Pharmaceutical wholesalers
Role in the system
Since February 9, 2019, pharmaceutical wholesalers have been verifying the authenticity of the unique identifier of pharmaceutical packages in their physical possession by scanning the Data Matrix Code and the resulting comparison with the securPharm system. At the very least, they must check medicines,
- that are returned by pharmacies or another pharmaceutical wholesaler .
- which they receive from another wholesaler who is neither the manufacturer nor the wholesaler with a marketing authorization nor a wholesaler designated by the marketing authorization holder by means of a written contract to store and distribute on his behalf the medicinal products covered by his marketing authorization.
In addition, wholesalers must derecognize the unique identifier for medicinal products,
- that are to be distributed outside the EU .
- that have been returned to the wholesaler and cannot be included in the saleable stock, e.g. in the case of returns due to a recall
- that are destined for destruction.
- which are requested by the authority for rehearsal .
- that are supplied to persons who are authorized and entitled to dispense medicinal products but who do not work in a healthcare facility or pharmacy, as well as to veterinarians, dentists, the German Armed Forces, the police, government institutions, universities or other higher education institutions in accordance with Section 6 (1a) of the German Medicinal Products Trade Ordinance .
In order to inform the stakeholders, securPharm e. V. has prepared and sent a letter to all pharmaceutical wholesalers
.The EU Commission lists the obligations of the individual parties involved in the implementation of the Falsified Medicines Directive in the letter of October 18, 2018
.System access
Wholesalers connect to the securPharm system via the pharmacy system. The pharmacy system is operated by NGDA - Netzwerkgesellschaft deutscher Apotheker mbH. Information on the technical and contractual specifications is available via the service portal of NGDA available. More about the NGDA at www.ngda.de.
System access
The checklist provides an initial overview of the connection to the securPharm system and important topics for implementing the Falsified Medicines Directive.
Mitteilungen
Alarm processing as an important piece of the puzzle: support for official reconnaissance
From May 19, 2025, all authorities that already have access to the securPharm system will have access to an additional module: the National Alert Management System (NAMS).
Many system actions can be tracked with the help of so-called authority reports, but this is not possible in all cases. Especially in …
Inspections
On January 22, 2020, the EU Commission issued an Aide Memoire on the inspection of wholesalers regarding the implementation of the Anti-Counterfeiting Directive and the Delegated Regulation.…
Practical examples and illustrated tips (February 2019)
Practical examples and illustrated instructions are summarized in the document Instructions on first-opening protection and the Data Matrix Code.…
Ansprechpartner finden
Haben Sie Fragen oder brauchen Sie Hilfe? Unsere Übersicht hilft Ihnen, den richtigen Ansprechpartner zu finden. Dieser kann Ihnen dann weiterhelfen. Behörden wenden sich bitte direkt an den securPharm e.V.
Kontakt aufnehmenFragen und Antworten
Why do we need a protection system for medicines?
There are hardly any counterfeits in the
legal supply chain.
So far, there have only rarely been counterfeit medicines in the legal supply chain. The availability of well
of well-made counterfeits increases the risk. The protection system has therefore been
introduced to maintain and further improve the high level of safety in the legal pharmaceutical trade.
further improve it.
Who is securPharm e.V.?
securPharm e. V. is the German organization for the authentication of pharmaceuticals and
responsible for the operation of the system for the authentication of medicinal products. The association
was founded to implement the EU Falsified Medicines Directive 2011/62/EU and Delegated Regulation (EU) No. 2016/EU.
(EU) No. 2016/161 by ABDA, BAH, BPI, PHAGRO and the vfa. The founding
Avoxa - Mediengruppe Deutscher Apotheker GmbH and IFA Informationsstelle für Arzneimittel GmbH are also founding members.
- Informationsstelle für Arzneimittel GmbH. securPharm operates as a non-profit organization.
organization. securPharm is the German component of the EU-wide EMVS network against counterfeit drugs.
counterfeit medicines.
How can Verifying Bodies connect to the securPharm system?
Verifying entities connect to the securPharm system via the pharmacy server. The
technical implementation is carried out by the software partner. The operator of the pharmacy server is
Netzgesellschaft deutscher Apotheker mbH (NGDA), a 100% subsidiary of Avoxa.
NGDA is responsible for the legitimization and connection of the participants (pharmacists, wholesalers,
health care facilities).
Who can connect to the pharmacy system?
All players affected by the Falsified Medicines Directive and who are not pharmaceutical companies can join the pharmacy system.
and are not pharmaceutical companies, in particular public pharmacies, hospitals and pharmaceutical wholesalers,
hospitals and pharmaceutical wholesalers.
What security features does the Falsified Medicines Directive require?
