With the introduction of the Falsified Medicines Directive (FMD), the EU has become a world leader in the fight against the growing threat of falsified medicines. The FMD’s scope is more ambitious than any comparable safe medicines regulation, but nonetheless, every stakeholder in the medicines supply chain needs to ask whether its requirements are enough; and the simple answer is a resounding No!
The FMD is certainly a huge step forward in improving the safety of prescription medicines in the EU. But there are three reasons for that ‘no’: it only covers prescription medicines, it skirts the specification for a strong, recognisable authentication feature on prescription medicines, while, thirdly, focusing on a unique identifier on every prescription medicine (with some exceptions).
It is easy to explain my first reservation. Readers of PME know the large role that non-prescription medicines play in most people’s healthcare. Remember that analgesics are among the best-selling medicines – but they are also among the most targeted for counterfeiting or grey market sales.
Which neatly leads to the question of authentication, which is the act of proving that something is what it claims to be. Depending on the producer or brand owner’s strategy, the person doing this authenticating might be a patient/consumer/layperson, or that person might be a trained inspector equipped with tools to examine the authenticating feature. Ideally, there are methods of authentication for both, so that the feature (which can be added to the product or intrinsic to it) should be available for examination at different levels of expertise and knowledge. In other words, as recommended in the ISO 12931 standard giving the ‘performance requirements of authentication solutions’, a product should have both overt and covert authentication features.
That standard also states that providing tracking information for a product does not provide authentication for it. The two functions are complementary but quite different. Monitoring a product through the supply chain delivers better control of that supply chain, but it doesn’t totally block the infiltration of falsified product into the chain, nor does it stop the existence of parallel, criminal supply chains, completely outside the control of the producer or other stakeholders. Again, ideally there should be both authentication and tracking.
Analgesics are among the most targeted for counterfeiting or grey market sales
While the FMD requires the use of a ‘safety feature’ it doesn’t specify what it should be and it doesn’t require that it should be a proven (or an innovative but effective) authentication feature. This allows the proverbial coach and horses to be driven through the supply chain.
Which leads to my third reason for saying the FMD is not enough: the over-reliance on the unique identifier, or UID.
In the FMD the specification of this UID (which is also confusingly referred to as the safety feature) was delegated to the Public Health Directorate of the European Commission. In October 2015, the Directorate published its new Regulation specifying the characteristics of the UID, a code number which will be mandatory by early 2019 to enable the tracking of every medicine package in the EU.
This specification is intended to ensure that this code is unique, that it is securely stored, that information about the movement of the product bearing this UID is recorded and securely stored, and that this data store is quickly and securely accessed.
I simply don’t believe this is possible. We know from the news how successful hackers have been in breaking in to supposedly secure databases – and what about those we don’t hear about? But hackers who steal data on the tracking of medicines aren’t the real threat; the real threat is the criminals who set up their own supply chains with packaging that carries what looks like the EU UID. When this is scanned it links to the criminal’s own database or website which delivers the expected response – such as ‘yes, this medicine is safe, it’s been tracked right through the supply chain’. In other words, it’s not hackers but ‘cloners’ who are the real danger to medicines and patient safety.
By the way, this isn’t a pessimistic fantasy; it’s been done – not for medicines (yet) but for other valuable and health-impacting products. We need to take steps now to ensure that it doesn’t happen in the EU medicines supply.
This is why at the Access to Safe Medicines Europe Forum in London in January, speakers will demonstrate how the requirements of the FMD can be met, but will also examine its shortcomings and what pharma companies should consider over and above its requirements.
