RFID Poised for Explosion into Pharmaceutical Industry

July 10, 2006
Tags could stop the spread of counterfeit drugs into supply chains, but waiting on final standards

You don't have to veer too far into major industry sectors these days without bumping into the quickening pace of adoption of RFID tagging.

Wal-Mart, for instance, is driving RFID adoption in its supply chain by mandating that trading partners adopt pallet-level RFID use.

The Department of Homeland Security expects RFID chips to be on our passports in the not-too-distant future. And federal and state border patrol authorities are mandating adoption of RFID use for border control.

In-Stat research says 33 billion radio tags will be produced by 2010, tracking Pepsi, people and everything in between. That's up from about 1.5 billion tracking devices that were made last year.

But the pharmaceutical industry could be the ripest of all for rapid adoption. The reason is simple: money.

Counterfeiting RFID

Counterfeiters are increasingly aiming at the U.S. market for their fakes because of their higher price. Most, if not all, of the major drug makers are in the midst of trials for embedding sensors across their manufacturing and supply chains.

Paul Chang, of the worldwide sensor and actuators development group within IBM's software division, says by some accounts 35 million prescriptions a year are filled with counterfeit drugs in the United States.

How do you tell the fakes from the real ones? Look at the label and check the bar codes.

But the copycats have gotten pretty good at that. And they're getting into the supply chain at a rapid clip. The FDA has seen the number of counterfeit cases go from 57 to four times that in two years.

The drug companies are looking at item-level tagging to make sure each bottle matches the batch number etched on the tiny silicon chips before they were attached to bottles for the drug batches.

So how does this stop counterfeiters? It doesn't, but it sure can slow things down.

For starters, RFID systems, which include a silicon chip and an antenna that conducts information etched on that chip, cost money. The chipmaker burns a serial number into the chip, which is then processed and tested.

As Chang explains, you then take that chip and assign a unique number to it for the batch of drugs, which is then stored in what's called an EPC number.

If you're a downstream end-user and you want to check the validity of the drugs, you make sure the chip ID matches the EPC number. That's a feature of RFID that bar codes just can't match.

"We don't think this is going to stop the counterfeiters. But we think by using RFID, it does raise the bar pretty high," Chang says.

The Food and Drug Administration (FDA) recently put out a note urging companies to look into RFID as a way to maintain control over their drug supplies.

The FDA's taskforce on battling counterfeit drugs "recommends that stakeholders continue to work expeditiously toward that goal, and that their implementation of RFID technology be used first on products," it stopped short of applying deadlines for adoption.

Although it says widespread use of so-called e-pedigrees using electronic track-and-trace technology, including RFID, would provide an electronic safety net for our nation's drug supply, adoption is getting bogged down by, you guessed it, standards.

But standards need to continue apace with security and privacy issues.

The security of it

A recent study by researchers at Vrije University in Amsterdam said RFID tags could be used as a medium to transmit a computer virus that might eventually bring an entire system to its knees.

The report said the limited storage buffer of an RFID tag -- typically ranging from 90 to just over 100 bytes -- offers just enough legroom for damaging code to hide out and wait for a connection to the network.

Craig Asher, solutions architect for IBM's pharma RFID software group, said this is what security working groups within EPCGlobal, a not-for-profit standards organization that's working to drive adoption of EPC technology that would enable the identification and tracking of individual items, are hashing out.

And this is why companies need to realize the importance of architecture.

"You don't want a single point of failure. You want to be able to distribute the data across multiple instances so that nobody can break you in one place."

There are three pillars of this work, he adds.

First, the system is certification-based, meaning you can track unique numbers on the bottles of drugs, for example, back to the unique ID that was burned into the chip when it was manufactured. Those are two areas that counterfeiters would need to breach.

Second, you need to be able to read the product with that unique tag and EPC number in order to gain authorization into the EPC-IS database shared by all companies involved in the supply chain.

"Each authorization is logged, and rogue activity can be shut down quickly."

Third, he added, that data is distributed so that a faker would have to extract it from multiple points across a supply chain before they got all the data they need to copycat it.

The standard bearer

In a recent research note, Eric Newmark, analyst for Health Industry Insights, said the FDA stopped short of making RFID an electronic pedigree mandate for more than just security and privacy concerns.

"Some of these lingering issues include frequency standards (HF versus UHF), serialization schemas (National Drug Code NDC ), and consumer privacy notifications and procedures," he wrote.

"HF is widely recognized as the accepted standard, but six leading RFID vendors recently published a study advocating the use of UHF as a more effective and practical choice. Coupled with the fact that Wal-Mart is already heavily invested in it, UHF may still have potential at the item level."

Michael Liard, principal analyst of RFID for ABI Research, said spectrum use, such as high frequency versus ultra high frequency, is also a key challenge, and each country's varies on which part they use to transmit the RFID data.

"Each country is responsible for its own radio spectrum. If products are certified as the so-called Gen2 standard approved two years ago, then they will be interoperable in the U.S., Europe and Asia."

But even with those certifications, the same reader in one country may be operating at 915 mHz frequency, while another is sitting at 952 mHz. Until the ISO, the ultimate international body for interoperable standards, puts its blessing on a UHF frequency that everyone should use, RFID is still a country-by-country patchwork.

Liard says we'll see excellent market growth moving forward once we have products based on ISO standards.

"But if you look at market for 2005-2006, a lot of growth expectations weren't met. By and large it hasn't been overly explosive" because of the continuing patchwork of standards.

You're seeing mandates on e-pedigree tracking on a state-by-state basis, not to mention possible federal legislation, including privacy standards.

"We're not there yet. We're hoping for a summer delivery. We're knocking at the door of ratifying standards. If you want a truly global supply chain, you need the EPC's Gen2 standard to become a global standard. Having that compliance is critical."

Internet.com Corp.

Copyright 2003 Jupitermedia Corp. All rights reserved. Republication and redistribution of Jupitermeida Corp. content is Expressly prohibited without the prior written consent of Jupitermedia Corp.. Jupitermedia Corp., shall not be liable for any errors or delays in the Content, or for any actions taken in reliance thereon.