Since February 9, 2019, the Falsified Medicines Directive has stipulated two new security features
on the packaging of prescription medicines. A first-opening protection (anti
tampering device), which indicates whether a pack has already been opened, is intended to
guarantee that the contents of the pack are genuine. An individual identification feature (Unique
identifier) is intended to make each pack uniquely identifiable.
What does the unique identifier look like?
The unique identifier is a data matrix code in which the individual serial number, the product code, the charac
number, the product code, the batch designation and the expiry date. In addition
this information is also printed in plain text on the pack.
30.06.2021 Version 1 created by securPharm e. V. 6
Since when have the connection to the securPharm system and the authenticity check been
mandatory?
Medicinal products subject to mandatory verification that have been released for marketing by the manufacturer since February 9, 2019
may only be dispensed after successful authentication.
Medicinal products that were released for marketing before the cut-off date may be supplied until the end of their
expiry date without the safety features and therefore without authentication.
and therefore without authenticity testing.
Which medicinal products are subject to the new safety measures?
In principle, the new requirements apply to all prescription-only medicinal products for human use
with the exception of medicinal products on the so-called white list (Annex I to the Delegated Regulation).
listed medicinal products. The white list is a list of prescription-only medicinal products and medicinal product
categories of medicinal products that may not bear the safety features. This list contains 14
product categories, including homeopathics, allergen extracts, contrast media and parenteral nutrition solutions.
solutions for parenteral nutrition. Non-prescription medicines may not bear the
safety features. Exceptions are the medicinal products listed in the Black List (Annex II to the Delegated
Regulation). The Black List is a list of non-prescription medicinal products and
The Black List is a list of non-prescription medicines and categories of medicines that must bear the safety features.
So far, only omeprazole is included in two different strengths.
Can OTCs voluntarily carry a Data Matrix Code?
According to the EU Commission, the application of a Data Matrix Code to OTC packs is permitted as long as the Data Matrix Code does not contain any serial numbers.
the Data Matrix Code does not contain a serial number, the product code, expiry date and batch
date and batch number can be included in a machine-readable form. Voluntary participation in the
in the authentication of medicinal products is not possible.
May OTCs voluntarily carry first-opening protection?
In an announcement dated April 11, 2017, the PEI and BfArM (BAnz AT 26.04.2017 B3.) clarified
that OTC packs may bear a first-opening protection on a voluntary basis.
How does the securPharm system for the verification of medicinal products work?
During the production process, the pharmaceutical manufacturer provides each pack of a medicinal product subject to verification
pharmaceutical product with an individual serial number. This serial number is stored together
together with the product code (as PPN or NTIN wrapped PZN), batch designation and expiry date in the Data Matrix Code (and
date in the Data Matrix Code (and also in plain text) on the pack. At the same time
This information is uploaded to the database system of the pharmaceutical industry.
To verify the authenticity of a pack, the Data Matrix Code of the pack is scanned by the verifier.
scanned by the verifying body. This triggers a check of the serial number and product code
against the database of the pharmaceutical industry. The verification requests are
forwarded anonymously via the pharmacy server. The status of a pack recorded in this database
status of a pack is reported back to the verifying body. If the pack is dispensed after
positive feedback, the status is set to “dispensed”. If a
second pack with an identical serial and product number is verified, it will be noted that it has already been
this has already been dispensed.
30.06.2021 Version 1 created by securPharm e. V. 7
Why are there two subsystems?
The German stakeholders have opted for a system that consists of distributed data
banks for pharmacies and pharmaceutical companies. The design of a
model ensures special protection of sensitive data, as data for the verification processes (verification and
for the verification processes (verification and status changes) are only exchanged anonymously. The
The subsystems are also operated by different companies. The database
system for pharmaceutical companies is operated by ACS PharmaProtect GmbH, a company of the pharmaceutical
of the pharmaceutical associations. The database system for the pharmaceutical industry
all pharmaceutical companies whose products are subject to the verification obligation.
subject to the verification obligation. The pharmacy server is operated by Netzgesellschaft Deutscher Apotheker
mbH (NGDA).
Why is this system also called an “end-to-end system”?
The pharmaceutical company creates a safety feature at one end of the supply chain - when packaging the medicine.
the drug - while at the other end of the chain - before dispensing to the patient in the pharmacy - this
to the patient in the pharmacy - this safety feature is verified and the serial number is
written out.
Why is the Data Matrix Code used for this system?
Two-dimensional barcodes can hold a lot of data (e.g. in addition to the product code including PZN
serial number, the batch designation and the expiry date) and display them with a very small
space requirement.
Do parallel imports carry German or foreign coding?
Parallel imports carry German coding in the German market. Parallel importers must
the unique identifier of the product they market under their own name from the system of the original market.
from the system of the original market and book it out. They then
position as a pharmaceutical entrepreneur and create a new unique identifier, which they enter in the
which they upload to the securPharm system.
How are foreign packs (individual imports) handled?
