The federal government’s Drug Supply Chain Security Act (DSCSA) of 2013 set to be implemented in 2017 will enable better information security in protecting pharmaceuticals in transit. But Third Party Logistics companies (3PLs), trucking and logistics carriers involved in the new supply chain model will need to assess whether their existing physical security measures can meet the new challenges they will be facing.
The Problem with Pharmaceutical Logistics
Due to the burgeoning problems with counterfeit and stolen pharmaceutical shipments, the federal government established the Drug Supply Chain Security Act (DSCSA) of 2013. In 2013, a McKinsey study assessing the new compliance regulations, Building New Strengths in the Healthcare Supply Chain, cited the counterfeit global drug market will be 5% of the total market by 2016 and will cost the industry $70 billion in revenue. The impact is potentially devastating: not only affecting revenue and consumer healthcare costs, but more notably generating life safety risks for people suffering from diabetes, heart disease, HIV, etc., many of whom will become seriously ill if their medication is fake or stale.
The DSCSA will require complete tracking data of certain pharmaceuticals for 6 years to be produced in 24 hrs. And currently, information security companies and departments at logistics carriers are racing to solve the technological challenges for tracking the data by that deadline. UPS, for example, is creating a digital repository to be in compliance with the three required reports: transaction history, transaction information, and transaction statements. To industry insiders, these are known colloquially known as "T3".
The Proposed Security Solution
The new compliance regulations include: product identification, product tracing, product verification, detection and response, notification, wholesaler and third-party licensing. A DC Velocity article on the problem cited:
“Many will turn to third-party logistics service providers (3PLs) for help. Although the new law relieves 3PLs of the most onerous regulatory burdens by identifying them as having only temporary possession of the drugs (not full product ownership as drug manufacturers, wholesale drug distributors, re-packagers, and pharmacies do), many have nonetheless developed state-of-the-art tracking and tracing capabilities.”
In taking temporary possession of the drugs, 3PLs will have tracking mechanisms to ensure their compliance, but this will not solve the increased security risk they will face.
Conduct a Risk Assessment of Physical Security
Pharmaceutical shipments are a high-value target for organized crime. They contribute to a $35-billion cargo theft problem in the U.S. alone, as cited by the Department of Homeland Security. Criminal strategies to steal the drugs will likely shift with improved information security: warehouses, drop lots, virtually every phase of the supply chain, will be at increased physical security risk.
Organized crime invests in technology and information to accomplish pharmaceutical theft. The Eli Lilly facility theft of 2010 provides an idea of what logistics carriers will themselves be up against:
“It was not as if the Lilly facility was left unlocked with the welcome mat out. It had 13 cameras inside as well as motion detectors and an alarm system. It now appears the thieves had documents that showed them every vulnerability, from where the alarm control room was located to which delivery bay they could safely park their get-away rig in without being seen.” Fierce Pharma Manufacturing
Logistics facilities at primary risk will include those that:
- Rely on detection-based security measures such as alarms and cameras
- Are located in industrial and commercial zones
- Have insufficient perimeter security measures
While any facility transporting pharmaceuticals is at risk, factors such as these encourage thieves to believe the facility is sparsely populated at night, that any perimeter barrier can be easily compromised, and that security alarms can be compromised as well, without drawing attention from neighboring facilities.
With onerous penalties attached to even a lone breach, participating carriers may want to consider a deterrence-based physical security strategy before 2017, one that includes protection at their perimeter, as well as integrating a host of internal intrusion devices. A perimeter security strategy increases safety, and provides longer lead times for a law enforcement response in the event the facility is attacked by determined thieves.