Apotheken - securPharm e.V.

Why do we need a protection system for medicines?

There are hardly any counterfeits in
pharmacies.
So far, there have only rarely been counterfeit medicines in the legal supply chain. The wide availability
of well-made counterfeits increases the danger. The protection system has therefore been
introduced to maintain and further improve the high level of safety in the legal pharmaceutical trade.
further improve it.

Who is securPharm e.V.?

securPharm e. V. is the German organization for the authentication of pharmaceuticals and
responsible for the operation of the system for the authentication of medicinal products. The association
was founded to implement the EU Falsified Medicines Directive 2011/62/EU and Delegated Regulation (EU) No. 2016/EU.
(EU) No. 2016/161 was founded. Its members include the Verband Forschender
Arzneimittelhersteller e. V. (vfa), the Bundesverband der pharmazeutischen Industrie e. V. (BPI),
the Federal Association of Pharmaceutical Manufacturers (BAH), Avoxa - Mediengruppe Deutscher
Apotheker GmbH and IFA - Informationsstelle für Arzneimittel GmbH as well as ABDA - Bundesvereinigung deutscher Apothekerverbände
Bundesvereinigung deutscher Apothekerverbände e. V. securPharm operates as a non-profit organization.
organization. securPharm is the German component of the EU-wide network
EMVS against counterfeit medicines.

How can pharmacies participate in securPharm?

Pharmacies connect to the securPharm system via the pharmacy server. The technical
The technical implementation is carried out by your pharmacy software company. The operator of the pharmacy server is
Netzgesellschaft deutscher Apotheker mbH (NGDA), a 100% subsidiary of Avoxa.
NGDA is responsible for the legitimization and connection of the participants (pharmacists, wholesalers,
health care facilities).

Who can connect to the pharmacy system?

All players affected by the Falsified Medicines Directive and who are not pharmaceutical companies can join the pharmacy system.
and are not pharmaceutical companies, in particular public pharmacies, hospitals and pharmaceutical wholesalers,
hospitals and pharmaceutical wholesalers.

What security features does the Falsified Medicines Directive require?

Since February 9, 2019, the Falsified Medicines Directive has stipulated two new security features
on the packaging of prescription medicines. A first-opening protection (anti
tampering device), which indicates whether a pack has already been opened, is intended to
guarantee that the contents of the pack are genuine. An individual identification feature (Unique
identifier) is intended to make each pack uniquely identifiable. Both security features must be
checked by the pharmacy before dispensing to the patient and, in the case of the unique identifier, deactivated.
identification feature must be deactivated.

26.04.2022 Version 5 created by securPharm e. V. 7

What does the unique identifier look like?

The unique identifier is a Data Matrix code in which the individual serial number, the product code
number, the product code, the batch designation and the expiry date. In addition
This information is also printed in plain text on the pack.

When did the connection to the securPharm system and the authenticity check become mandatory?
mandatory?

Medicinal products subject to mandatory verification that have been released for sale by the manufacturer since February 9, 2019
may only be dispensed after successful authentication.
Medicinal products that were released for marketing before the cut-off date may be supplied until the end of their
expiry date without the safety features and therefore without authentication.
be dispensed. The pharmacy software should automatically recognize whether a medicine is subject to verification or not.
automatically.

To which medicines do the new safety measures apply?

In principle, the new requirements apply to all prescription-only medicinal products for human use
with the exception of medicinal products on the white list (Annex I to the Delegated Regulation).
listed medicinal products. The white list is a list of prescription-only medicinal products and medicinal product
categories of medicinal products that may not bear the safety features. This list contains 14
product categories, including homeopathics, allergen extracts, contrast media and parenteral nutrition solutions.
solutions for parenteral nutrition. Non-prescription medicines may not bear the
safety features. Exceptions are the medicinal products listed in the Black List (Annex II to the Delegated
Regulation). The Black List is a list of non-prescription medicinal products and
The Black List is a list of non-prescription medicines and categories of medicines that must bear the safety features.
So far, only omeprazole is included in two different strengths.

Can OTCs voluntarily carry a Data Matrix Code?

According to the EU Commission, the application of a Data Matrix Code to OTC packs is permitted as long as the Data Matrix Code does not contain serial numbers.
the Data Matrix Code does not contain a serial number, the product code, expiry date and batch
date and batch number can be included in a machine-readable form. Voluntary participation in the
in the authentication of medicinal products is not possible.

May OTCs voluntarily carry first-opening protection?

In an announcement dated April 11, 2017, the PEI and BfArM (BAnz AT 26.04.2017 B3.) clarified
that OTC packs may bear a first-opening protection on a voluntary basis.

How does the securPharm system for the verification of medicinal products work?

During the production process, the pharmaceutical manufacturer provides each pack of a medicinal product subject to verification
pharmaceutical product with an individual serial number. This serial number is stored together
together with the product code (as PPN or NTIN encapsulated PZN), batch designation and expiry
date in the Data Matrix Code (and also in plain text) on the pack. At the same time
This information is uploaded to the database system of the pharmaceutical industry.
To check the authenticity of a pack, the Data Matrix Code of the pack is scanned in the pharmacy.
scanned. This triggers a check of the serial number and product code against the pharmaceutical industry database.
database of the pharmaceutical industry. The verification requests from the pharmacies are

26.04.2022 Version 5 created by securPharm e. V. 8

forwarded anonymously via the pharmacy server. The status of a pack recorded in this database
status of a pack is reported back to the pharmacy. If the pack is dispensed after positive
positive feedback, the status is set to “dispensed”. If a second
pack with an identical serial and product number is verified, it will be noticed that it has already been
has already been dispensed.

Why are there two subsystems?

The German stakeholders have opted for a system that consists of distributed databases for pharmacies and pharmaceutical companies.
databases for pharmacies and pharmaceutical companies. The design of a
model ensures special protection of sensitive data, as data for the verification processes (verification and
for the verification processes (verification and status changes) are only exchanged anonymously. The
The subsystems are also operated by different companies. The database
system for pharmaceutical companies is operated by ACS PharmaProtect GmbH, a company of the pharmaceutical
of the pharmaceutical associations. The database system for the pharmaceutical industry
all pharmaceutical companies whose products are subject to the verification obligation.
subject to the verification obligation. The pharmacy server is operated by Netzgesellschaft Deutscher Apotheker
mbH (NGDA).

Why is this system also called an “end-to-end system”?

The pharmaceutical company creates a safety feature at one end of the supply chain - when packaging the medicine.
the drug - while at the other end of the chain - before dispensing to the patient in the pharmacy - this
to the patient in the pharmacy - this safety feature is verified and the serial number is
written out.

Why is the Data Matrix Code used for this system?

Two-dimensional barcodes can hold a lot of data (e.g. in addition to the product code including the PZN
serial number, the batch designation and the expiry date) and display them with a very small
space requirement.

Do parallel imports carry German or foreign coding?

Parallel imports carry German coding in the German market. Parallel importers must
the unique identifier of the product they market under their own name from the system of the original market.
from the system of the original market and book it out. They then
position as a pharmaceutical entrepreneur and create a new unique identifier, which they enter in the
which they upload to the securPharm system.

How are foreign packs handled?

For packs that are not labeled in German or in both German and (one) other
language, a distinction must be made depending on the supply channel.
Apart from the special distribution channel § 73 AMG, the following rule of thumb applies: Foreign packs
should be treated like German packs by scanning the Data Matrix.
a) Normal procurement channel

26.04.2022 Version 5 created by securPharm e. V. 9

For packs that are procured via the normal delivery route and that are available in both
labeled in German as well as in (another) language(s), so-called multi-market packs
packs, can be handled in the same way as German packs. Multi-market packs can be
the German labeling on the Data Matrix Code, the four data elements in
(PC, SN, LOT, EXP), as well as the PZN in plain text or in the form of Code 39 (barcode)
or “embedded” in the PC data element.
For centrally authorized packs that are not distributed in Germany and are obtained
are obtained via the normal delivery route, the same procedure must be followed as for German packs.
procedure. These packs often have package labeling in a non-German language (exception
language (exception: e.g. Austria). The PZN is generally neither written in plain text
nor can it be reconstructed from the Data Matrix Code. You should therefore
therefore use the Data Matrix Code and the serial number (SN) on the pack to determine the
to determine a verification obligation.
The scan of the Data Matrix Code triggers a verification request, which is forwarded via the
European hub to the respective national system in which the pack data is stored.
packaging data is stored. The process is also referred to as an IMT (Intermarket
transaction). For example, if you verify packaging data uploaded to the Spanish system
the verification request is forwarded via the European hub to the Spanish verification system.
verification system via the European hub. IMT packs cannot be manually verified or booked out with the securPharm GUI.
manually verified or booked out.
b) Separate distribution channel
If you do not obtain a pack via the normal distribution channel, e.g. as a single or
individual import according to § 73 AMG, the verification obligation in the exporting country is decisive.
is decisive. This applies even if a Data Matrix Code and a serial number are applied.
are applied.
Please note in general for distribution channels that deviate from the normal distribution channel,
(e.g. § 79 AMG) and questions regarding securPharm handling, please refer to the
publications of the federal authorities, the AMK (https://www.abda.de/fuer-
apotheker/arzneimittelkommission/amk-nachrichten/) and the ABDA. In the past
there were exceptions to the basic verification obligation.
For questions about the hub, please refer to questions 1.18 and 1.19.