Foreign packs must be handled in the same way as German packs. The scan of the Data
matrix code triggers a verification request, which is forwarded via the European hub to the respective national
national system in which the pack data is stored. This process is also known as
The process is also known as an IMT (Intermarket Transaction). For example, verify the packs uploaded to the
Spanish system, the verification request is forwarded to the Spanish system via the European hub.
forwarded to the Spanish national verification system via the European hub. Individual imports
from a European country in which the medicine is not subject to mandatory verification are also
are not subject to the verification obligation in Germany.
What data is generated when end users use the securPharm system?
When a pack is verified or booked out, a request is sent to the pharmacy system
(AP system) is sent. N-ID (i.e. the pseudonymized user ID/APO-
number), the time stamp, the action/process and the pack data contained in the Data Matrix Code
Data Matrix Code (PC, SN, LOT, EXP) are transmitted. Only NGDA has access to this data. From the
30.06.2021 Version 1 created by securPharm e. V. 8
APS, the request is forwarded to the database of the pharmaceutical industry (PU system)
is forwarded. However, the identity of a verifying body remains hidden from the PU system
because all requests are forwarded anonymously under a special NGDA user ID.
Personal data is not transmitted to the PU system. The query is used exclusively
to compare the information read out (safety features of the pack) with the data stored in the
data stored in the system for the respective pack. The data exchange allows the authenticity of the
authenticity of the medicine can be verified.
Every request to the databases is saved. This enables the responsible supervisory
authorities to investigate a suspected case of falsification and compliance with the Delegated Regulation.
investigation.
What is the European hub?
The European hub is needed to enable cross-border flows of goods. It
networks the verification systems of the individual member states with each other, so that every package
pack of medicines bearing the safety features can be checked in every pharmacy in Europe.
pharmacy in Europe. In addition, pharmaceutical companies upload the pack data to the European hub (EU hub).
hub) to upload the pack data to the respective national system. The operator of the EU Hub is EMVO,
the European Medicines Verification Organization. More about EMVO at https://emvo-
medicines.eu/
Which countries are connected to the European hub?
The authentication systems of the EU member states as well as Iceland, Liechtenstein, Norway, Northern
member states as well as Iceland, Liechtenstein, Norway, Northern Ireland and Switzerland are connected to the European hub. The systems of
Italy and Greece will not be added until 2025. These have been granted a transition period by the legislator.
These countries have been granted a transitional period by the legislator because these countries already had
regulation came into force, these countries already had systems in place for the verification of medicinal
have to be adapted to the European requirements.
Who is the EMVO?
The European Medicines Verification Organization (EMVO) operates the EU hub through which the individual
the individual country systems exchange the packaging data. A corresponding agreement was concluded between EMVO and securPharm
agreement was concluded between EMVO and securPharm to connect the securPharm system with the EU Hub
and thus integrate it into the European anti-counterfeiting system.
What is the EMVS?
The European Medicines Verification System (EMVS) is the Europe-wide anti-counterfeiting system.
It consists of two components. One component is formed by the national organizations for
the Delegated Regulation (NMVOs) with the corresponding national systems (NMVS).
(NMVS).
The second component of the EMVS is formed by the European hub. This hub
This hub acts as a router (connection point) to ensure the exchange of data from the national data
and is also used by pharmaceutical companies to upload packaging data.
used by the pharmaceutical companies.
30.06.2021 Version 1 created by securPharm e. V. 9
How are the security features intended to increase counterfeit protection?
The new anti-counterfeiting protection consisting of an individual identification feature and first-opening protection
counterfeits are easier to recognize. The individual identification feature makes each pack
unique, making counterfeiting less attractive and the risk of detection high.
is high.
Where can I find out which counterfeits have been detected by the securPharm system?
Is there
Is there a list of detected counterfeits?
securPharm supports the responsible supervisory authorities in the investigation of suspected counterfeiting
by providing reports from the securPharm system, the so-called audit trails of individual packs.
of individual packs. As a rule, securPharm does not receive any information about the
generally does not receive any information. Information on counterfeits must therefore be obtained from the responsible
supervisory authorities.
30.06.2021 Version 1 created by securPharm e. V. 10
2. questions regarding the connection to the securPharm system
What are the requirements for using the securPharm system?
In addition to the technical requirements (hardware and software, Internet connection), the use of the securPharm system requires
and software, Internet connection), access to the pharmacy server of the securPharm system in the form of an
system in the form of an electronic certificate (N-ID). In order to prevent unauthorized use of the sys
system, a user goes through a legitimization process before accessing the system. The
legitimation is checked at regular intervals and the user is re-authorized. This
This is done for the verifying body via the NGDA portal.
What is the NGDA portal?
