This article is the third instalment of a three-part Solidblog series written by Charles Young.
This is the final article in a series of three. In the first article, I agreed with Stefan Artlich that QR codes are preferable to Data Matrix codes for access to electronic Patient Information (ePI), despite the technical superiority of Data Matrix barcodes. This is due to the wide support for QR Codes built into smartphone apps. In the second article, I argued that no single approach adequately meets the broad range of use of barcodes printed on pharmaceutical products.
I concluded that the selected barcode technology is not the central issue. The most important consideration is the trustworthiness we attribute to the data that the barcode contains or to services that we use to process that data. For electronic Patient Information, if we assume the pack is authentic, we can trust the URL provided by the manufacturer. QR Codes provide the most appropriate way of allowing patients to use that trusted URL to obtain the safety information they need.
To validate the authenticity of a pack, you must reliably compare a unique identifier (a barcode) provided by the manufacturer with data that the manufacturer recorded in a repository. To access that repository, you must not rely on a URL provided by the manufacturer in the barcode. That would be no better than believing a printed statement on the pack that says “This pack is authentic. Trust us!”.
You must ascertain the trustworthiness of the repository before you use it to authenticate packs of medicine. You must be confident that the data in the repository comes from the actual manufacturer, that it has not been altered and that the manufacturer is in good standing. In practice, this requires assurance from a trusted third party such as a regulatory authority or industry body. These considerations affect the choice of barcode technology. In this case, GS1 sensibly recommends the use of Data Matrix barcodes.
I do not believe that a single barcode provides a practical approach to fully meet the broad range of relevant supply chain and patient requirements. There are several reasons for this including the trustworthiness of the data contained in a barcode, ease of access, cost of production, reliability of the scanning process and the size of the barcode. Clearly, a single barcode that could support multiple needs would be ideal, but the technology is too limited to fully support this.
I do not expect to see the emergence of a single multi-purpose barcode type in healthcare. However, there are approaches that can help, including GS1 standards that ease the burden and cost while maximising the effectiveness of barcode technology in the pharmaceutical sector. One of the most powerful GS1 approaches is the concept of Digital Links.
From a technical perspective, Digital Links may not seem particularly revolutionary. A Digital Link is simply a disciplined URL (a web address). The GS1 approach broadly adheres to the notion of REST (Representational State Transfer) in which each URL identifies a specific resource that we can interact with. However, the Digital Link standard takes this a step further by introducing the concept of resolver services. The job of a resolver is to interpret the intent of the user and to redirect each Digital Link request to the appropriate resource. Broadly speaking, resolvers make Digital Links context-aware.
If this seems a little abstract, let me illustrate with some examples. Consider patient information. In the USA, Europe and elsewhere, patient information is often translated into several languages. These language variations are not, of course, included in the pack. They are available for download from a web site. There are about 7,000 spoken languages across the world. Providing language-specific information to patients is very challenging, and even more so when managing medicines that may be imported by any low- and middle-income country.
If a Digital Link resolver service knows the preferred language of the user (there is a standard mechanism that supports this), it can redirect a request for an electronic patient information leaflet to the appropriate translation, if it exists, or to a default translation if it does not. It can also redirect to the most up-to-date version of information. Digital Link resolvers greatly increase the ability of manufacturers to provide comprehensible and timely information tailored to patients’ needs.
Digital Links provide a great basis for building ‘digital twins’ in which the data collected, stored and accessed on-line mirrors the history and current status of real-world objects. An online service, accessed using a Digital Link, can store data provided within or alongside that Digital Link such as events, location details, disposition etc. This is one reason why GS1 now incorporates Digital Links into their Track & Trace framework (EPCIS 2.0) as the preferred way to identify trade items and other objects in supply chains. Digital Links provide a natural fit with Track & Trace based on the ‘digital twin’ concept.