What data is generated when end users use the securPharm system?

If a pharmacy verifies a pack or checks it out, a request is sent to the pharmacy system (AP system).
system (AP system). The N-ID (i.e. the pseudonymized user ID/APO number)
nung/APO number), the time stamp, the action/process and the pack data contained in the Data Matrix Code (PC
(PC, SN, LOT, EXP) are transmitted. Only NGDA has access to this data.
access. From the APS, the request is forwarded to the database of the pharmaceutical industry (PU-
system). However, the identity of the pharmacy remains hidden from the PU system because

26.04.2022 Version 5 created by securPharm e. V. 10

all requests are forwarded anonymously under a special NGDA user ID. Your
personal data is therefore not transmitted to the PU system. The purpose of the query is
The only purpose of the query is to compare the information read out (security features of the pa
the data stored in the system for the respective pack. The data exchange
the authenticity of the medicine can be verified.
Every request to the databases is saved. This enables the responsible supervisory
authorities to investigate a suspected case of falsification and compliance with the Delegated Regulation.
investigation. See also question:4.7 and 4.8

What is the European hub?

The European hub is needed to enable cross-border flows of goods. It
networks the verification systems of the individual member states with each other so that every medicine pack
pack of medicines bearing the safety features can be checked in every pharmacy in Europe.
pharmacy in Europe. In addition, pharmaceutical companies upload the pack data to the European hub (EU hub).
hub) to upload the pack data to the respective national system. The operator of the EU Hub is EMVO,
the European Medicines Verification Organization. More about EMVO at https://emvo-
medicines.eu/

Which countries are connected to the European hub?

The authentication systems of the EU member states as well as Iceland, Liechtenstein, Norway, Northern
member states as well as Iceland, Liechtenstein, Norway, Northern Ireland and Switzerland are connected to the European hub. The systems of
Italy and Greece will not be added until 2025. These have been granted a transition period by the legislator.
These countries have been granted a transitional period by the legislator because these countries already had
regulation came into force, these countries already had systems in place for the verification of medicinal
requirements. In Switzerland, the application of safety
safety features and their testing is currently still carried out on a voluntary basis in Switzerland.

Who is the EMVO?

The European Medicines Verification Organization (EMVO) operates the EU hub through which the individual
the individual country systems exchange the packaging data. A corresponding agreement was concluded between EMVO and securPharm
agreement was concluded between EMVO and securPharm to connect the securPharm system with the EU Hub
and thus integrate it into the European anti-counterfeiting system.

What is the EMVS?

The European Medicines Verification System (EMVS) is the Europe-wide anti-counterfeiting system.
It consists of two components. One component is formed by the national organizations for
the Delegated Regulation (NMVOs) with the corresponding national systems (NMVS).
(NMVS).
The second component of the EMVS is formed by the European hub. This hub
This hub acts as a router (connection point) to ensure the exchange of data from the national data
and is also used by pharmaceutical companies to upload packaging data.
companies.

26.04.2022 Version 5 created by securPharm e. V. 11

How are the security features intended to increase counterfeit protection?

The new anti-counterfeiting protection consisting of an individual identification feature and first-opening protection
counterfeits are easier to recognize. The individual identification feature makes each pack
unique, making counterfeiting less attractive and the risk of detection high.
is high.

Dealing with packs that carry a second Data Matrix code, e.g. for medicines manufactured and packaged in India.
manufactured and packaged in India?

Medicinal products manufactured in India and subsequently exported may bear a Data Matrix Code
which is very similar to the Data Matrix Code prescribed in the European Union.
If the Indian Data Matrix Code on the packaging is scanned in the pharmacy,
the pack cannot be identified in the securPharm system. During the authenticity
therefore have to ensure that the correct Data Matrix Code is scanned.
is scanned. The “PPN” emblem in clear text next to the code can provide an indication of the correct Data Matrix Code.
next to the code.
The problem occurred particularly shortly after the introduction of the European anti-counterfeiting system.
and should now be rare.

Where can I find out which counterfeits have been detected by the securPharm system?

Is there
Is there a list of detected counterfeits?
securPharm supports the responsible supervisory authorities in the investigation of suspected counterfeit
by providing reports from the securPharm system, the so-called audit trails of individual packs.
of individual packs. As a rule, securPharm does not receive any information about the
generally does not receive any information. Information on counterfeits must therefore be obtained from the responsible
supervisory authorities.
1.25 Dealing with reclassified prescription-only medical samples
Prescription-only medical samples are medicinal product packs that are distributed by the
pharmaceutical company directly to doctors as (free) samples.
Pharmacies are not normally allowed to supply these packs to the public.
If the competent authorities allow pharmacies to supply physician samples in exceptional
If, in exceptional cases, the competent authorities allow pharmacies to dispense medical samples, these packs may not be posted. This is because the
reclassified physician samples are already booked out as “sample/sample” and a renewed
a new check-out via the securPharm system will result in an alarm. Verification of the pack is
possible.
1.26 What is an IMT?
IMT stands for Intermarket Transaction and describes cross-border data communication.
data communication.
Example: Verification process of a Spanish pack (Spanish presentation, originally f.
produced for the Spanish market).

26.04.2022 Version 5 created by securPharm e. V. 12

For example, if you verify a pack uploaded in the Spanish system, the
verification request is forwarded to the Spanish verification system via the European hub.
forwarded to the Spanish verification system. The pharmacy then receives the usual feedback again via the hub.
feedback via the hub.
Among other things, the European hub requires the batch designation (LOT) for forwarding. Therefore
an IMT pack cannot be processed via the securPharm GUI, as only the PC and SN can be entered there.
and SN can be entered there.
If your software provider offers a function for manual securPharm entry with all data elements (PC, SN, LOT, EXP), this can be used to verify and write off IMT packs.

What are the requirements for using the securPharm system?

In addition to the technical requirements (hardware and software, Internet connection), the use of the securPharm system requires
and software, Internet connection), access to the pharmacy server of the securPharm system in the form of an
system in the form of an electronic certificate (N-ID). In order to prevent unauthorized use of the sys
system, a user goes through a legitimization process before accessing the system. The
legitimation is checked at regular intervals and the user is re-authorized. This
This is done via the NGDA portal. For the initial access to the securPharm system, securPharm
has compiled a checklist at https://www.securpharm.de/apotheken-systemzugang/.

What is the NGDA portal?

The NGDA portal provides access for various target groups. Pharmacists or those responsible
or those responsible for a site can use the NGDA portal to manage the certificates of one or more sites.
manage the certificates of one or more sites. In the N-Ident procedure, each operating site receives its own
N-ID (APO number). The contact details of the respective business premises (including e-mail address) should
always be kept up to date. When registering in the NGDA portal, a user name and password are
password are defined. The portal can be accessed at www.ngda.de.

What is the N-ID?

The N-ID is the electronic identity of an individual business establishment verified as part of the N-Ident process.
business premises. It is used to access digital services and systems without additional registra
registration and is a mandatory requirement for participation in the securPharm system. Behind the N-ID
is a certificate that is valid for 24 months.
When registering and legitimizing a business establishment in the NGDA portal, an N-ID certificate can be acquired.
certificate can be acquired. With the certificate, a user receives a combination of user name,
the N-ID (e.g. apo1234567) and password. If the certificate for the individual operating site has been
renewed, a new password is issued for the certificate, but the user name (N-ID) for the operating site remains the same.
for the operating site remains the same.

What can be done if difficulties arise when logging into the NGDA portal?

If you have forgotten your password, you can obtain a new password from the NGDA website.
password. To do this, you must enter your user name and the e-mail address you have provided.
You can find help with this at www.ngda.de.

What can I do if I have difficulties logging in to the securPharm GUI?

To log in to the securPharm GUI, you will need the N-ID and password from the first PIN letter you received by post.
letter that was sent by post. When renewing a certificate, users receive
receive a new password, but the password from the first PIN letter is still used to access the
GUI.
In the event that the password is forgotten, a new password can be obtained from the NGDA website.
password. The user name and the stored e-mail address must be entered for this purpose.

26.04.2022 Version 5 created by securPharm e. V. 14

The password is sent to the e-mail address stored in the NGDA portal for this operating site.
sent. It is therefore important to keep the e-mail address stored in the NGDA portal up to date.
The securPharm GUI can be reached at: https://securpharm-gui.ngda.de/ .

Who is responsible for connecting to the system?

The responsibility for implementing the legal requirements of the Falsified Medicines Directive
and the Delegated Regulation, which also includes the connection to securPharm via the pharmacy
server, is the responsibility of the pharmacy owner.

What does the connection to the securPharm system cost?

The costs for the pharmacy server amount to € 10 plus VAT per month per business premises.
VAT. The one-time onboarding fee of €125 for public pharmacies is covered by ABDA.
for public pharmacies. In addition, there is a fee of €20 plus VAT for each operating site for the necessary certificate.
certificate with a term of 24 months.

How do I apply for an N-ID for the first time?

The N-Ident registration procedure is divided into three stages. First, an account must be created at
https://ngda.de/ must be created. Then each business establishment for which an N-ID is required must be created in the account.
is required must be created in the account. Finally, the access authorization must be checked.
To do this, the relevant documents must be submitted to the NGDA for verification by uploading the required documents.
uploading the required documents. Once the documents have been successfully checked,
the N-ID can be acquired for the business premises. Once payment has been received, the certifi-
certificate is issued. The PIN for the download is sent to the business premises by post. Subsequently
the certificate can be downloaded and integrated.
The NGDA recommends allowing a period of 4 weeks for the legitimization process described above before opening a pharmacy.
weeks before the opening of a pharmacy.