The NGDA portal provides access for various target groups. Persons responsible
can use the NGDA portal to manage the certificates of one or more operating sites.
operating sites. Each business premises receives its own N-ID in the N-Ident procedure. The
contact details of the respective operating site (including e-mail address) should always be kept up to date.
be kept up to date. A user name and password are defined when registering in the NGDA portal.
The portal can be accessed at www.ngda.de.
What is the N-ID?
The N-ID is the electronic identity of an individual business establishment verified as part of the N-Ident process.
business premises. It is used to access digital services and systems without additional registra
registration and is a mandatory requirement for participation in the securPharm system. Behind the N-ID
is a certificate that is valid for 24 months.
When registering and legitimizing a business establishment in the NGDA portal, an N-ID certificate can be acquired.
certificate can be acquired. With the certificate, a user receives a combination of user name,
the N-ID and password. If the certificate for the individual business premises has been renewed, a new
new password is issued for the certificate, but the user name (N-ID) for the site remains the same.
remains the same.
What can be done if difficulties arise when logging into the NGDA portal?
If you have forgotten your password, you can obtain a new password from the NGDA website.
password. To do this, you must enter your user name and the e-mail address you have provided.
You can find help with this at www.ngda.de.
What can I do if I have difficulties logging in to the securPharm GUI?
To log in to the securPharm GUI, you will need the N-ID and password from the first PIN letter you received by post.
letter that was sent by post. When renewing a certificate, users receive
receive a new password, but the password from the first PIN letter is still used to access the
GUI.
In the event that the password is forgotten, a new password can be obtained from the NGDA website.
password. The user name and the e-mail address stored must be entered for this purpose.
30.06.2021 Version 1 created by securPharm e. V. 11
The password is sent to the e-mail address stored in the NGDA portal for this operating site.
sent. It is therefore important to keep the e-mail address stored in the NGDA portal up to date.
The securPharm GUI can be reached at: https://securpharm-gui.ngda.de/ .
Who is responsible for connecting to the system?
The responsibility for implementing the legal requirements of the Falsified Medicines Directive
and the Delegated Regulation, which also includes the connection to securPharm via the pharmacy
server, is the responsibility of the verifying body.
What does the connection to the securPharm system cost?
The costs can be obtained from the NGDA.
How do I apply for an N-ID for the first time?
The N-Ident registration procedure is divided into three stages. First, an account must be created at
https://ngda.de/ must be created. Then each business establishment for which an N-ID is required must be
is required must be created in the account. Finally, the access authorization must be checked.
To do this, the relevant documents must be submitted to the NGDA for verification by uploading the required documents.
uploading the required documents. Once the documents have been successfully checked,
the N-ID can be acquired for the business premises. Once payment has been received, the certifi-
certificate is issued. The PIN for the download is sent to the business premises by post. Subsequently
the certificate can be downloaded and integrated.
The NGDA recommends allowing a period of 4 weeks for the legitimization process described above before opening a business premises.
weeks before the opening of a branch.
When do I have to re-legitimize my branch?
Re-legitimization is required every 24 months in connection with the certificate renewal in order to
to prove the continued authorization to use the digital services. For
further information, such as which documents are required for relegitimization, please contact the NGDA.
for further information.
Are there any disadvantages if I apply for a new certificate before the certificate expires?
certificate?
The certificate has a term of 24 months, which begins with the first download. As
the process of re-legitimization and certificate renewal takes some time, the NGDA recom
NGDA recommends renewing the certificate at an early stage. The certificate can be requested and activated up to three
requested and activated up to three months in advance (download and integrate) without
disadvantages for the verifying body.
The certificate is only displayed as active in the NGDA portal after the first download.
How do I know when an N-ID certificate renewal is due?
NGDA will inform you by e-mail in good time before the certificate expires so that the
order process can be initiated in good time. To receive a reminder, the
contact details in the NGDA portal for the respective operating site must be kept up to date.
30.06.2021 Version 1 created by securPharm e. V. 12
What do I have to consider in the N-Ident procedure if I have several business premises?
For owners of several business premises (e.g. branches or subsidiaries), a single registration in the
registration in the NGDA portal is sufficient. Each business establishment must be legitimized and
requires its own electronic certificate. Please ensure that you enter the contact details
contact details (e.g. e-mail address) associated with the respective business premises up to date at all times.
What do I need to bear in mind if I give up or close my business premises?
The current holder cancels the certificate for the business premises, stating the date of termination.
date of termination. The notice of termination is sent by e-mail to kuendigung@ngda.de, stating the
the establishment number, the full address and the date of termination.
Please note that, if possible, the e-mail should be sent from the same address as the e-mail address of the N-Ident account.
e-mail address of the N-Ident account holder. An employee of NGDA will check the termination
After receiving the notice of termination, an NGDA employee will check it again and then initiate all the necessary steps.
I have taken over a business premises, can I also take over the N-ID?