Web-based resources can, themselves, be services. For example, a Digital Link resolver can identify a request to verify the authenticity of a medicine pack and redirect the request to the appropriate verification service based on the product code. In this way it acts as a kind of ‘verification broker’. Of course, you need to trust that the resolver will only redirect you to a valid authentication service that can, itself, be trusted. GS1 provides a standard to enable this scenario, although it is a rather limited currently with inadequate support for extensibility.
Digital Links are very powerful. They mitigate the shortcomings of barcode technologies and allow a single barcode to support multiple needs. However, they are no magic solution. Specifically, they do not solve the problem of creating a single barcode that supports different trust models. This is the heart of my argument. In healthcare we have one model where we can reasonably trust the data contained in the barcode itself and another model where we invest our trust in some external service that processes the data in the barcode. Any attempt to support both these models through a single barcode poses significant problems.
We can summarise the options we have for accessing patient information using a barcode using a quadrant diagram.
There is a lot to take in here, but the summary is that the only option that adequately supports both access to patient information and pack verification requires the end user to use a third-party application (or enter URLs manually) and for the manufacturer to trust a resolver service that they may not own. This is the solution in the bottom right quadrant. However, this solution cannot exploit the great strength of QR Codes which is the support they enjoy in general-purpose camara apps on smartphones. Users cannot simply point their phones at the barcode and access the information. They must go through additional steps.
For completeness, I should mention another approach that lies between the two lower quadrants. This is to use artificial intelligence to infer links from the data elements stored in a barcode. Search providers are busy enhancing the search experience with AI, and this technology could be applied to barcodes with multiple data elements. Even though the barcode may not contain a URL, an AI could infer one or more links to services provided by the manufacturer. GS1 is currently campaigning to extend support for Data Matrix barcodes and GS1 data elements in Google Lens which uses AI to augment the search experience. However, healthcare is heavily regulated in many countries. This approach may not be acceptable as a reliable and safe means of verifying medicinal products or accessing medicinal safety information.
The point about manufacturers trusting resolver services is relevant here. When a user accesses patient information using a Digital Link resolver service, the trust issue operates in reverse. It is manufacturers that must trust the resolver service. You might try to convince smartphone platform vendors to provide their own resolver services in the hope that pharmaceutical manufacturers will trust them enough to upload their redirection rules to those services. Good luck with that! My direct experience is that manufacturers will likely refuse to entrust their rules to an external service, even if that service has impeccable pharmaceutical credentials. One reason is that the maintenance of patient information is not a trivial endeavour. It is highly regulated, and each manufacturer must comply with GxP requirements. Entrusting redirection rules to an external service, however trustworthy, simply adds more complexity, risk and cost.
There is perhaps one other alternative. The GS1 standards for Digital Links provide a mechanism whereby one Digital Link Resolver can forward requests to another resolver service based on a GS1 Global Company Prefix (e.g., the first few digits of a GTIN – a manufacturer’s product code). This offers a way forward for patient information, but it still requires each smartphone manufacturer to maintain a trusted global repository of GCP-based forwarding rules and for each manufacturer to maintain their own Digital Link resolver service. I think it is very unlikely that smartphone platform vendors will cooperate with the pharmaceutical industry to implement this approach. Time will tell.
As some readers will know, I have now blundered into very controversial territory indeed. I may be wrong. However, until proven wrong, I maintain that there is no simple or obvious single barcode solution that can meet the range of uses to which barcodes are put in the pharmaceutical industry, and that multiple barcodes on packs are therefore needed for the foreseeable future. GS1 Digital Links are a great help, and I am delighted to be actively engaged in promoting their use. However, they don’t answer all our needs or suite every application of barcode technology.
QR Codes vs. Data Matrix for Patient InformationThe Myth of the Monadic Barcode
Solidsoft Reply is a leading technology company creating award-winning solutions utilising the Microsoft Azure cloud platform. As a globally acclaimed Microsoft AI Cloud Solutions Partner, we specialise in GS1 traceability systems worldwide, crucially ensuring the authenticity, legality, and safety of our customers’ products and services. Serving non-profits, NGOs, healthcare, and the pharmaceutical industries, we deliver technology for positive social impact. Your products, safe in our hands.