When do I have to re-legitimize my branch?

Re-legitimization is required every 24 months in connection with the certificate renewal in order to
to prove the continued authorization to use the digital services.

What documents are required for relegitimization?

Pharmacy owners require two documents, the basic operating license and a proof of ac
proof of activity. The authorization must be uploaded to the NGDA portal, the proof of activity
automatically, as the previous use of the securPharm system in the past is recognized.
is recognized.
With the issue of the health professional cards and the introduction of the institution card (SMC-B), the (re)legitimization takes place.
(re-)legitimation will be based on the institution card instead of the pharmacy operating license.
operating license.
Information on initial legitimation can be found in question 2.8.

26.04.2022 Version 5 created by securPharm e. V. 15

Are there any disadvantages if I order a new certificate before the certificate expires?
before the certificate expires?

The certificate has a term of 24 months, which begins with the first download. As
the process of re-legitimization and certificate renewal takes some time, the NGDA recom
NGDA recommends initiating the certificate renewal at an early stage. The pharmacist has a built-in
pharmacist has no disadvantages if he requests a new certificate up to 3 months before the certificate expires and activates it accordingly.
new certificate and activates it accordingly (download and integrate).
The certificate is only displayed as active in the NGDA portal after the first download.

How do I know when an N-ID certificate renewal is due?

NGDA informs you by e-mail in good time before the certificate expires so that the ordering process can be initiated in good time.
order process can be initiated in good time. To receive a reminder, the
contact details in the NGDA portal for the respective business premises must be kept up to date.
It should be noted that the certificate does not have to be downloaded from the NGDA website, but from the pharmacy software.
software must be downloaded. This requires the password (PIN), which pharmacies receive
pharmacies received by letter with the purchase of the N-ID.

What do I have to consider with the N-Ident procedure if I also operate branch pharmacies?
operate branch pharmacies?

A single registration in the NGDA portal is sufficient for owners of several branches.
There, in addition to the main pharmacy, the branch pharmacies can also be created as business premises.
premises. Each branch must be legitimized and requires its own electronic certificate.
certificate. Please ensure that the contact details associated with the respective business premises (e.g. e-mail address) are always up to date.
e-mail address) up to date at all times.

What do I need to bear in mind if I also have a wholesale permit?

If you have an additional wholesale permit, you must apply for an additional wholesale N-ID.
must be applied for. The N-Ident registration procedure is similar to that for a pharmacy N-ID and can be created in the same account.
account. The additional N-ID is necessary because with a wholesale authorization
other activities can be carried out in the securPharm system (e.g. setting the status of a pack to “exported”).
“exported”). An overview of the authorizations, which actor can set which status
can set can be found under question: 3.46.

What do I have to bear in mind if I give up or close my pharmacy?

The current owner of the pharmacy terminates the certificate of the operating center, stating the termination date.
date of termination. The notice of termination is sent by e-mail to kuendigung@ngda.de, stating the
number (APOxxxxxxx), the full address and the date of termination.
date of termination. Please note that, if possible, the e-mail should be sent from the same address
as the e-mail address of the N-Ident account holder. An employee of NGDA will check the termination
the termination and then initiate all the necessary steps.
initiated.

26.04.2022 Version 5 created by securPharm e. V. 16

I have taken over a pharmacy, can I also take over the N-ID?

The existing N-ID certificate cannot be transferred. The registration for an existing pharmacy
existing pharmacy can take place in two ways:
” The new owner has not yet registered a pharmacy with the NGDA.
In this case, the registration of an N-Ident account including the creation of the business premises is necessary.
necessary.
” The new owner already has one or more pharmacies.
In this case, a new business premises must be created within the NGDA portal.

I have taken over/established a pharmacy, but do not yet have a pharmacy operating
license. How can I apply for my N-ID?

If you do not yet have a valid pharmacy operating license at the time of the legitimation request
permit, you can apply for legitimization as a pharmacy with reservations. The following documents are required
the following documents are required:
” the submission of a copy of the application for a pharmacy operating license and the
Proof of permission to operate a pharmacy.
This proof can be
” by means of a copy of the German license to practice pharmacy or
” a certificate of good repute from a chamber of pharmacists that is not older than 6 months
or
” the invoice of a valid certificate from another business establishment.
In this case, the applicant and recipient must be identical.
The legitimization is then limited to 6 weeks. Within this period, a current
operating license must be submitted to cancel this time limit. This presentation is made in the
the same way as for registration by sending the copy to the NGDA using the cover sheet from the
cover sheet from the N-Ident portal.

Why do I receive a PIN letter?

To purchase the N-ID certificate, the pharmacist receives a letter with a password (PIN).
Together with the corresponding N-ID (e.g. APOxxxxxxx), this PIN is required to download and unpack the certificate.
and unpacking the certificate. For this action, most software vendors have developed a
software providers have created a function in the merchandise management system for this action. As soon as the corresponding software update
is installed, the N-ID can be integrated into the software. Only after the first download
the certificate is also displayed as active in the NGDA portal.

26.04.2022 Version 5 created by securPharm e. V. 17

The access data should be stored securely, as they are used not only for certificate renewal
also for the web interface of the securPharm pharmacy server (www.securpharm-gui.ngda.de/)
are required.

How often can I download the certificate?

The certificate can be downloaded up to three times with the current license. For the
For the merchandise management system in the pharmacy, it is sufficient to download the certificate once. The
pharmacy software can then access the securPharm system from all workstations within a business premises.
access the securPharm system.

My download did not work, what do I have to consider?

The NGDA has published the following instructions for downloading the N-ID certificate:
” It is possible to download the certificate three times, failed attempts due to incorrect entry
of the N-ID (APO number) or incorrect PIN entry will not be counted. The spelling of the
N-ID with upper or lower case letters is irrelevant.
” Certificate downloads are not blocked if a subscriber enters the wrong PIN three times.
three times.
” If a P=N is unclear (possibility of confusing “O” and “0” or “l” and “=”), the correct PIN can be determined by trial and error.
correct PIN can be determined by trial and error.
” NGDA does not know the respective PINs and is therefore unfortunately unable to provide any assistance.
” Please note that any existing security infrastructure - such as a firewall - can also prevent the download.
a firewall - can prevent the download.

26.04.2022 Version 5 created by securPharm e. V. 18

3. questions about securPharm in everyday pharmacy life

How can I recognize a prescription-only medicine?

As a rule of thumb, with a few exceptions, the following applies: Prescription-only medicinal products are
subject to verification, i.e. they must be checked with the securPharm system.
Medicinal products requiring verification can also be recognized by the Data Matrix Code
and the data identifiers (PC, SN, LOT, EXP).
The IFA database or the ABDA article master provides precise information on the verification obligation.
article master. The pharmacy’s merchandise management system should, if it uses the ABDA
article master, the pharmacy’s merchandise management system should recognize whether the product is subject to verification.
Exceptions to the verification and write-off obligation can be found under question: 1.8

If all the medicines I dispense that are subject to verification are scanned, does the pharmaceutical industry
will the pharmaceutical industry learn about my sales figures?

No, not at all. securPharm is based on the principle of separate databases for pharmaceutical companies and pharmacies.
pharmaceutical companies and pharmacies. The pharmacy server to which your pharmacy software is connected
pharmacy software is connected to, anonymizes every transaction so that no one knows where the medicine was dispensed.
was dispensed.

I have a pack in front of me without a Data Matrix code. How do I deal with it?

Scan the barcode (“Code 39”). The merchandise management system will, if it can access the
the ABDA article master, will tell you whether this pack must have a Data Matrix code or whether it is a stock item.
or whether it is a stock item that was placed on the market before February 9, 2019.
was placed on the market.

Is it sufficient to scan the PZN barcode instead of the Data Matrix code?

No, because the previous PZN barcode only contains the PZN in machine-readable form.
In addition to the PZN, the Data Matrix Code also contains the serial number of the pack, which is used for verification/authenticity checks.
which is used for verification/authenticity checks against the database. In addition to the
the product code, the batch designation and the expiry date are also transmitted in the Data Matrix Code.
so that these can be recorded electronically in the merchandise management system in future. With
With the introduction of the Data Matrix Code, there is also no longer an obligation to apply the Code 39
on the pack.

What features must be printed on the pack (in plain text)?

Packs subject to mandatory verification must bear two security features: a first-opening
first-opening protection and a Data Matrix Code. In plain text, the data elements
Product code (PC), serial number (SN), batch designation (LOT or CH.-B.) and the
expiry date (EXP, use by, use by) must be applied. Excluded from the regulation
are particularly small packs. Further information can be found on the IFA website.

26.04.2022 Version 5 created by securPharm e. V. 19

A medicine has been verified and booked out. What should I do if I want to take this medicine
want to take it back?

The Delegated Regulation generally stipulates that packs whose status has been set to “dispensed“
may be returned within 10 calendar days as long as the pharmacy’s control area has not been
the controlled area of the pharmacy has not been left. For the return of medicinal products
The provisions of the Pharmacy Operating Regulations continue to apply to the taking back of medicinal products,
as before, is the responsibility of the pharmacist.

Can a medicine that has been booked out be booked back in if the patient was not found at a pharmacy service?
not found during a courier service?

