval system needs to be borne by the holders of the manufacturing authorisation (i.e. by the pharmaceutical companies). This means that a competent authority may pre-finance the database system and refinance it by charging the pharmaceutical companies fees. Aside from budgetary problems, the competent authority needs to pass on the costs to the companies via a still to be developed cost and fee structure. This apportionment would be an unnecessary detour and consequently more complicated than the entire, fully functioning verification system financed, developed and tested by securpharm. d) Good tradition / experience with stakeholder models / self-governing models in Germany accessibility and supervision by competent authorities are a given In Germany, self-governing models and stakeholder models have been highly successful, not only in the health sector. The statutory health insurance system is being self-governed by the federal joint committee (Gemeinsamer Bundesausschuss). In the pharmaceutical market, the entire inventory management, logistics and billing of pharmaceuticals with the statutory health insurance companies has for decades been carried out on the basis of economic and legal information provided by the information centre for special medical products (Informationsstelle für Arzneispezialitäten IFA GmbH), which is supported by the pharmacists, pharmaceutical wholesalers and the pharmaceutical industry. In the past, the IFA has played a major role in implementing all legislation amendments, which makes this a stakeholder model. It is also expressly recognised as a central information service. Respective agreements with the central federal association of health insurers (Spitzenverband Bund der Krankenkassen) are in existence. Based on these positive experiences, the stakeholders have made an early decision in mid-2011 to take responsibility and to fund the securpharm project in order to develop, test and operate a system against counterfeit medicines, thereby contributing to the timely implementation of the anti-counterfeiting directive. Apparently, there are currently no other national stakeholder models in the European Union, and certainly no authority models for the implementation of the anti-counterfeiting directive, even though the directive has already been adopted in mid-2011 and the preparation and adequate testing of verification systems requires a considerable amount of time as can be seen in the case of secur- Pharm. Right from the start, securpharm and the individual stakeholders have always informed the German government and the European Commission on the development status of the project, exchanged opinions and experiences and taken into particular account the suggestions and ideas from the German federal ministry of health (Bundesministerium für Gesundheit). securpharm has always maintained that representatives of the federal ministry of health or downstream authorities should be represented on the board or management

11 bodies of securpharm. Such a participation gives the authorities access and gives them the opportunity to monitor the data storage and retrieval systems, as required by the directive. This participation now merely needs to be institutionalised. Moreover, both the legal obligation to label all packages correctly with the appropriate security features and the pharmacists duty to verify, as stated in 64 et seqq. AMG, are subject to supervision by the competent federal authorities. This supervision is in accordance with the guidelines and allows the authorities access to the data storage and retrieval system at any given time. Conclusion on II: The securpharm verification system allows the competent authorities to survey and access all data at any given time, i.e. this system is totally in line with the guidelines. 11

12 III. Cost-benefit-adequate data delivery and encoding of the security features in the data matrix code According to article 54a, paragraph 2, a), the Commission needs to determine in the delegated legal acts what the characteristics and technical specifications of the unique identifier are, because this allows the authenticity of medicinal products to be verified and individual packages to be identified. The costbenefit-ratio is to be taken into account here. At the stakeholder workshop on 6 December 2013, the EU Commission presented two options: a part-harmonisation and delivery / encoding of the data to fight counterfeit pharmaceuticals a complete harmonisation and delivery / encoding of additional data, also for other use. In the notification dated 31 January 2014, the Commission decided on the second option, i.e. the complete harmonisation. The Commission also decided that the symbology of the data matrix code is essential: The unique identifier will be placed in a 2D barcode. securpharm has also implemented the second option in its verification system. This means that securpharm encodes more data than absolutely necessary to combat counterfeit pharmaceuticals. In addition to the product master data that characterise the product type (cf. II b), the pharmaceutical company transmits the package specific packaging data, which is absolutely necessary for the verification, namely the randomised serial number the product number (in form of a PPN or NTIN that may contain a national billing number, see V. below) and the batch number and the expiry date.