The existing N-ID certificate cannot be transferred. The registration for an existing
existing business premises can take place in two ways:
” The new owner has not yet registered a permanent establishment with the NGDA.
In this case, the registration of an N-Ident account including the creation of the business premises is necessary.
necessary.
” The new owner already has one or more permanent establishments.
In this case, a new business establishment must be created within the NGDA portal.
Why do I receive a PIN letter?
To acquire the N-ID certificate, the verifying body receives a letter with a password (PIN).
password (PIN). Together with the corresponding N-ID (e.g. APOxxxxxxx), this PIN is used to
downloading and unpacking the certificate. Only after the first download is
the certificate is also displayed as active in the NGDA portal.
The access data should be stored securely, as it is used not only for certificate renewal
also for the web interface of the securPharm pharmacy server (www.securpharm-gui.ngda.de/)
are required.
My download did not work, what do I have to consider?
The NGDA has published the following instructions for downloading the N-ID certificate:
” It is possible to download the certificate three times, unsuccessful attempts due to incorrect entry
of the N-ID (APO number) or incorrect PIN entry will not be counted. The spelling of the
N-ID with upper or lower case letters is irrelevant.
” Certificate downloads are not blocked if a subscriber enters the wrong PIN three times.
three times.
30.06.2021 Version 1 created by securPharm e. V. 13
” If a PIN is unclear (possibility of confusing “O” and “0” or “l” and “=”), the correct PIN can be determined by trial and error.
correct PIN can be determined by trial and error.
” NGDA does not know the respective PINs, so unfortunately it cannot provide any assistance.
” Please note that any existing security infrastructure - such as a firewall - can also prevent the download.
a firewall - can prevent the download.
30.06.2021 Version 1 created by securPharm e. V. 14
3. questions about securPharm in everyday work
How can I recognize a medicinal product subject to verification?
The IFA database and the ABDA article master have been expanded to include corresponding information.
has been added. The merchandise management system should, if it accesses the ABDA article master, recognize
recognize whether it is a product subject to verification.
If all the medicines I dispense that are subject to verification are scanned, does the pharmaceutical industry
will the pharmaceutical industry find out about my sales figures?
No, not at all. securPharm is based on the principle of separate databases for pharmaceutical companies and verifiers.
pharmaceutical companies and verifying authorities. The pharmacy server to which your software is connected
your software is connected to, anonymizes every transaction so that no one knows where the medicine was dispensed.
was dispensed.
I have a pack in front of me without a Data Matrix code. How do I deal with it?
Scan the barcode (“Code 39”). The merchandise management system will, if it is based on the IFA
data or the ABDA article master, the merchandise management system will tell you whether this pack must have a Data Matrix
code or whether it is a stock item that was placed on the market before February 9, 2019.
was placed on the market.
Is it sufficient to scan the PZN barcode instead of the Data Matrix code?
No, because the previous PZN barcode only contains the PZN in machine-readable form.
In addition to the PZN, the Data Matrix Code also contains the serial number of the pack, which is used for verification/authenticity checks.
which is used for verification/authenticity checks against the database. In addition to the
the product code, the batch designation and the expiry date are also transmitted in the Data Matrix Code.
so that these can be recorded electronically in the merchandise management system in future. With
With the introduction of the Data Matrix Code, there is also no longer an obligation to apply the Code 39
on the pack.
What features must be printed on the packaging (in plain text)?
In addition to the Data Matrix Code, packs subject to mandatory verification must contain the following elements
PZN, batch number and expiry date, the product code and the serial number must also be printed in plain text on
in plain text. Particularly small packs are exempt from this regulation.
Further information can be found on the IFA website.
What happens when I scan the barcode?
When you scan the barcode, your merchandise management system, provided it uses the ABDA
article master, checks whether it is a product that requires verification and, if so, informs you
If this is the case, it will inform you that you must scan the Data Matrix Code.
What data is contained in the Data Matrix Code?
The Data Matrix Code contains the product code, which in turn contains the PZN, as well as a
pack-specific serial number, batch number and expiry date.
30.06.2021 Version 1 created by securPharm e. V. 15
Is there a prescribed order for the information in plain text?
No. Pharmaceutical companies are free to choose the order of the data elements as long as the required
long as the required data elements product code, serial number, batch number and expiry date are included.
expiry date are included. If the dimensions of the packaging allow, the human-readable data
human-readable data elements are located next to the Data Matrix Code.
How can I tell which Data Matrix Code I need to scan for the authenticity check?
if there are several Data Matrix Codes on the pack?
If there are several Data Matrix Codes on a pack, the Data Matrix Code for the authenticity check is next to the Data
Matrix Code for the authenticity check is the PPN marking.
In a hectic situation, it sometimes happens that a pack is scanned/verified twice by mistake.
twice. Have I destroyed the dispensability?
