The legal regulations for medical products, their research, production, and distribution are very strict since they will be applied to the human body. A medical product is, in contrast to a medication, a substance that works physically or physiochemically.
In 2013 in the United States a law was passed requiring the labeling of such medical products. In the Drug Supply Chain Security Act (DSCSA) passed on November 27, 2013, U.S. President Barack Obama stated that by 2023 pharmaceutical companies should be able to track the production of drugs from raw materials all the way to dispensing in order to ensure safety and legitimacy. In the second quarter of 2017 this consistent traceability of products will also be introduced legally in Europe as “Unique Device Identification” (UDI).
What is UDI (Unique Device Identification)?
UDI is much more than a scannable code. It is regarded as a complete system. Behind it stands the “International Medical Device Regulatory Forum” (IMDRF), driven by members including the FDA (Food and Drug Administration) from the U.S., the European Commission, as well as key players and affiliates such as the WHO (World Health Organization). The UDI-System was developed in the U.S. and is used for the individual marking of medical devices using an identification number. This number is stored in a database. The products and packaging are given a UDI data carrier, which includes the identification number. The identification number is a scanable label represented in encrypted form as a plain text. The UDI system consists of three pillars: the product data, the UDI disk, and the database.
The goal of UDI
The goal is worldwide complete traceability of medical products and thereby the safer handling of these products. It also offers more transparency and safety for patients. In addition, recall processes can be made substantially easier for manufacturers. In the case of defective products, the liability issue is easier to settle since all products and packaging are marked with a clear UDI carrier. Through a generally accessible interface health insurance providers, authorities, health care facilities, and other players obtain restricted access to the UDID database and participate, for example, with their billing and administrative procedures.
Classification of risk classes
Medical products are divided in to three risk classes, of which Class II is subdivided into IIa and IIb. They are defined throughout the EU according to Guideline 93/42/EWG.
|Class||Class I||Class IIa||Class IIb||Class III|
Technical operation of the UDI system
The UDI system consists of three pillars:
- The product data (UDI)
- The data carrier (UDI carrier) and
- The data bank (UDID)
The UDI is encrypted according to an ISO standard. The encryption according to ISO standards is taken over by FDA accredited agencies. The UDI consists of two parts – the device identifier (DI) and the production identifier (PI). The device identifier contains the product and manufacturer recognition and statistical data. The production identifier consists of data, batch, lot and serial numbers, as well as expiration or production date. The production identifier and the device identifier must be machine-readable. They are coded so that a laser scanner can process them automatically.
The UDI carrier (AIDC, Automatic Identification and Data Carrier) contains a machine-readable identification marking on the product and packaging in the form of a bar code or data matrix (ISO/ IEC 16022). Particular information must be included in the label and also in clear print. The so-called label is then found on the medical product as well as the packaging. There is a special regulation for recycled medical products. These must have a direct marking. If a significant change has been made to a product by the manufacturer the UDI must be replaced. The actual data structure is defined in ISO/ IEC 15418 (reference to ANS MH10.8.2), which contains two different data structures. There is the ISO/ IEC 15434 Format 05 as well as the ISO/ IEC Format 06. The Format 05 uses the application identifier and the Format 06 uses the data identifier.
The data banks illustrate the three pillars of the UDI system. There is the Global UDI Database (GUDID) in the U.S., and for Europe the European Unique Device Identification Database (EUDID). Statistical data from the manufacturer regarding the products are deposited in the data banks. Only original data is stored in the data banks; the variable data is contained directly in the code. When the UDI Code is scanned with a laser scanner the variable data and the product reference are obtained from the code. Through UDID access the according information is obtained from the data banks.
The medical device manufacturers can enter their data via the homepage of the GUDID. There are three options for this: manufacturers can enter each product individually, manufacturers can enter their products via an automated system (HL7 SPL module) or they can commission an external service provider.
Agencies accredited by the FDA
There are approximately 30 various accredited agencies from the FDA who conduct encryption according to ISO standards. They each offer different coding procedures. The agencies are simultaneously places of delivery for the company codes of the manufacturer. The agencies are, according with the international standard ISO/ IEC 15459-2, registered at the ISO registration office. The following agencies are accredited by the FDA: GS1 System, Health Industry Bar Code (HIBC), ISBT. The GS1 System offers a referencing system for article numbers. For example: the Global Trade Item Number (GTIN). HIBC offers a direct coding system for alpha-numeric article numbers. ISBT is special for the identification of blood and transplants specialized in the U.S. The HIBC- and GS1 Code (ISO/ IEC 15417) possess similar characteristics and are based on the same data carrier, data matrix (ISO/ IEC 16022) or linear bar code (Code 128).
Implementation and control
On December 9th, 2013 the IMDRF published a final version of the UDI guidelines, “Unique Device Identification (UDI) of Medical Devices” (IMDRF/ WG/ N7FINAL:2013). These guidelines contain the international framework. The American FDA (Food and Drug Administration) passed regulations in the U.S. requiring the complete traceability of medical products. In the U.S. a law was passed in 2013 requiring the marking of such medical products. Since September 24th, 2014 Class III medical products and medical products for life-sustaining or life-supporting implants sold in the U.S. must comply with UDI regulations. Since September 24th, 2016 products with the risk class II must be UDI conforming. Subsequently the regulations should be implemented for risk class I. In the second quartile of 2017 the legal requirement of complete traceability of medical products will be introduced in Europe. In Europe the EU decree Medical Device Regulation (MDR) was passed. The national implementation in Germany and Austria was carried out through the Medical Product Law (Medizinproduktgesetz). This law covers all medical products.