13 IV. end to end -Verification These key data are encoded following the symbology of the data matrix code as per ISO/IEC These unique data elements are machine readable the world over, and each pharmaceutical package delivered can be verified at the pharmacy. Furthermore, the additional information regarding the batch number and the expiry date enables a quick and uncomplicated recall of the respective pharmaceutical product, should this be necessary. This information also enables an optimised stock holding and goods management within the pharmaceutical products trade. Conclusion on III: The securpharm verification system complies with the guidelines set out by the anti-counterfeiting directive and the delegated legal acts: securpharm encodes on the basis of the co-called complete harmonisation of data within the data matrix code. According to article 54a paragraph 2, d), the Commission is to determine the modalities for the verification of the security features in the delegated acts, which then need to be checked by the manufacturers, wholesalers, pharmacists and persons authorised to supply medicinal products to the public. When defining these modalities, the particular characteristics of the supply chains in the member states are to be considered as well as the need to ensure that the impact of the control measures remains proportionate to the position of the actors within the supply chains. In the workshop on 6 December 2013, the Commission presented two options: firstly, the systematic end-to-end verification, and secondly, the systematic verification at the delivery point and a risk-based verification by the wholesalers. In the notification dated 31 January 2014, the Commission opted for the end-to-end verification: Medicine authenticity will be guaranteed by an end-to-end verification system supplemented by risk-based verifications by wholesale distributors. securpharm has opted for the systematic endto-end verification. Here, the packages of the pharmaceutical products that are subject to verification are labelled with machine-readable security features in the packaging and manufacturing plant; the packages receive a randomised serial number which makes each one individually identifiable. The packaging data listed in III. are transmitted to the MAH database by the pharmaceutical company before the products are introduced to the market. There, the data is stored and used for verification by competent persons and authorities. The pharmacy software then points out to the pharmacist that he / she has the 13

14 V. duty to verify the product. To verify a package, the pharmacist needs to scan the data matrix code, which is marked with a PPN emblem, before handing out the product to the patient. Within milliseconds (current average response time with the securpharm system is 103 ms) the serial number and the product number are verified against the MAH database. If the status of the package is correct, the product may be handed out and will be registered as dispensed in the system. Exceptions, i.e. packages that cannot be verified, will be identified, withdrawn, evaluated by securpharm, and then all necessary measures will be initiated. This end-to-end approach fully complies with the demands of the directive as stated in article 54a, especially paragraph 2, d), according to which the authenticity of each delivered package of pharmaceutical product that requires authentication needs to be verified. The endto-end approach ensures that prescription drugs and pharmaceutical products that need to be verified can only be handed out in pharmacies if the package has previously been identified as authentic. In addition and within the framework of the risk-based approach, the wholesalers can initiate a check via the central pharmacies server if e.g. packages have been returned from pharmacies or have not been delivered directly from the producer. An additional verification by the patient is not necessary. Conclusion on IV: The securpharm verification system complies with the directive as set out by the Commission: the authenticity is checked using the end-to-end and risk-based approach. Market and system accessibility: PPN or NTIN as globally distinct product numbers verification system securpharm is in line with the directive and serves as blueprint for other EU member states In addition to the randomised serial number, a worldwide unique product number forms a central element of the verification, as a verification of individual medicine packages is impossible without a distinct product number. In Germany, the key element of this worldwide unique product number is the long-since used central pharmaceutical number (Pharmazentralnummer, PZN). As stated in 300 paragraph 3 article 1 no. 1 SGB V, this nationally standardised number for proprietary medicinal products entails the trade name, manufacturer, dosage form, strength of active ingredients and package size. From this eight-digit PZN, either the Pharmacy-Product-Number (PPN) or the National Trade Item Number (NTIN) is generated. The PPN is composed of the eightdigit PZN, a prefix for the Product Registration Agency Code (this PRA code ultimately indicates the country of origin) and two check digits. This ensures that the PPN is distinctive around the world. The NTIN is created likewise from the PZN, a country prefix and a check digit. To determine the PPN and the NTIN, securpharm has compiled extensive encoding rules that also allow for the numbers to be embedded in a data matrix code. While taking into account the respective licence terms, the pharmaceutical companies can decide between the two product num-