Yes, the courier service is in the pharmacy’s control area, so a medicine that has already been booked out can be returned to the pharmacy within 10 days.
can be booked back into the system within 10 days.

Why can’t I check and write off a pack when I receive it?

The Delegated Regulation stipulates that the authenticity check must be carried out “at the time of supply to the public”.
time of dispensing to the public”, i.e. to the patient. Only the check
only the check immediately before dispensing ensures that the latest information can be used for the
information can be used for the authenticity check, e.g. because a batch may have been recalled in the meantime or
the pack has already been dispensed in another pharmacy.

Can I also scan the Data Matrix code of each pack when I receive the goods and use it for verification?
verify it?

We recommend verifying the Data Matrix code of each pack when the goods are received in order to
possible problems at an early stage. It is important that the pack is not removed from the system
system so that the status remains active. In accordance with
verified (again) immediately before dispensing to the patient in accordance with legal requirements
and the unique identifier must be deactivated.

What happens when I scan the barcode?

When you scan the barcode, your merchandise management system, provided it uses the ABDA
article master, checks whether it is a product subject to verification and assigns the barcode to the product.

26.04.2022 Version 5 created by securPharm e. V. 20

in this case that you must scan the Data Matrix Code.

What data does the Data Matrix Code contain?

The Data Matrix Code contains the product code, which in turn contains the PZN, as well as a
serial number, batch number and expiry date.

Is there a prescribed sequence for the information in plain text?

No. Pharmaceutical companies are free to choose the order of the data elements as long as the required
long as the required data elements product code, serial number, batch number and expiry date are included.
expiry date are included. If the dimensions of the packaging allow, the human-readable data
human-readable data elements are located next to the Data Matrix Code.

How can I tell which Data Matrix Code I need to scan for the authenticity check?
if there are several Data Matrix Codes on the pack?

If there are several Data Matrix Codes on a pack, the Data Matrix Code for the authenticity check is next to the Data
Matrix Code for the authenticity check is marked PPN.

Can a pharmacy dispense a medicine without prior verification if, for example, the In-
ternet, the securPharm system or the power fails?

In the event of temporary technical faults at the time of dispensing, Article 29 of the Delegated
ordinance, it is permitted to dispense medicines (after a sensory check and in the absence of a suspected
suspected case of counterfeiting) and to carry out the verification and write-off subsequently,
as soon as the faults have been rectified. Most software products can send requests to the
securPharm system. This means that the requests are collected and a return
is given as soon as the system is available again. In order to prevent frequent
false alarms due to double logout attempts, repeated logout attempts should be avoided.
attempts should be avoided.
If the buffer function is unavailable, the packages issued during this time must be booked out manually.
cked out manually (subsequently if necessary). To do this, the serial number and product
number and the product code must be noted (or photographed) before dispensing and the pack subsequently
be booked out manually. You can then perform the manual verification and write-off as soon as
the fault has been rectified and the securPharm system is available again, via the graphical user interface of the securPharm system.
user interface of the securPharm pharmacy server (GUI) (https://securpharm-gui.ngda.de/).
to take.

May the first-opening protection be opened for a random test of finished medicinal products in the pharmacy?
be opened in the pharmacy?

As before, pharmacists may open the pack with the tamper-evident seal for testing purposes if they
for testing purposes if they mark the pack accordingly after a positive test. This labeling
This labeling must be explained to the patient before dispensing if necessary. Before opening the pack
the safety features must be checked. However, the unique identifier may only be deactivated when
be deactivated until it is dispensed to the patient.

26.04.2022 Version 5 created by securPharm e. V. 21

What exactly do I have to do as a pharmacist?

Since February 9, 2019, pharmacists have had to deactivate the security features (first-opening protection and
individual identifier) of medicinal products subject to mandatory verification before dispensing them to patients.
to the patient. This means that the unique identifier must be scanned and
scanned and booked out (deactivated) before dispensing to the patient. The first-opening protection must also be
also be checked for integrity by means of a simple visual inspection. Medicines subject to verification
are basically all prescription-only medicinal products that have been available from the manufacturer since
released for sale by the manufacturer since February 9, 2019.

Why should the first verification take place upon receipt of goods?

The first verification upon receipt of goods has two main advantages. On the one hand, pharmacies can
firstly, pharmacies can organize their merchandise management efficiently, as the batch designation and expiry date for the
no longer entered by hand, but can be scanned together with the PZN.
can be scanned together with the PZN. On the other hand, a scan at goods inwards can be used to identify non-dispensable
can be recognized at an early stage - and not only in the presence of the patient - and assigned to the corresponding supplier.
assigned to the appropriate supplier. This allows problems to be solved more immediately and processes can be
processes can run in a more structured way, which also reduces the likelihood of, for example, double check-outs and associated alarms.
and the associated alarms.

In the hustle and bustle, it can happen that a pack is scanned/verified twice by mistake.
twice. Have I destroyed the dispensing capability?

No. The Data Matrix code of a pack can be verified by scanning as often as required.
However, it is important that you only verify the pack and do not book it out of the system.
i.e. deactivate the individual identification feature. However, if this error
error, you can correct it within 10 days. The Delegated Regulation
The Delegated Regulation stipulates that packs whose status has been set to “dispensed” and which have not left the
trolled area of the pharmacy can be returned within 10 days in the same establishment.
may be returned to the same site within 10 days.

Does securPharm also have advantages for my merchandise management?

Yes, the scan of the Data Matrix code enables the regular transfer of batch designations and expiry dates to the ERP system.
and expiry date into the merchandise management system and the clear assignment of a drug detected as not
to the respective supplier. With securPharm, batch and expiry date are available for all
and expiry dates are available in machine-readable form for all medicines subject to mandatory verification.

What is the procedure for dispensing partial quantities?

If the dispensing of partial quantities is prescribed, the pack must be booked out when it is first opened.
be booked out. As part of its contents have been dispensed, it cannot be booked in again.
booked in again. However, the rest of the pack remains generally marketable and can, with a corresponding partial quantity prescription, be booked in again.
can be dispensed in this pharmacy with a corresponding partial quantity prescription.

May the pack data be printed in white letters on a black background (inverse)?

Yes, the Data Matrix Code and the plain text information may be printed in white on a black background.
on a black background is permitted. A suitable and correctly adjusted scanner is capable of reading all approved
read all approved display formats.

26.04.2022 Version 5 created by securPharm e. V. 22

A pack has reached its expiry date. Does it have to be written off when it is destroyed?

No, the pack does not have to be deregistered as this is done automatically by the system at the time of expiry.
automatically at the time of expiry. If a pack that requires verification is destroyed before the expiry date, it must be
expiry date, it must be derecognized.

How do you deal with coded inventory goods that were uploaded for test purposes before the mandatory operation?
for test purposes before mandatory operation?

Inventory goods are goods that were released for distribution by the manufacturer before February 9, 2019
for circulation by the manufacturer before 9 February 2019, but which bear security features that have
have been applied for test purposes. These can cause false alarms in the system under certain circumstances. The proportion of
of coded stock has already fallen significantly, so the problem should occur less frequently.
should occur less frequently. According to the delegated regulation, these goods can generally be disposed of, provided there are no other
reasons to the contrary.

Does a pharmacy have to write off marketable packs that it wants to return to wholesalers beforehand?
to wholesalers beforehand?

No. By deregistering from the securPharm system, the safety feature of a pack is de-
activated, which means it loses its marketability. In the case of a pack that is to be returned to the wholesaler
wholesalers, the safety feature must therefore not be deactivated if the pack is to remain marketable.
the pack is to remain marketable.

May securPharm e. V. provide pharmacies with logs with pack data from the securPharm system, e.g. if they want to know whether they have already checked and booked out a pack or not?
or not?

No. According to the requirements of the Delegated Regulation, securPharm e. V. is allowed to send logs with pack
cked data from the securPharm system only to authorities.

What is the difference between verifying and writing off a pack?

Verification is used to check the status of the pack, whereby the read-out or manually
manually entered pack data is compared with the pack data stored in the system.
stored in the system. A display reflects the status of the pack. A pack can be verified as often as required.
verified as often as required.
The write-off (dispensing) describes the status change of an individual identification feature
from “dispensable” or “active” to “dispensed” or “inactive”. The derecognition therefore deactivates
the individual identification feature. Multiple write-offs lead to an alarm.
Verification can be used to check the status of a pack, while derecognition changes the status of a pack.
changes the status of a pack.

How do I know if my scanner is suitable and working properly?

NGDA has developed a scanner test that should be used to check the settings of all scanners.
should be checked. The configuration of the scanners is important, as this is the only way to ensure that the data is
read out and transmitted correctly during scanning.
With incorrectly configured scanners, it is often observed that the language setting triggers alarms.

26.04.2022 Version 5 created by securPharm e. V. 23

triggers. For example, an English language setting is often preset, so that Y and Z are swapped when reading out.
Y and Z are swapped when reading. In addition, incorrectly set scanners can cause errors when
errors in the transmission of upper and lower case letters. Incorrectly read inverse codes
(white on a dark background) are also a frequent source of errors that can be avoided by configuring the scanner.
can be avoided by configuring the scanner.
To ensure that the scanners in your facility can read the Data Matrix code correctly, please test all scanners.
correctly, please test all scanners (e.g. incoming goods and HV). If you notice any anomalies
or if you have any questions about the configuration of the scanner, the scanner manufacturer or supplier can
of the scanner can provide assistance.
The scanner test is available in the securPharm GUI or at https://www.abda.de/sp .

