As an undercover agent with the US Drug Enforcement Administration and the Food and Drug Administration, Aaron Graham saw firsthand how counterfeit drugs can slip into the pharmaceutical supply chain. Graham, now VP and chief security officer for Purdue Pharma, once posed as the manager of an "institutional pharmacy" selling drugs at a discount to secondary wholesalers who were then supposed to sell them to nursing homes. Soon after he began, his phone started ringing. Dozens of smaller pharmaceutical wholesale companies were calling, desperate to buy his drugs. These secondary or "grey market" wholesalers scour the country and the world for low-price drugs they can sell back to major wholesalers for a profit. In addition to trawling for institutional pharmacies, some secondary wholesalers have been known to purchase counterfeit drugs from criminal organizations in places such as China, Thailand or Colombia.

Graham, who was part of a two-year FDA sting operation known as "operation grey pill", helped expose a system in which large and small wholesalers were taking advantage of multitiered pricing in the industry. Prescription drugs are sold at discounts to subsidized groups such as nursing homes and also exported at lower prices. Graham and his colleagues found that these lower-priced drugs are sometimes smuggled back into the country and sold to large wholesalers for a profit. These multiple steps, in which a drug can bounce back and forth from distributor to distributor, create a supply chain that is complex, convoluted and, at times, vulnerable. The more frequently a drug changes hands, the greater the chance that counterfeit or diverted drugs can enter the legitimate supply chain.

Such a porous supply chain poses hazards to patients — thousands of people worldwide die every year from ingesting fake drugs — and it costs the pharmaceutical industry an estimated $US46 billion a year in lost profits. A study by the World Health Organization (WHO) said that counterfeit drugs represent more than 10 percent of global sales. And in 2004, the FDA reported that the number of its investigations of counterfeit drugs rose by 150 percent from the previous year as a growing number of criminal groups take advantage of high profits and penalties that are less severe than those for selling illegal narcotics such as heroin or cocaine.

"Prescription drugs pass through so many hands before they reach the pharmacy, there is no way to know where they all come from," says Graham, who came to Purdue in 2002. "Laws on the books today are not effective in keeping counterfeit drugs out of the supply chain."

To fix the problem, pharmaceutical companies are under increasing pressure to plug holes in their supply chain, particularly in the distribution network that runs from manufacturer to customer. For instance, several US states are now mandating that companies confirm the authenticity of their product by creating a "pedigree" that vouches for a medication's origin and who else has handled it. The FDA has recommended that pharmaceutical companies start using radio frequency identification technology (RFID) as a means of better tracking drugs. As a result, most pharmaceutical companies are experimenting with RFID, or at least using bar codes or other technologies such as Web portals that can help track and authenticate the drugs. (For more on RFID technology see, "The RFID Imperative".)

Purdue, along with several pharmaceutical giants, including Pfizer and GlaxoSmithKline, has started tagging some of its most popular drugs with RFID chips as part of a pilot program designed to track drugs from the manufacturer to the consumer. None of the technologies or techniques now being tested is trouble free, and most demand a hefty investment in infrastructure and IT. Tagging drug bottles with RFID and collecting data on drug sales also raises privacy and security issues that have yet to be resolved. But those drug manufacturers not yet on the bandwagon can't wait for questions of standards or privacy regulations to be decided. With the help of their CIOs, who will design the IT infrastructure to support the new processes, they need to start pilot projects now to get ready for further mandates or risk getting left in the dust as the industry gears up to fight a dangerous global scourge. "Drug companies need to be seen doing everything they can to secure their supply chains," says Daniel Engels, director of the health-care research initiative at MIT.