No. The Data Matrix code of a pack can be verified by scanning as often as required.
However, it is important that you only verify the pack and do not book it out of the system.
i.e. deactivate the individual identification feature. However, if this error
error, you can correct it within 10 days. The Delegated Regulation
The Delegated Regulation stipulates that packs whose status has been set to “dispensed” and which have not left the
trolled area of the pharmacy can be returned within 10 days in the same establishment.
may be booked back into the same site within 10 days.
May the pack data be printed in white letters on a black background (inverse)?
Yes, the Data Matrix Code and the plain text information may be printed in white on a black background.
on a black background is permitted. A suitable and correctly adjusted scanner is capable of reading all approved
read all approved forms of presentation.
A pack has reached its expiry date. Does it have to be written off when it is destroyed?
No, the pack must not be written off, as this is done automatically by the system at the time of expiry.
automatically at the time of expiry. Otherwise an alarm is generated. If a pack requiring verification
pack is destroyed before the expiry date, it must be booked out.
How do you deal with coded inventory goods that were uploaded for test purposes before the mandatory operation?
before mandatory operation?
Inventory goods are goods that were released for distribution by the manufacturer before February 9, 2019, but which
for circulation by the manufacturer before 9 February 2019, but which bear security features that have
have been applied for test purposes. These can cause false alarms in the system under certain circumstances. The proportion of
of coded stock has already fallen significantly, so the problem should occur less frequently.
should occur less frequently. According to the delegated regulation, these goods can generally be sold, provided there are no other
reasons speak against it.
May securPharm e. V. pass on protocols with pack data from the securPharm system to
verifying bodies, e.g. if they want to know whether or not they have already checked a pack
checked and booked out or not?
No. According to the requirements of the Delegated Regulation, securPharm e. V. is not allowed to transfer logs with pack
data from the securPharm system only to authorities.
30.06.2021 Version 1 created by securPharm e. V. 16
What is the difference between verifying and writing off a pack?
Verification is used to check the status of the pack, whereby the read-out or manually
manually entered pack data is compared with the pack data stored in the system.
stored in the system. A display reflects the status of the pack. A pack can be verified as often as required.
verified as often as required.
The write-off (dispensing) describes the status change of an individual identification feature
from “dispensable” or “active” to “dispensed” or “inactive”. The derecognition therefore deactivates
the individual identification feature.
How do I know if my scanner is suitable and working properly?
The NGDA has developed a scanner test that should be used to check the settings of all scanners.
should be checked. The configuration of the scanners is important, as this is the only way to ensure that the data is
read out and transmitted correctly during scanning.
With incorrectly configured scanners, it is often observed that the language setting triggers alarms.
triggers alarms. For example, an English language setting is often preset so that Y and Z are swapped when reading out.
Y and Z are swapped when reading. In addition, incorrectly set scanners can cause errors when
errors in the transmission of upper and lower case letters. Incorrectly read inverse codes
(white on a dark background) are also a frequent source of errors that can be avoided by configuring the scanner.
can be avoided by configuring the scanner.
To ensure that the scanners in your facility can read the Data Matrix code correctly, please test all scanners.
correctly, please test all scanners (e.g. incoming goods and HV). If you notice any anomalies
or if you have any questions about the configuration of the scanner, the scanner manufacturer or supplier can
of the scanner can provide assistance.
You can obtain the scanner test at: www.securPharm.de, www.ngda.de or in the securPharm
GUI.
How long do I have to wait until I receive a system response after a scan?
The Delegated Regulation stipulates that the response time of the system must be less than 300 milliseconds for at least 95% of the queries.
queries must be less than 300 milliseconds.
The performance of the data repository must enable verifying authorities to carry out their activities without
carry out their activities without any significant time delay. However, the response time from the verifier’s point of view
the Internet connection between a verifying body and the pharmacy system as well as the internal
pharmacy system and the internal infrastructure of the verifying body, so that the total duration of the
so that the total duration of the request can exceed 300 milliseconds
If a response takes a disproportionately long time, the availability of the securPharm system can be checked on .
system can be checked at www.securpharm-status.de/.
How is the 10-day chargeback period calculated?
The chargeback period begins at the time of deregistration and ends exactly after 10 calendar days at the same time.
days at the same time.
30.06.2021 Version 1 created by securPharm e. V. 17
What aspects must be taken into account for a chargeback?
A chargeback must be carried out within the 10-day chargeback period and may only be carried out
only be carried out if the pack has not left the verifier’s control area.
has left the verifier’s control area. =Once the status of the package has been set to “stolen” or “destroyed”, a chargeback is no longer possible.
reversal is no longer possible. The NGDA has no influence on the chargeback and cannot
reactivate the pack or extend the period until the deadline expires.
Can the “destroyed” or “stolen” status be reversed?
No, the “destroyed” or “stolen” status cannot be reset. The pack may
no longer be included in the sales stock.