Can my order picker scan the Data Matrix code?

The supplier of the order picker is the first point of contact. Many providers offer
corresponding updates and conversions.

How long do I have to wait until I receive a response from the system after a scan?
receive?

The Delegated Regulation stipulates that the response time of the system must be less than 300 milliseconds for at least 95% of queries.
queries must be less than 300 milliseconds.
The performance of the data storage system must enable pharmacies to carry out their activities without significant
carry out their activities without any significant delay. However, the response time from the pharmacist’s perspective is also influenced by the
Internet connection between a verifying body and the pharmacy system as well as the internal
internal infrastructure at the verifying site, so that the total duration of the request can exceed 300 milliseconds.
query can exceed 300 milliseconds
If a response takes a disproportionately long time, you can check the availability of the
securPharm system at www.securpharm-status.de/.
Maintenance work on the system is announced on the securPharm website and in the ABDA newsroom.
announced.
If you want to book out a pharmaceutical and the securPharm system, the Internet or the
electricity is not available, please refer to question 3.14.

I am not sure whether I have already had the pack in my hand. What options are there for checking
are there?

Please note that you can check the pack status again at any time (verification) in order to obtain information about the pack.
obtain information about the pack.
Many software companies offer the option of using their software to check previous actions in connection with the delegated
in connection with the Delegated Regulation (status check and change).
to understand. This check is carried out via a protocol or log file. If you have any questions about this
please contact your software manufacturer.

26.04.2022 Version 5 created by securPharm e. V. 24

How is the 10-day chargeback period calculated?

The chargeback period begins at the time of the write-off and ends exactly after 10 calendar days at the same time.
days at the same time.

What aspects must be taken into account when making a chargeback?

A chargeback must be made within the 10-day chargeback period and may only be carried out if the pack
only be carried out if the pack has not left the pharmacy’s control area.
has left the pharmacy. =Once the status of the pack has been set to “stolen” or “destroyed”, a chargeback is no longer possible.
no longer possible. NGDA has no influence on the chargeback and cannot reactivate the pack or change the status.
cannot reactivate the package or extend the expiry date.
Please also consider question 3.7 on the subject of the control area and courier service.

When do hospital pharmacies have to derecognize?

In Article 25 (2) of the Delegated Regulation, hospital pharmacies are given greater freedom for the
pharmacies a greater degree of freedom for the time of derecognition. They are not obliged to book out immediately before
to the patient, but may do so at any time during which the medicinal product is in their physical possession,
time at which the medicine is in their physical possession. However, the condition is that
the medicinal product is not sold between delivery and dispensing to the patient.
3.35 When do pharmacies supplying hospitals have to deregister?
The Federal Ministry of Health has stated that there is no European Commission
Commission on the interpretation of Article 25 (2) of the Delegated Regulation implementing the Falsified Medicines Directive.
the Falsified Medicines Directive. It is under discussion whether pharmacies supplying hospitals - and
pharmacies - as well as hospital pharmacies supplying other hospitals - can also sell physically possessed
pharmacies - as well as hospital pharmacies supplying other hospitals - are allowed to write off medicines in their physical possession at any time before their first use. This
equality with hospital pharmacies had been sought by the German side.
Accordingly, the decision is now to be made by the competent supervisory authority.
authority. It will have to be decided whether, on the basis of a supply contract, the interpretation
that no sale takes place and Article 25 (2) of the Delegated Regulation is applicable.
Regulation is applicable.

Can the “destroyed” or “stolen” status be reversed?

No, the “destroyed” or “stolen” status cannot be reset. The package may
no longer be included in the sales stock.

I have ordered the wrong medicine and would like to return it to the supplier.
Do I have to verify and write off the medicine beforehand?

No, the medicine must not be written off, as the status of the pack in the system remains
must remain “dispensable” (active) in the system. In addition, the pack must not have been opened.
The supplier will check the status and integrity of the first-opening protection when the pack is returned.
of the pack.

26.04.2022 Version 5 created by securPharm e. V. 25

How do I deal with recalls?

Do not deactivate the pack if you return it to the pharmaceutical wholesaler or company for disposal.
wholesaler or company for disposal, unless you are explicitly requested to do so.
Only set the status of a pack to “Destroyed” if you are disposing of it yourself.
Please note that the status change to “Destroyed”, just like “Theft”, cannot be reversed.
cannot be reversed.

What do I do with packs that have passed their expiry date?

If the expiry date has been reached, the system automatically changes the status from active to
inactive. Therefore, no derecognition may take place before disposal. If the pack is nevertheless
is nevertheless booked out before disposal, an alarm is triggered. Verification to check the status
of the status is still possible without risk. The securPharm system then responds with the
that the expiry date has been exceeded and the pack must not be disposed of.

What do I have to consider when disposing of a damaged pack?

If the pack has been damaged in the pharmacy to such an extent that it can no longer be dispensed, the code
the code must be removed from the system before disposal.

The system does not respond or only responds with an error message. How do I recognize whether
the securPharm system is accessible?

You can check the operating status of the securPharm subsystems at www.securpharm-status.de
.

What do I have to bear in mind when medicines are dispensed to other pharmacies by way of
pharmacies?

§ Section 17 para. 6c sentence 1 no. 5 ApBetrO permits the supply of other pharmacies in urgent cases.
In this case, the supplying pharmacy verifies the pack before passing it on, but does not book it out.
out. The receiving pharmacy also verifies the status and then books the pack during the dispensing process.
from the system during the dispensing process. The documentation obligation from Section 17 Para. 6c Sentence
2 ApBetrO (batch number) is met by storing the verification result in the pharmacy systems.
pharmacy systems.

Do I have to write off packs when I deliver them to my branch pharmacy?

No, as with the previous question, the packages are derecognized at the branch pharmacy when they are dispensed to the patient.
the patient.

26.04.2022 Version 5 created by securPharm e. V. 26

Who can help me with questions and problems?

3.45 It is not clear to me whether I am performing a verification or write-off with the scan. What can
can I do?
Depending on the software solution and scanner settings, scanning the package can trigger a verification
or a write-off. The distinction between verification (as often as required) and
write-off (once) is fundamental for the use of the securPharm system. In case of doubt
to find out which process is triggered, there are various procedures:
- Consult the manual/instructions of the scanner supplier/provider or the software.
- To test the scanner, see questions 3.28 and 4.3.
- https://securpharm-gui.ngda.de/, alarm monitoring system and look at the key figures.
If alarms occur frequently due to double write-offs (PCK_19), this indicates handling errors.
handling errors.
- Observe one-time execution of the function/scan and feedback. The package should be
be displayed as “active/deliverable” during verification. Receive this feedback,
this function/scan triggers a simple verification. However, if you receive the
feedback: Deregistration successful / package set to inactive, a
write-off process has been triggered. Taking into account the requirements of the Delegated
Regulation, you can post the package back again in this case. Please also note
that many software companies offer the option of using their software to
actions in connection with the Delegated Regulation (status check and change).
change). This check is carried out via a protocol or log file.
If you have any questions about the display in the software, please contact your provider. If you

26.04.2022 Version 5 created by securPharm e. V. 27

If you have any questions regarding the conversion of the scanner, please contact the provider/supplier of the
scanner.
3.46 How can I reach the NGDA helpdesk?
You can reach the NGDA helpdesk at https://ngda.de/kontakt.php.
Alternatively, you can contact the helpdesk by e-mail, stating a description of the problem, the N-
ID (e.g. APOxxxxxxx) and the pack data (product code, serial number, batch and expiry date).
expiry date).
Please note that the processing of each request is time-consuming and the NGDA does not provide any
status change (alarm status, pack status). It is therefore advisable to
making contact
- Contact the securPharm GUI at https://securPharm-gui.ngda.de/
As well as having checked the following documents for a solution to the problem:
- ABDA securPharm FAQ
- securPharm alarm message: Procedure in the pharmacy (PDF)
- Contact points (see below)

3.47 Which actor can set which pack status?
The manual processes that pharmacies can perform in the GUI are marked with an (m)
symbol. Under certain circumstances, a set pack status can be reset by the same actor.
be reset again. Exceptions to this are the status Theft and Destroy. These
status changes are irrevocable.

26.04.2022 Version 5 created by securPharm e. V. 28

3.48 Does the securPharm system also show me batch recalls for pharmaceuticals?
Yes, batch recalls of pharmaceuticals subject to mandatory verification should be published via
the usual communication channels (AMK, PZ, DAZ) also be displayed in the securPharm system.
system. If there is a contradiction between the securPharm display and the publications, we recommend
between the securPharm advertisement and the publications, we advise you to initially not
and, if necessary, to contact the pharmaceutical company.

26.04.2022 Version 5 created by securPharm e. V. 29

4 Dealing with alarms

What is an alarm or alert?

An alarm or alert is a warning message. This message provides information about a possible
in the system. Depending on the type of alert, different actors within the securPharm system are notified.
securPharm system are notified. Sensitive data is subject to special protection.
The occurrence of such a warning message in the pharmacy initially says nothing about the culprit.
perpetrator. Troubleshooting is necessary to rule out a cause in the pharmacy. The
sources of error include technical errors, incompletely uploaded pack data,
problems with coding, incorrectly set scanners or the pharmacy’s own handling errors (e.g. double booking out of a pack).
double booking out of a pack).