The FDA in the U.S. and the European regulatory authorities will review the compliance with the directives without prior notice. The FDA is authorized to publish the results on the internet.
What advantages does Blockchain offer manufacturers?
In the case of deficit or malfunction in a product, the manufacturer must prove that they are not responsible for the mistakes. An example for this is a fictitious dosing device. This device will be produced with the help of several subcontractors. The complete dosing device and the packaging will be equipped with a distinct UDI carrier, including the partial products that are stored in the device. Accordingly, the end product consists of a large number of smaller partial products outfitted with a UDI carrier. Now through distribution the end product reaches the end used (a hospital, for example). The device is used in medication administration. Fictitiously, it is assumed that within six hours the device administers a prescribed amount of medication. A mistake occurs in which the same amount of medication is given within an hour. In such an incident, the FDA usually takes action to find out who is responsible. Through the GUDID the manufacturer and the supplier can be identified by their clear UDI. If all production relevant data are recorded in a Blockchain, the information can without a doubt be tracked and presented to a regulatory authority without loss of content.
In the case of a mistake in their product the manufacturer must prove that they are not responsible for the mistake. An example for this is a fictitious dosing device. This device will be produced with the help of several subcontractors, including the software of a third manufacturer. Each manufacturer tests their products before they are shipped (for example, a software must pass various tests before its release). The complete dosing device and packaging will be equipped with a distinct UDI carrier, including the partial products. The dosing device is implemented, and after a few hours of operation there is a critical incident. Through an incorrect parameterization the device administers a medication per unit of time higher than intended. For insurance reasons the end user now contacts the manufacturer of the device for claim for compensation. The manufacturer has only the burden of proof to show in what condition and parameterization the device was extradited. With the help of a Blockchain it can be proven without a doubt that the device left the plant with the correct parameterization. A deviation in the parameterization occurred at a later point in time (for example, in the event of a faulty operation during a maintenance operation).
In the event of an incident the manufacturers of medical products are obligated to provide evidence of who is responsible. An example for this is an anesthesia device. Such a device ensures the necessary ventilation of a patient during an operation. In the case that the device does not function properly during surgery and the patient receives too little oxygen, the risk of permanent damage is extremely high. The integrated monitoring unit of a third manufacturer should have given an alarm, but this was done wrong. The hospital must report and investigate the case. Using the GUDI database and the scannable UDI, the manufacturer and the suppliers can be identified and contacted. The manufacturer of the anesthesia device must prove that the device left their company in proper and anticipated condition after passing all necessary tests. When using a Blockchain this is undoubtedly and transparently possible. All relevant data and information from the production process (for example, machine configurations, software versions, test reports, etc.) are stored in a Blockchain. Upon request the manufacturer will be able to present their acquisition and quality chain in a fast, transparent, and sound manner.
What are the weaknesses of the current storage system?
If the data can be retrieved at all, they are usually located on the local hard disks of computers or servers. Even using a sophisticated backup strategy, it is difficult to establish a 100% permanent and available solution using clustering, mirroring, and the use of RAID systems. A major hindrance of these existing solutions is that they can only be protected from changes by an access rights manager. The challenge here is how to create a simultaneously decentralized and permanently tamper-proof solution.
Blockchain is an unchangeable, highly-available, and distributed data bank in which all data are made tamper-proof and protected from foreign access through encryption.
Johannes Kuhn provides a good and short definition in the Süddeutsche Zeitung /2/:
“The blockchain is a digital bank statement for transactions between computers which records every change and saves it decentralized and transparently on many different computers. This makes it impossible (or possible only with enormous efforts) to manipulate this information which has already been verified.”
The principle of Blockchain states: “Logically centralized, organizationally decentralized” /1/. In principle, Blockchain is a decentralized data bank holding available a continually growing list of transaction data records. The data bank is chronologically extended linearly, similar to a chain, at the end of which new elements will be added constantly (hence the term Blockchain). When one block is complete the next is produced. /5/
What is Blockchain?
What are advantages of the blockchain?
A blockchain is a data bank with two primary characteristics. On the one hand, because of a very elaborate encryption procedure (the hash function), it can be considered secure from tampering. On the other hand, many copies are distributed throughout the overall data bank, in which 51 % of all instances must be changed in order to successfully forge a data bank entry.
The core units of the blockchain are the transactions. This can be a bank transfer, a contract, or a certificate. At a certain point in time the transactions will be gathered and grouped in to one block. A further important perspective is the decentralized nature of the blockchain. In a classic databank if the server fails, the data bank can no longer be used. With a blockchain in case one part of the nodes fails, the remaining nodes can be used further.
With today’s computer technology billions must be invested in order to tamper with just one single unit in a blockchain. This is completely uneconomical and thus leads to a higher lever of tamper security for the blockchain.
The young, innovative database technology of blockchain could bring major changes to the IT sector as well as in different sectors of economy and industry. The greatest advantage of Blockchain over traditional databases is their data security, which is ensure on the one hand by continuously growing hash values and on the other hand by the distributed nature.
Blockchain provides a more reliable and secure strategy for manufacturing and tracking medical devices. All incoming information can be written into the Blockchain and the manufacturers are thus protected against authorities and end users. In addition, the data in the Blockchain are tamper-proof and cannot be manipulated by manufacturers or end users. Blockchain technology is used everywhere where it is of great importance that information is highly available, traceable, and tamper-proof.