15 VI. bers and even switch between them, as the systems support both numbers and work conflict-free. Existing databases and software systems can algorithmically create a PZN from the PPN or NTIN or vice versa a PPN or NTIN from the PZN. Consequently, the already existing databases and applications can continue to work unchanged with the PZN. The interoperability with other numerical systems, e.g. GTIN (GS1 as issuing agency) or HIBC (EHIB- CC as issuing agency), is guaranteed due to the joint basis formed by the international ISO standards. The data content for batch number, expiry date and serial number is identical in both versions. Using the PPN or NTIN, the encoding rules developed by securpharm and used in the securpharm verification system generate globally unique product numbers and thereby ensure an open market while taking national demands into consideration. Due to the fact that the product numbers used by securpharm are globally unique, the overall system by securpharm could be a model on which to base other verification systems in other EU member states. Conclusion on V: securpharm is a verification system that complies with the anti-counterfeiting directive and therefore has the potential to be a blueprint for other EU member states. Technically and organisationally separate data storage and retrieval systems ensure the best possible data protection and data security As stated in article 54a paragraph 3 of the directive 2001/83/EC: when determining the delegated legal acts and deciding on how to implement, manage and make the data storage and retrieval system accessible, the Commission needs to consider the protection of personal data as determined by EU law, Ê Ê the legitimate interest to protect confidential information that is of a business nature, the property and confidentiality of the data produced by using the security features and the cost-effectiveness of the measures. Recital 11 of the anti-counterfeiting directive adds that the individual identifying feature and the corresponding data storage and retrieval system needs to have clearly defined and effective safety barriers to protect personal data and sensitive business information. securpharm is based on a concept of separate data systems. The pharmaceutical businesses upload their package-specific data onto the MAH database, which is run and financed by ACS PharmaProtect GmbH. Verification requests by pharmacists (and by wholesalers) are bundled and anonymised via the central 15

16 pharmacies server and passed on to the MAH database (for details about the verification process, see IV.). The concept, financing and implementation of the central pharmacies system has been undertaken by the data service ABDATA, a division of the advertising and sales company Werbe- und Vertriebsgesellschaft Deutscher Apotheker mbh. The securpharm system is a distributed system with separate data systems for pharmacists and pharmaceutical companies and is based on the principle that the (transaction) data for pharmaceutical products remain the property of the respective system operator. The system operators set up, maintain and finance their own data systems and retain all rights and duties over the data produced as a result of the security features. Due to the separate data storage and retrieval systems within the securpharm project, it is impossible for pharmaceutical companies to know, from which pharmacy a verification request comes. That is also why pharmaceutical companies cannot acquire information on purchase and sales numbers for individual pharmacies. Vice versa, the pharmacies cannot examine the data of the pharmaceutical companies. Third parties have no access at all to the data systems. Technical measures ensure the data separation and anonymity are upheld. Within the MAH database, the product data of the pharmaceutical companies remains the property of the respective business. ACS Pharma- Protect GmbH holds the data of the respective pharmaceutical company in trust. It provides a protected data space for every pharmaceutical company so that each pharmaceutical company also only has access to its own data. In this model, securpharm merely takes on the role of a supervisor. securpharm determines the rules of play for the entire system and reacts to any abnormalities that suggest a counterfeit product. These abnormalities or exceptions can have a technical cause, e.g. when the server is unavailable or the data matrix code is illegible. But also external attacks on the system or indeed counterfeit pharmaceutical products may be the cause. securpharm will identify these exceptions and conflicts and initiate the necessary measures to resolve the issue. Within the securpharm system, data protection and data security take the highest priority within the technical and organisational realisation of the verification process and are guaranteed by the database operators on all levels. All data is protected against attacks from frauds and hackers with the latest state-of-the-art security system. Conclusion on VI: With its distributed system with separate data storage and retrieval systems for pharmaceutical companies and pharmacies, the securpharm system provides the best possible data protection for personal data and sensitive business information.