How do I deal with recalls?
Do not deactivate the pack if you return it to the pharmaceutical wholesaler or company for disposal.
wholesaler or company for disposal, unless you are explicitly requested to do so.
Only set the status of a pack to “Destroyed” if you are disposing of it yourself.
What do I do with packs that have passed their expiry date?
If the expiry date has been reached, the pack must not be written off before disposal. If the pack is
If the package is nevertheless booked out before disposal, an alarm is triggered. Verification to check the status is still
of the status is still possible without risk. The securPharm system then responds with the
that the expiry date has been exceeded and the pack must not be disposed of.
What do I have to consider when disposing of a damaged pack?
If the pack has been damaged at the verifying office to such an extent that it can no longer be
can no longer be dispensed, the code must be removed from the system before disposal.
Where can I check whether the securPharm system is accessible?
The operating status of the securPharm subsystems can be checked at www.securpharm-status.de
can be tracked.
30.06.2021 Version 1 created by securPharm e. V. 18
4 Dealing with alarms
What is an alarm or alert?
An alarm or alert is a warning message. This message provides information about a possible
in the system. Depending on the type of alert, different actors within the securPharm system are notified.
securPharm system are notified. Sensitive data is subject to special protection.
The occurrence of a warning message initially says nothing about the originator. Furthermore
not every alert is a falsification - technical errors, incompletely uploaded packaging data, problems
incompletely uploaded packaging data, problems with the coding, incorrectly set scanners or
handling errors (e.g. double booking out of a pack) can also be the cause.
be the cause.
How does an alarm occur in a verifying point?
In a verifying point, an alarm can be triggered both during verification and when the status of a pack
status change of a package (e.g. write-off).
A data comparison takes place during the verification process. The pack data of the pack you have
pack is checked for consistency with the data stored in the securPharm system.
checked for consistency. Verification can be carried out by the scanner or by manually entering the pack data.
pack data manually. If the scanner does not read the data correctly or a typing error
the pack cannot be found in the system. This triggers an alarm,
This triggers an alarm because a pack requiring verification is being processed whose identity is unknown to the legal supply chain.
chain is unknown.
In the event of a status change, the existing pack status is changed, for example from “ready for
dispensable” (active) to “dispensed” (inactive). =However, if the desired pack status has already been set before the change
already set before the change, the attempt to change it triggers an alarm. In practice, this alarm
alarm often appears as a double check-out attempt. The cause may be a handling error,
for example, an inadvertent write-off in goods receipt and then a renewed write-off when the goods are
when dispensing to the patient. From the system’s point of view, such a process indicates a possible forgery.
forgery, as there is a risk that it is a copy of an original pack.
original pack.
What role does my scanner play?
The scanner is an important tool for recording pack information. It facilitates
and speeds up processing when dispensing packs and prevents incorrect entries during manual recording.
when entering information manually.
However, if the scanner is not configured correctly, the pack data is read and transmitted incorrectly.
transmitted incorrectly. This can lead to an alarm because the data read out does not match the data stored in the system.
stored in the system. This error pattern is often seen when upper and lower case
case is not read correctly or the scanner swaps Y and Z (language setting).
ling). In practice, errors also frequently occur when separators are read over or
an inverse Data Matrix code (white on a dark background) is applied to the packaging.
30.06.2021 Version 1 created by securPharm e. V. 19
To check whether a scanner is set correctly, please test each of your scanners. The test
is possible with the NGDA scanner test. You can obtain the current version of the scanner test
at: www.securPharm.de, www.ngda.de or in the securPharm GUI.
What must be observed for manual entry?
When entering the data manually via the securPharm GUI, special attention must be paid to the exact
the exact entry of the pack data. In particular, there is a risk of confusion
with “O” and “0” or “l” and “=”. An incorrect entry will inevitably lead to an alarm, as the requested
queried data is not stored in the system.
What is a double check-out attempt?
If a package that has already been booked out is booked out again, an alarm is triggered in the securPharm system.
alarm is triggered in the securPharm system. Each pack can be identified via the stored data (product code, serial no,
batch, expiry date). If a pack is booked out several times, this indicates that it has expired.
because there is only one original pack with this data combination on the legal pharmaceutical market.
pharmaceutical market.
Uncertainty immediately before dispensing as to whether a pack has already been booked out or not can easily arise.
has been booked out or not can easily arise. In this case, however, the pack should not be booked out again
should not be booked out again, because if it has already been booked out, an alarm is triggered. Instead
Instead, the status of the pack should first be checked (verification). When verifying
of a package known to the system, no alarm is triggered. It is generally
processes should be checked and, if necessary, adjustments made to avoid the occurrence of
avoid the occurrence of double check-out attempts.
If you have inadvertently booked out the package twice, you can repeat this process under certain
certain conditions (e.g. time limit).