How does an alarm occur in the pharmacy?

In the pharmacy, an alarm can be triggered both when verifying and when changing the status of a
status of a pack (e.g. write-off).
A data comparison takes place during the verification process. The pack data of the pack you have
pack is checked for consistency with the data stored in the securPharm system.
checked for consistency. Verification can be carried out by the scanner or by manually entering the pack data.
pack data manually. If the scanner does not read the data correctly or a typing error
the pack cannot be found in the system. This triggers an alarm,
This triggers an alarm because a pack requiring verification is being processed whose identity is unknown to the legal supply
chain is unknown.
In the event of a status change, the existing pack status is changed, for example from “ready for
dispensable” (active) to “dispensed” (inactive). =However, if the desired pack status has already been set before the change
already set before the change, the attempt to change it triggers an alarm. In practice, this alarm
alarm often appears as a double check-out attempt. The cause may be a handling error,
for example, an inadvertent write-off in goods receipt and then a renewed write-off when the goods are
when dispensing to the patient. From a system point of view, such a process indicates a possible forfeiture.
forgery, as there is a risk that it is a copy of an original pack.
original pack.

What role does my scanner play?

The scanner is an important tool for recording pack information. It facilitates
and speeds up processing when dispensing packs and prevents incorrect entries during manual recording.
when entering information manually.
However, if the scanner is not configured correctly, the pack data is read and transmitted incorrectly.
transmitted incorrectly. This can lead to an alarm because the data read out does not match the data stored in the system.
stored in the system. This error pattern is often seen when upper and lower case
case is not read correctly or the scanner swaps Y and Z (language setting).
lation). In practice, errors also frequently occur when separators are read over or
an inverse Data Matrix code (white on a dark background) is applied to the packaging.

26.04.2022 Version 5 created by securPharm e. V. 30

To check whether the scanners in your pharmacy are set up correctly, please test each of your
scanners, both in the HV and in the back office. The test is possible with the NGDA scanner test.
possible. The current version of the scanner test is available here:
https://ngda.de/loesungen/securpharm/securpharm-scanner.php

What must be observed when entering data manually?

When entering data manually via the securPharm GUI, close attention must be paid to the exact
the exact entry of the pack data. In particular, there is a risk of confusion
with “O” and “0” or “l” and “=”. An incorrect entry will inevitably lead to an alarm, as the requested
data is not stored in the system.
IMT packs cannot be manually checked and booked out via the securPharm GUI.
be booked out.

What is a double check-out attempt?

If a package that has already been booked out is booked out again, an alarm is triggered in the securPharm system.
alarm is triggered in the securPharm system. Each pack can be identified via the stored data (product code, serial no,
batch, expiry date). If a pack is booked out several times, this indicates that it has expired.
because there is only one original pack with this data combination on the legal pharmaceutical market.
pharmaceutical market.
Uncertainty immediately before dispensing as to whether a pack has already been booked out or not can easily arise.
has been booked out or not can easily arise. In this case, however, the pack should not be booked out again
should not be booked out again, because if it has already been booked out, an alarm is triggered. Instead
Instead, the status of the pack should first be checked (verification). When verifying
of a package known to the system, no alarm is triggered. It is generally
processes should be checked and, if necessary, adjustments made to avoid the occurrence of
avoid the occurrence of double check-out attempts.
If you have inadvertently booked out the package twice, you can repeat this process under certain
(e.g. time limit). Please refer to question 3.33.

Who is informed about the alarm?

With every verification process and every status change of a pack, communication takes place between the pharmacy servers.
between the pharmacy server and the pharmaceutical industry database. The
However, the identity of the pharmacy remains hidden from the pharmaceutical industry database.
This also applies in the event of an alarm. The database system of the pharmaceutical
industry database system and the pharmaceutical company to which the alarm-triggering pack belongs,
therefore receive no information about where the alarm was triggered.
If an alarm is triggered, the responsible pharmaceutical company is informed. There the
alarm can be classified. Depending on the assessment, the alarm is automatically forwarded by the securParm.
alarm is automatically forwarded by the securPharm system to the BfArM for further processing. The
BfArM acts as the contact for all supervisory authorities.

26.04.2022 Version 5 created by securPharm e. V. 31

What information is transmitted in the event of an alert?

The responsible pharmaceutical company receives the package data (serial no,
product code, batch number, expiry date), the assigned alarm designation, an individual identi
individual identifier of the alarm incident (alarm ID), the time at which the alarm occurred and the dyna
pseudonymized identifier of the location that triggered the alarm.
If there is an automatic or manual escalation by the pharmacist or the pharmaceutical
pharmacist or the pharmaceutical company, the data from both databases (PU and AP system) are
are merged into one report. The competent supervisory authority has access to this report
report, which is also called the audit trail.
The audit trail contains all information on a pack. This means, in addition to the pack data,
all transactions (including verifications and status changes) and alarm information, the associated
associated times and the corresponding de-pseudonymized system users. Only the authorities
authorities are given the opportunity to identify the individual pharmacy.
Please also refer to question 4.21 on the subject of access to information by authorities.

How is the alarm displayed in the software/merchandise management system?

An alarm is always displayed directly in the software when it occurs, i.e. in the event of an incorrect
verification process or an unsuccessful status change. Depending on the software house
the display of the “red traffic light” differs. A warning window is often opened.
The scope of the information displayed for the alarm also differs depending on the software house.
house.
Historical alarms can be displayed by many software manufacturers using an automatically managed
log in the software/merchandise management system. Please also note the
securPharm GUI, question: 4.9.
If you have any questions regarding the display and functional scope of the software products, please
please contact your software manufacturer directly.

Where can I get more information about an alarm?

In addition to the feedback from the securPharm system, you will find further information below on the
Classification of an alarm. To find the cause of an alarm, the following can be helpful
can be helpful:
- securPharm GUI: https://securpharm-gui.ngda.de/, especially alarm monitoring
system by providing further information on each alarm, such as the type of action that triggered it
(verification or write-off) is listed for each alarm.
- securPharm alarm message: Procedure in the pharmacy (PDF)
- Software function (if available): Transaction history for verification and
write-off (protocol or log file).
If the cause of the alarm has been found and there are no further indications of a non

26.04.2022 Version 5 created by securPharm e. V. 32

dispensability (e.g. published recall, first-opening protection, other aspects) and
the pack status is active, the pack can be booked out and released to the public.
be released to the public.
The securPharm GUI is available at the following link: https://securpharm-gui.ngda.de/

How do you deal with packs whose authenticity could not be successfully verified
or a status change is not successful?

In principle, a pack whose verification is negative may not be dispensed and must be separated.
and must be separated. In order to confirm or refute the suspicion of a counterfeit, an error analysis must be carried out.
an error analysis must be carried out. It is therefore essential that pharmacists actively
actively deal with the error messages that occur in their pharmacy and get to the bottom of the causes.
the causes. In parallel, the responsible pharmaceutical company can initiate an investigation.
investigation.
The result of the pharmaceutical company’s analysis (alarm status and, if applicable, comma
tary) can be checked via the alarm monitoring in the securPharm GUI (https://securpharm-gui.ngda.de/) using the alarm status.
can be checked using the alarm status. If the analysis in the pharmacy shows that there are no good
reasons for the assumption that a technical error or own handling errors (e.g. accidental
the alarm is due to a technical error or the pharmacy’s own handling errors (e.g. accidental write-off in incoming goods), the pack must
must continue to be separated and the official reporting channels must be followed.
If the suspicion of counterfeiting is invalidated by the error analysis and there are no further
evidence of counterfeiting, the pack can be released again. Please note that
only “dispensable” (active) packs can be booked out and dispensed. Make sure
the pack status by scanning (verifying) the pack and only then pick up the pack again.
only then add the pack to the sales stock again.
You can receive support in analyzing an alarm message with the working aid from the Federal
of the German Chamber of Pharmacists: “securPharm alarm message - procedure in the pharmacy”. This docu
This document is available at http://www.abda.de/sp (securPharm in practice).

How is an alarm checked by the responsible pharmaceutical entrepreneur?

After the occurrence of an alarm, the alarm can be reviewed by the responsible pharmaceutical entrepreneur within a time window of seven calendar days.
days by the responsible pharmaceutical company. If the responsible
If the responsible pharmaceutical company determines that it is a false alarm within the time window, it is classified as such and thus de-escalated.
and thus de-escalated. If no reason for a false alarm is found, the alarm must be classified as a po-
tential case of suspected falsification and therefore escalated. If no assessment is made within the
If no assessment is made within the deadline, the alarm is also automatically escalated.
Please note that the pharmaceutical company may only escalate the alarm in the event of errors that it has
errors (e.g. missing data upload, incorrect expiry date uploaded, incorrectly printed pack, etc.).
printed pack, etc.) can only be de-escalated. It is therefore all the more important that you
check the scanner settings and adjust the processes if necessary.
adjust the processes.

26.04.2022 Version 5 created by securPharm e. V. 33

If an escalation occurs, the alarm message is forwarded by the securPharm system to the BfArM.
forwarded. The BfArM acts as the contact for all supervisory authorities.
Please note any reporting obligations that exist independently of the evaluation by the phar
pharmaceutical company.
Please also consider the following question on the subject of reporting to authorities: 4.19.

May a pack that has triggered an alarm be returned to the sales stock before the competent
before the review by the responsible pharmaceutical company has been completed?
has been completed?