17 VII. Fee model is cost-benefit-adequate and takes the properties of certain pharmaceutical products, especially of generics, into account According to the guiding principle as described in several clauses of the anti-counterfeiting directive, all rules, measures, options and stipulations of the delegated legal acts need to be checked for usefulness, costs and costeffectiveness by the Commission. All stipulations of the delegated legal acts need to have a reasonable cost-benefit ratio. The measures need to be cost-effective. As to the application area of the security features, recital 11 states that the properties of certain pharmaceutical products or categories of pharmaceutical products, e.g. generics, need to be taken into account adequately. In most member states of the European Union, generics make up a huge proportion of the overall number of pharmaceutical products sold. Take, for example, Germany: in 2012, a total of approx. 700 million packages of prescription drugs were sold. Roughly ¾ of these were generics, i.e. well over 500 million packages. Subject to the final determination of the scope of the Commission in the delegated legal acts, it is to be expected that the vast majority of the drug packages that need to be verified will be generics. Therefore, the manufacturers of generics will be most affected by the application and verification of the security features, also financially. In January 2014, bearing these facts in mind, ACS PharmaProtect introduced a fee model for the use of the ACS database and the securpharm verification system that takes the properties of the (German) pharmaceuticals market and especially the generics into account. The fee model of the ACS manufacturers database is based on three fee components, namely a one-off fee for installing the user on the database (initial set-up fee) a fixed monthly operating rate for providing the system and a basic support service (running fee) a fee per dataset (package) that is provided via the database system (dataset fee). The running fee and the dataset fee are scaled diminishingly, i.e. the greater the number of users and packages, the smaller the cost for the user. Pharmaceutical companies with small numbers of packages pay a higher price than businesses with greater numbers of packages, e.g. generics manufacturers. Based on this fee model and the practical experience gained thus far, ACS PharmaProtect GmbH estimates that the running costs of the ACS database would currently amount to under one cent per package, assuming approx. 600 million packages are sold per year (assumption is based on 700 million packages while taking potential exception lists, blacklist / whitelist into account). This is an average price: due to the diminishingly scaled running and dataset fees, the companies with a higher output of packages pay a correspondingly lower price per package. 17

18 VIII. According to calculations made by ACS, the fee model for operating the ACS database in Germany would cost the approx. 500 pharmaceutical companies a total of under five million Euros per year. These figures do not include the costs for the pharmacies system, the conflict resolving securpharm system, a possible EU Hub or the internal costs for the pharmaceutical businesses related to the serialisation and labelling of the packages. The current fee model is not fixed for all time. It will be necessary to adapt the fee model to the development of the project and to the experiences gained. Conclusion on VII: The ACS fee model is cost-benefit-adequate and, by introducing diminishingly scaled dataset fees, it takes into account the special circumstances of pharmaceutical companies that produce large numbers of packages (generics manufacturers). The average cost lies at well below one cent per package. While the costs for the pharmacies system and the conflict resolution system cannot be estimated accurately yet, it should be noted that the verification cost per package with the securpharm system lies well below the estimates and forecasts made by other organisations that predicted a cost per package of more than five cents. securpharm as blueprint for national verification systems can be integrated into a European shield against counterfeit pharmaceuticals The worldwide uniqueness of the product numbers used within the securpharm system (in form of a PPN or NTIN) and the globally usable encoding, verification and organisation regulations developed by securpharm make this system stand out. That is why securpharm represents a model for verification systems that could also be applied in other EU member states that want to / will have to implement the anti-counterfeiting directive. The country prefixes, contained in the PPN / NTIN product number, matches each package of pharmaceuticals that is up for verification to a particular PRA code / a certain country. Even pharmaceuticals used across national borders, so-called multi-country packs, and imported pharmaceuticals could be identified and verified Europe-wide via a central EU routing system. This not only makes securpharm a blueprint for verification systems in other EU member states, but also when using a central routing system a building block of a European shield against counterfeit pharmaceutical products.

19 IX. Afterword The experience gained from the securpharm project shows that such a complex system should only be set up, when various prerequisites regarding the (national) infrastructure are in place. The description above shows that only stakeholders have the necessary knowhow to set up such a system. Consequently, these stakeholders need to be sufficiently organised to be able to conduct the necessary business dealings. In addition, the stakeholders need to involve all trade levels (manufacturers, wholesalers and pharmacies) and be willing to cooperate. Lastly, the end-to-end verification i.e. using joint databases logically assumes that there is such a thing as a national item number for pharmaceutical products and that this number is used by all trade levels to identify said products. There is no other way of addressing the verification database by all trade levels. Ideally, this (necessarily unique*) number should also be the number that is used by the insurer/s to refund costs. Otherwise, the code would have to consist of 5 elements (item number and refund number, serial number, batch number, expiry date), which would mean redundant information, higher administrative costs and a greater number of errors. *This demand for a unique refund number results from drug safety aspects that come up in connection with dispensing pharmaceuticals to patients and from wanting to invoice the cost-bearer correctly. Item numbers from manufacturers generally do not meet this demand, as the numbers are not allocated according to universal guidelines and are not counterchecked. 19

20 securpharm e.v. Hamburger Allee Frankfurt am Main Registernummer VR Vereinsregister des Amtsgerichts Frankfurt am Main Tel. 069 / info@securpharm.de