Tuesday, October 11, 2011

Pharma-Security Fail?

I've just been perusing the netwebs and came across an article titled "Counterfeit drugs targeted by technology in India" by the Beeb. Turns out that counterfeit drugs are difficult to distinguish and could cost you your life. The need to correctly identify and secure the identity of medications is needed, and it's needed yesterday.

Along with a QR code solution which could have some credibility to be a sound method of identification was one that took me completely by surprise:

"Another company, PharmaSecure, has come up with a technology called UIMV - unique identification mobile verification. It is a unique code for each product which can be verified by sending texts to the number given."

I'm sorry for being so blunt but let me tell you, this idea is fundamentally flawed!

"Why?" I hear you ask. Well.

Counterfeiters could copy these codes and put them on their own products. Additionally, by providing a number that the consumer is directed to send a text to just smells off. Surely "the bad guys" could also setup their own text messaging service and in a manner similar to phishing (passing themselves off as the legit company, along with branding, wording, layout, etc to appear like the real deal) send responses like your "V1agra is legit!" I don't buy it, it's got potential to a total waste of money, time, effort, trust, and above all else, peoples lives! Trust is difficult to reestablish once you've blown it but how do you restore life where it's been snuffed out?

Pharma companies produce drugs to make cash, and they make an immense amount of it, and at the same time save countless lives. I'm not going into a discussion about how I dislike some (*cough* a lot) about the practices of most Pharma companies--the stories out there are countless--I want to present a potential solution:

The idea of the QR codes sounds decent, but I'm not certain it's 100% foolproof. There are some initial questions such as would the QR code be assigned to an individual strip of drugs or single container; would it be assigned to a box containing several strips/containers; would it be assigned to a batch; or a total brand of drug, for arguments sake lets just say Viagra? If it was for a single strip then that sounds good. But there needs to be more. Perhaps a hologram printed on top of the QR Code like you get on official team merchandise, a green card, or state ID, and if rubbed perhaps changes color. It would cost a couple of extra cents per label but it ensures the code is unique for that unit of drugs. Rather than provide a website address on the packaging, rather have a verification search on the product homepage.

As an added security feature, these labels should have an RF-ID embedded into it. When scanned with RF-ID, the code on that chip should match the QR bar code, and various steps of verification and authentication can be made, quickly and efficiently ensuring a unique thumbprint for each unit distributed. This will enable easy tracking through production, inventory, QA, distribution, etc to finally be sold at the cash register in a pharmacy. An audit trail would be kept throughout the process, so that this unit of drugs can be traced right back to the individual carton of ingredient x. At the point of sale, an audit entry would be made recording the date, time, location, and where laws permit, the prescribed individuals identity. When the code is checked by the customer for authenticity on the products website they would be presented with a valid/counterfeit notice, along with the manufacture date & time, the sale date, and a general location such as state and country.

Such a notice could look like:

"The Viagra strip you just checked is valid. It contains 9 tablets with a blue color and has marking xyz (show picture of single tablet).

This strip was reported sold: 01 January 1970, NY, US.

If you did not purchase this strip on the above date, DO NOT take this medication until you've verified the origin of this medication by phoning: 1-800-DRUGSID"

Should any medication ever be recalled, it should be a very simple matter of tracing down the final patients and notifying them of the recall. Law enforcement could also be provided with scanners to identify the source of illegitimately traded drugs once they hit the black market. And should the customer not have a means of scanning the code, they can simply present the unit to any pharmacy who can scan both bar code and RF-ID to verify it's authenticity.

The RF-ID and QR bar code combination would only be "Activated" once the unit leaves the factory. This is the final internal verification process showing that they match, and that the product is valid.

What are your thoughts and views? Be sure to comment below.