The package status, the first-opening protection and the assessment of the responsible
first-opening protection and the pharmacist’s assessment.
If, after careful analysis in the pharmacy, there are good reasons to assume that a
technical error or own handling errors (e.g. inadvertent write-off in the incoming goods department) were
the alarm and there are no other indications of counterfeiting, the suspicion can be ruled out.
counterfeiting, the suspicion of counterfeiting can also be refuted without the pharmaceutical
company can be refuted. Manual verification, the transaction overview in the software and the
overview in the software as well as the alarm monitoring in the securPharm GUI can be helpful here.
(https://securpharm-gui.ngda.de/).
In addition to the error analysis and the pharmacist’s assessment of the suspected counterfeit case
the pack status in the securPharm system is relevant for the assessment of dispensability. Only
packs that have the status “dispensable” may be included in the sales inventory.
be included in the sales stock.
In this context, please also refer to the securPharm alarm message - procedure in the pharmacy.
in the pharmacy. This document is available at http://www.abda.de/sp (securPharm in
in practice). Please also note the question: 4.11.
In this context, also consider the topic of chargebacks, question: 3.6.

What is the difference between alarm status and pack status?

The status of the alarm expresses whether an alarm could indicate an actual suspected case of counterfeiting
or whether a false alarm has been triggered. The status of the pack determines whether
the pack is “dispensable” (active) or not, whereby other factors can restrict the dispensability despite the
active status. The pack status and alarm status can be monitored via the pharmacy
the pharmacy software and the securPharm GUI.

Is a pack automatically unfit for dispensing due to an escalation?

In addition to the pack status, the pharmacist’s assessment, taking all information into account, is decisive.
information is decisive. Depending on the case, the pack may or may not be dispensable.
Please also consider question: 4.10.

26.04.2022 Version 5 created by securPharm e. V. 34

What is the securPharm GUI?

The securPharm GUI is the web interface of the securPharm pharmacy server of the NGDA. GUI
stands for Graphical User Interface. The pharmacist can access the following functions via the GUI
the pharmacist can access the following functions:
a) Manual verification and write-off of medicines requiring verification.
This option allows you to manually verify medicines subject to mandatory verification
and the option to change the status of the pack. This function is particularly useful in the event of
in the merchandise management system.
b) Alarm monitoring
The alarm monitoring system provides you with an overview of alarms that have occurred in your pharmacy and
pharmacy and information on the evaluation of the alarm. With the help of a search and sorting function
individual alarms can be filtered out. This information can be helpful to clarify alarms
and to detect and avoid sources of error.
c) Key figures
The key figures function makes it possible to track the number of
of verifications and write-offs carried out as well as the type and quantity of your own alarms.
alarms.
This provides a simple and comprehensible overview of all transactions of a business premises
The securPharm GUI is available at the following link: https://securpharm-gui.ngda.de/
Please also refer to the GUI alarm monitoring documentation, which you can find in the GUI under the
tab: “:help”.

Where can I view all transactions (verifications and status changes) of my business premises?
retrieve?

Many software houses offer the option of using their software to view the previous actions in connection with the Delegated Regulation.
in connection with the Delegated Regulation (status verification and change).
to understand. This check is carried out via a protocol or log file. If you have any questions about this
please contact your software manufacturer.
Exemplary representation:

26.04.2022 Version 5 created by securPharm e. V. 35

When is a suspected counterfeit case reported to the authorities by the securPharm system?
authorities?

After an alarm has occurred in the system, this alarm can be reported to the authorities by the responsible pharmaceutical
pharmaceutical company within a time window of seven calendar days.
days. The result can be viewed in the securPharm GUI in the respective alarm status. If the pharmaceutical
pharmaceutical entrepreneur determines within this time window that it is a false alarm
is a false alarm, it is classified as such and thus de-escalated. De-escalation eliminates the need for au
automatic notification by the system. If no reason for a false alarm is found, the alarm must be
the alarm must be classified as a potential case of suspected falsification and therefore escalated. If
If no assessment is made within the deadline, the alarm is also escalated automatically.
If an escalation occurs, the alarm message is forwarded by the securPharm system to the BfArM.
forwarded. The BfArM acts as the contact for all supervisory authorities.
In this context, please note that the responsible supervisory authorities have a right to all informa
information necessary to check compliance with the Delegated Regulation. Not applicable
If a notification by the pharmacist or the securPharm system is omitted, the supervisory authorities may nevertheless
authorities can still view all information (including transactions and alarms) for this pack.
alarms.

When do I have to report an alarm to the authorities?

An alarm could always indicate a counterfeit. You should therefore act immediately. Investigate
Investigate the package and the alarm, using all the information available to you.
information available to you (e.g. assessment of the alarm status by the responsible company, manual input and
and scanner test or the transaction history in the software if available).
Pursuant to Section 21 (6) ApBetrO, the legislator permits the internal investigation (7 calendar
days) by the responsible pharmaceutical entrepreneur before a report must be made to the authorities.
the authorities.
If, during the parallel investigation by the pharmacist, there are increasing indications that the product
that it really could be a counterfeit, there is an immediate obligation to report to the authorities and the
the authorities and the AMK: The 7 days do not have to be waited for.
In the case of unclear error reports, please refer to the working aid of the Federal Chamber of Pharmacists
kammer: securPharm Alarm message - Procedure in the pharmacy. You can obtain this document
at http://www.abda.de/sp .

What information does the authority have access to?

Competent supervisory authorities have a right to all information necessary to verify compliance with the Delegated Regulation.
compliance with the Delegated Regulation. This includes information on alerts, but
the transaction history of a package, including verifications and write-offs. To obtain the
information from the data repository, securPharm performs a de-pseudonymization of the originating
mization of the originating entity to the authorities. The identity of the pharmacy remains
remains hidden from the database of the pharmaceutical industry.

26.04.2022 Version 5 created by securPharm e. V. 36

Up to now, the supervisory authorities have gained access by individually querying the so-called
audit trails and the alarm ID via the securPharm office.
In the future, this process will be automated and authorities will have direct access. Potential
potential violations of the Falsified Medicines Directive can be traced even more easily and comprehensively.
more easily and comprehensively. ABDA and its member organizations will inform you in advance of this automation step.
about this automation step.
Please also note the following question on the subject of reporting to authorities: 4.7.

Why should you deal with the securPharm system and the alarms in the pharmacy?
the pharmacy?

In addition to fulfilling the legal requirements, each individual user contributes to maintaining the high level of safety in the legal pharmaceutical trade.
safety level in the legal pharmaceutical trade.
For the anti-counterfeiting system to work, any alarms that occur must be registered and categorized.
classified. The key question here is whether the alarm indicates a counterfeit or a false alarm.
a false alarm.
So investigate the cause and familiarize yourself even more with the securPharm system.
system: “What does the error code that appears when scanning or changing the status of the pack mean?
“How do I recognize a package that has been booked out twice?”; “Is the scanner set up correctly?“
correctly set?”; “Which alarms indicate an incomplete data upload?”; “What is the
securPharm-GU=?”, “Who can help me with problems and questions?“
Bear in mind that every alarm causes additional work and can make it difficult to provide timely care to the patient.
can make it more difficult to provide prompt care. In addition, many false alarms are avoidable. Therefore, try to prevent false
alarms from occurring in the first place. Take action, check the settings of the scanner
scanner settings and adjust the action sequences if necessary.
Last but not least, do not forget to book out the pack immediately before handing it to the patient.
to the patient.

Does the securPharm system report a suspected falsification to the supervisory authority?

4.21: Does the securPharm system report a suspected case of counterfeiting to the supervisory authority?
Alarms are always stored in the securPharm system so that they are available for processing by the authorities.
available for processing by the authorities. Authorities that receive a suspected falsified
reported by market participants using the data from the securPharm system
from the securPharm system currently still have to inquire with securPharm to obtain the corresponding audit trails.
receive the corresponding audit trails. After the planned connection of the authorities to the securPharm system, they will have
will then have direct access to the data from the system.
It is also planned that the securPharm system will provide the Federal Institute for Drugs and
Medical Devices (BfArM) automatically as soon as an alarm is escalated in the system.
The BfArM then coordinates the cases in consultation with the Paul Ehrlich Institute (PEI), enters them
into its own official counterfeit database and informs the supervisory authority responsible for the pharmaceutical
competent supervisory authority for the pharmaceutical company.

26.04.2022 Version 5 created by securPharm e. V. 37

The notification by the securPharm system is an additional notification that does not replace the previous
replace the previous reporting obligations of the market players. The previous reporting obligations continue to apply in the event of
a well-founded suspicion of falsification.
4.22 What warning messages are there?
There are various warning notifications that differ in terms of their criticality. The highest
warning message is an alert message.
Alert messages always indicate a potential suspicion of counterfeiting.
These warning messages are alarm messages

26.04.2022 Version 5 created by securPharm e. V. 38

These warning messages do not constitute an alarm, but should still be considered by the pharmacist
be considered:

The error codes displayed in the ERP system may differ from the error codes in the GUI
may differ. However, the core information is the same.
The table is taken from the GUI help documentation. You can find this and further
information in the securPharm GUI at: https://securpharm-gui.ngda.de/

4.23 What alarm statuses are available?
The alarm status is only displayed in the GUI.
Please note that the pharmaceutical entrepreneur only has to report alarms in the event of errors caused by himself or
known errors (e.g. missing data upload, incorrect expiry date uploaded, incorrectly printed pack, etc.).
incorrectly printed pack, etc.) can carry out a de-escalation.
The alarm status is additional information to evaluate the alarm and thus also the dispensability of the pack.
of the pack.
Alarm status “Created”: The alarm is being processed, the classification has not yet been
yet. The time limit of 7 days has not yet expired.
Alarm status “De-escalated/resolved”: The alarm has been classified as unfounded. (reversible)
Alarm status “Escalated”: The alarm has been forwarded to the Federal Institute for Drugs and
Medical Devices (BfArM).
The “De-escalated/resolved” status is not final. This means that the alarm status of an already
de-escalated alarm can be changed again.
Advance notice: In the future, pharmacists will also be enabled to report handling errors
PCK_19 and PCK_22) to classify the alarm status. However, the technical requirements
for this still need to be implemented.

