You don’t have to veer too far into major industry sectors these days
without bumping into the quickening pace of adoption of
RFID
Wal-Mart, for instance, is driving RFID
adoption in its supply chain by mandating that trading partners adopt
pallet-level RFID use.
The Department of Homeland Security expects
RFID chips to be on our passports in the not-too-distant future. And federal and
state border patrol authorities are mandating adoption of RFID use for
border control.
In-Stat research says 33 billion radio tags will be produced by 2010, tracking Pepsi, people and everything
in between. That’s up from about 1.5 billion tracking devices that were made
last year.
But the pharmaceutical industry could be the ripest of
all for rapid adoption. The reason is simple: money.
Counterfeiting RFID
Counterfeiters are
increasingly aiming at the U.S. market for their fakes because of their
higher price. Most, if not all, of the major drug makers are in the midst of
trials for embedding sensors across their manufacturing and supply chains.
Paul Chang, of the worldwide sensor and actuators development group
within IBM’s software division, says by some accounts 35 million
prescriptions a year are filled with counterfeit drugs in the United States.
How do you tell the fakes from the real ones? Look
at the label and check the bar codes.
But the copycats have gotten pretty
good at that. And they’re getting into the supply chain at a rapid clip. The
FDA has seen the number of counterfeit cases go from 57 to four times that
in two years.
The drug companies are looking at item-level tagging to make sure each
bottle matches the batch number etched on the tiny silicon chips
before they were attached to bottles for the drug batches.
So how does this stop counterfeiters? It doesn’t, but it sure can slow
things down.
For starters, RFID systems, which include a silicon chip and an
antenna that conducts information etched on that chip, cost money. The chipmaker burns a serial number into the chip, which is then processed and tested.
As Chang explains, you then take that chip and assign a unique number to
it for the batch of drugs, which is then stored in what’s called an EPC
number.
If you’re a downstream end-user and you want to check the validity of
the drugs, you make sure the chip ID matches the EPC number. That’s a
feature of RFID that bar codes just can’t match.
“We don’t think this is going to stop the counterfeiters. But we think by
using RFID, it does raise the bar pretty high,” Chang says.
The Food and Drug Administration (FDA) recently put out a note urging companies
to look into RFID as a way to maintain control over their drug supplies.
The
FDA’s taskforce on battling counterfeit drugs “recommends that stakeholders
continue to work expeditiously toward that goal, and that their
implementation of RFID technology be used first on products,” it stopped
short of applying deadlines for adoption.
Although it says widespread use of so-called e-pedigrees using electronic
track-and-trace technology, including RFID, would provide an electronic
safety net for our nation’s drug supply, adoption is getting bogged down by,
you guessed it, standards.
But standards need to continue apace with security and privacy issues.
The security of it
A recent study by researchers at Vrije University in Amsterdam said RFID tags could be used as a medium to transmit a computer virus that might
eventually bring an entire system to its knees.
The report said the
limited storage buffer of an RFID tag — typically ranging from 90 to just
over 100 bytes — offers just enough legroom for damaging code to hide out
and wait for a connection to the network.
Craig Asher, solutions architect for IBM’s pharma RFID software group,
said this is what security working groups within EPCGlobal, a not-for-profit
standards organization that’s working to drive adoption of EPC technology
that would enable the identification and tracking of individual items, are
hashing out.
And this is why companies need to realize the importance of architecture.
“You don’t want a single point of failure. You want to be able to distribute
the data across multiple instances so that nobody can break you in one
place.”
There are three pillars of this work, he adds.
First, the system is
certification-based, meaning you can track unique numbers on the bottles of
drugs, for example, back to the unique ID that was burned into the chip when
it was manufactured. Those are two areas that counterfeiters would need to breach.
Second, you need to be able to read the product with that unique tag and
EPC number in order to gain authorization into the EPC-IS database shared by
all companies involved in the supply chain.
“Each authorization is logged,
and rogue activity can be shut down quickly.”
Third, he added, that data is distributed so that a faker would have to
extract it from multiple points across a supply chain before they got all
the data they need to copycat it.
The standard bearer
In a recent research note, Eric Newmark, analyst for Health Industry
Insights, said the FDA stopped short of making RFID an electronic pedigree
mandate for more than just security and privacy concerns.
“Some of these lingering issues include frequency standards (HF versus
UHF), serialization schemas (National Drug Code [NDC]), and consumer privacy
notifications and procedures,” he wrote.
“HF is widely recognized as the accepted standard, but six leading RFID
vendors recently published a study advocating the use of UHF as a more
effective and practical choice. Coupled with the fact that Wal-Mart is
already heavily invested in it, UHF may still have potential at the item
level.”
Michael Liard, principal analyst of RFID for ABI Research, said spectrum
use, such as high frequency versus ultra high frequency, is also a key
challenge, and each country’s varies on which part they use to transmit the
RFID data.
“Each country is responsible for its own radio spectrum. If
products are certified as the so-called Gen2
standard approved two years ago, then they will be interoperable in the
U.S., Europe and Asia.”
But even with those certifications, the same reader in one country may be
operating at 915 mHz frequency, while another is sitting at 952 mHz. Until
the ISO, the ultimate international body for interoperable standards, puts
its blessing on a UHF frequency that everyone should use, RFID is still a
country-by-country patchwork.
Liard says we’ll see excellent market growth moving forward once we have
products based on ISO standards.
“But if you look at market for 2005-2006, a
lot of growth expectations weren’t met. By and large it hasn’t been overly
explosive” because of the continuing patchwork of standards.
You’re seeing mandates on e-pedigree tracking on a state-by-state basis,
not to mention possible federal legislation, including privacy standards.
“We’re not there yet. We’re hoping for a summer delivery. We’re knocking
at the door of ratifying standards. If you want a truly global supply chain, you
need the EPC’s Gen2 standard to become a global standard. Having that
compliance is critical.”