26.04.2022 Version 5 created by securPharm e. V. 39

4.24 Where should medicinal products be stored that have triggered an alarm and for which
no immediate technical cause or handling error could be found?
could be found?
As long as no cause for the alarm has been found, the pack must be separated and must not be
not be returned. It is advisable to designate an appropriate storage location for
(temporarily) non-dispensable packs. This location should be labeled accordingly
so that the entire team knows that this pack must not be dispensed until the alarm has been resolved.
be dispensed until the alarm has been resolved. Always observe the 10-day chargeback period, for example in the case of
Alarms caused by double write-off attempts.
If a comprehensive examination of the pack confirms the suspicion that it could be
counterfeit, the pack must be placed in a secure (locked) storage area until a decision is made on how to proceed.
quarantine storage facility (lockable) and labeled as such until a decision has been made on how to proceed.
and labeled as such.
Please also observe the documentation and reporting obligations.
4.25 How do I store medicines that are suspected of being counterfeit?
Medicinal products which, after an intensive examination of the packaging and taking into account all
information, are suspected of being counterfeited must be separated and stored in a
separately labeled and secured storage location.
A suitable storage location is, for example, a lockable (secured) cupboard compartment or an appropriate
box that is used exclusively for medicines suspected of being counterfeit (separately) and
(separately) and labeled with a label such as “Medicines under suspicion of counterfeiting”.
(labeled). In order to avoid confusion with dispensable medicinal products,
medicines, this “quarantine storage” should be in a constant location and always available, even if
always available, even if no medicinal products under concrete suspicion of
medicines suspected of being falsified are stored there (permanently).
In the event of immediate suspicion of counterfeiting, also observe the documentation and
reporting obligations

Phar­maci­es

Role in the sys­tem

Sys­tem access

Sys­tem access

Mitteilungen

Updated BAK working aid

Alarm pro­ces­sing as an important pie­ce of the puz­zle: sup­port for offi­ci­al recon­nais­sance

Recom­men­da­ti­ons from the Ger­man Fede­ral Cham­ber of Phar­macists on how to prepa­re for a power fail­ure in phar­maci­es (Decem­ber 2022)

secur­Ph­arm-FAQ der ABDA

Inspec­tions (July 2020)

Prac­ti­cal examp­les and tips ( Febru­ary 2019)

Find a contact

Questions and Answers(ABDA)

Why do we need a pro­tec­tion sys­tem for medi­ci­nes?

Who is secur­Ph­arm e.V.?

How can phar­maci­es par­ti­ci­pa­te in secur­Ph­arm?

Who can con­nect to the phar­ma­cy sys­tem?

What secu­ri­ty fea­tures does the Fal­si­fied Medi­ci­nes Direc­ti­ve requi­re?

What does the uni­que iden­ti­fier look like?

When did the con­nec­tion to the secur­Ph­arm sys­tem and the authen­ti­ci­ty check beco­me man­da­to­ry?man­da­to­ry?

To which medi­ci­nes do the new safe­ty mea­su­res app­ly?

Can OTCs vol­un­t­a­ri­ly car­ry a Data Matrix Code?

May OTCs vol­un­t­a­ri­ly car­ry first-ope­ning pro­tec­tion?

How does the secur­Ph­arm sys­tem for the veri­fi­ca­ti­on of medi­cinal pro­ducts work?

Why are the­re two sub­sys­tems?

Why is this sys­tem also cal­led an “end-to-end sys­tem”?

Why is the Data Matrix Code used for this sys­tem?

Do par­al­lel imports car­ry Ger­man or for­eign coding?

How are for­eign packs hand­led?

What data is gene­ra­ted when end users use the secur­Ph­arm sys­tem?

What is the Euro­pean hub?

Which count­ries are con­nec­ted to the Euro­pean hub?

Who is the EMVO?

What is the EMVS?

How are the secu­ri­ty fea­tures inten­ded to increase coun­ter­feit pro­tec­tion?

Deal­ing with packs that car­ry a second Data Matrix code, e.g. for medi­ci­nes manu­fac­tu­red and packa­ged in India.manu­fac­tu­red and packa­ged in India?

Whe­re can I find out which coun­ter­feits have been detec­ted by the secur­Ph­arm sys­tem?

What are the requi­re­ments for using the secur­Ph­arm sys­tem?

What is the NGDA por­tal?

What is the N-ID?

What can be done if dif­fi­cul­ties ari­se when log­ging into the NGDA por­tal?

What can I do if I have dif­fi­cul­ties log­ging in to the secur­Ph­arm GUI?

Who is respon­si­ble for con­nec­ting to the sys­tem?

What does the con­nec­tion to the secur­Ph­arm sys­tem cost?

How do I app­ly for an N-ID for the first time?

When do I have to re-legi­ti­mi­ze my branch?

What docu­ments are requi­red for rele­gi­ti­miza­ti­on?

Are the­re any dis­ad­van­ta­ges if I order a new cer­ti­fi­ca­te befo­re the cer­ti­fi­ca­te expi­res?befo­re the cer­ti­fi­ca­te expi­res?

How do I know when an N-ID cer­ti­fi­ca­te rene­wal is due?

What do I have to con­sider with the N-Ident pro­ce­du­re if I also ope­ra­te branch phar­maci­es?ope­ra­te branch phar­maci­es?

What do I need to bear in mind if I also have a who­le­sa­le per­mit?

What do I have to bear in mind if I give up or clo­se my phar­ma­cy?

I have taken over a phar­ma­cy, can I also take over the N-ID?

I have taken over/established a phar­ma­cy, but do not yet have a phar­ma­cy ope­ra­tinglicen­se. How can I app­ly for my N-ID?

Why do I recei­ve a PIN let­ter?

How often can I down­load the cer­ti­fi­ca­te?

My down­load did not work, what do I have to con­sider?

How can I reco­gni­ze a pre­scrip­ti­on-only medi­ci­ne?

If all the medi­ci­nes I dis­pen­se that are sub­ject to veri­fi­ca­ti­on are scan­ned, does the phar­maceu­ti­cal indus­trywill the phar­maceu­ti­cal indus­try learn about my sales figu­res?

I have a pack in front of me wit­hout a Data Matrix code. How do I deal with it?

Is it suf­fi­ci­ent to scan the PZN bar­code ins­tead of the Data Matrix code?

What fea­tures must be prin­ted on the pack (in plain text)?

A medi­ci­ne has been veri­fied and boo­ked out. What should I do if I want to take this medi­ci­newant to take it back?

Can a medi­ci­ne that has been boo­ked out be boo­ked back in if the pati­ent was not found at a phar­ma­cy ser­vice?not found during a cou­rier ser­vice?

Why can’t I check and wri­te off a pack when I recei­ve it?

Can I also scan the Data Matrix code of each pack when I recei­ve the goods and use it for veri­fi­ca­ti­on?veri­fy it?

What hap­pens when I scan the bar­code?

What data does the Data Matrix Code con­tain?

Is the­re a pre­scri­bed sequence for the infor­ma­ti­on in plain text?

How can I tell which Data Matrix Code I need to scan for the authen­ti­ci­ty check?if the­re are seve­ral Data Matrix Codes on the pack?

Can a phar­ma­cy dis­pen­se a medi­ci­ne wit­hout pri­or veri­fi­ca­ti­on if, for exam­p­le, the In-ter­net, the secur­Ph­arm sys­tem or the power fails?

May the first-ope­ning pro­tec­tion be ope­ned for a ran­dom test of finis­hed medi­cinal pro­ducts in the phar­ma­cy?be ope­ned in the phar­ma­cy?

What exact­ly do I have to do as a phar­macist?

Why should the first veri­fi­ca­ti­on take place upon receipt of goods?

In the hust­le and bust­le, it can hap­pen that a pack is scanned/verified twice by mista­ke.twice. Have I des­troy­ed the dis­pen­sing capa­bi­li­ty?

Does secur­Ph­arm also have advan­ta­ges for my mer­chan­di­se manage­ment?

What is the pro­ce­du­re for dis­pen­sing par­ti­al quan­ti­ties?

May the pack data be prin­ted in white let­ters on a black back­ground (inver­se)?

A pack has rea­ched its expiry date. Does it have to be writ­ten off when it is des­troy­ed?

How do you deal with coded inven­to­ry goods that were uploa­ded for test pur­po­ses befo­re the man­da­to­ry ope­ra­ti­on?for test pur­po­ses befo­re man­da­to­ry ope­ra­ti­on?

Pharmacies

Role in the system

System access