Who is informed about the alarm?
With every verification process and every change in the status of a pack, communication takes place between the pharmacy
between the pharmacy server and the pharmaceutical industry database.
However, the identity of the verifier remains hidden from the pharmaceutical industry database.
however, remains hidden from the pharmaceutical industry database. This also applies in the event of an alarm. The database system of the
pharmaceutical industry database system and the pharmaceutical company to which the alarm-triggering pack
the alarm-triggering pack therefore receive no information about where the alarm was triggered.
was triggered.
If an alarm is triggered, the responsible pharmaceutical company is informed. There the
alarm can be classified. Depending on the assessment, the alarm is automatically forwarded to the securPharm system.
alarm is automatically forwarded by the securPharm system to the BfArM for further processing. The
BfArM acts as the contact for all supervisory authorities.
30.06.2021 Version 1 created by securPharm e. V. 20
What information is transmitted in the event of an alert?
In addition to the packaging data (serial no,
serial number, product code, batch number, expiry date), the assigned alarm designation, an individual
individual identifier of the alarm incident (alarm ID), the time at which the alarm occurred and the dyna
pseudonymized identifier of the location that triggered the alarm.
If there is an automatic or manual escalation by a verifying body or the pharmaceutical
or the pharmaceutical company, the data from both databases (PU and AP system) are merged in a report.
AP system) are merged into one report. The competent supervisory authority has access to
this report, which is also called the audit trail.
The audit trail contains all information on a pack. This means, in addition to the pack data,
all transactions (including verifications and status changes) and alarm information, the associated
associated times and the corresponding de-pseudonymized system users. Only the authorities
only the authorities are able to identify the respective verifying body.
How is the alarm displayed in the software/merchandise management system?
An alarm is always displayed directly in the software when it occurs, i.e. when an incorrect
verification process or an unsuccessful status change. Depending on the software house
the display of the “red traffic light” differs. A warning window is often opened.
The scope of the information displayed for the alarm also differs depending on the software house.
house.
Historical alarms can be displayed by many software manufacturers using an automatically managed
log in the software/merchandise management system. Please also note the
securPharm GUI.
If you have any questions about the display and functional scope of the software products, please contact
please contact your software manufacturer directly.
Where can I obtain further information about an alarm?
In addition to the display in the pharmacy software/merchandise management system, it is also possible to use the
graphical user interface of the pharmacy server (securPharm-GUI of NGDA). With
the “alarm monitoring” function contained therein, the respective operating site receives =infor
information on alarm messages triggered by it. In addition to merchandise management, the
GUI provides information on the alarm status (created, de- and escalated), the alarm ID, as well as a com
a comment that a pharmaceutical company can leave when classifying an alarm.
can leave when classifying an alarm. You can also filter the alarms according to various criteria. Assistance
for using the user interface can be found in the GUI help document.
The securPharm GUI is available at the following link: https://securpharm-gui.ngda.de/
Please note that the error codes displayed in the ERP system may differ from those in the GUI.
may differ. A table of error codes can be found in the GUI help document.
30.06.2021 Version 1 created by securPharm e. V. 21
How to deal with packs whose authenticity could not be successfully verified or a status change
or a status change is not successful?
In principle, a pack whose verification is negative must not be dispensed and must be separated.
and must be separated. In order to confirm or refute the suspicion of a counterfeit, an error analysis must be carried out.
an error analysis must be carried out. It is therefore essential that
verifying bodies actively deal with the error messages that have occurred in their
and get to the bottom of the causes. At the same time, the responsible
pharmaceutical company can initiate an investigation.
The result of the pharmaceutical company’s analysis (alarm status and, if applicable, comma
tary) can be checked via the alarm monitoring in the securPharm GUI (https://securpharm-gui.ngda.de/) using the alarm status.
can be checked using the alarm status. If, at the same time, the analysis in the verifying body
no good reasons to assume that a technical error or own handling errors (e.g. accidental
(e.g. inadvertent derecognition in the incoming goods department) is the reason for the alarm, the
packaging must continue to be separated and the official reporting channels must be followed.
If the suspicion of counterfeiting is invalidated by the error analysis and there are no further
evidence of counterfeiting, the pack can be released again. Please note that
only “dispensable” (active) packs can be booked out and dispensed. Make sure
the pack status by scanning (verifying) the pack and only then pick up the pack again.
only then add the pack to the sales stock again.
How does the responsible pharmaceutical company check an alert?
After an alarm has occurred, the alarm can be reviewed by the responsible pharmaceutical company within a time window of seven calendar days.
days by the responsible pharmaceutical company. If the responsible
If the responsible pharmaceutical company determines that it is a false alarm within the time window, it is classified as such
and thus de-escalated. If no reason for a false alarm is found, the alarm must be classified as a po
tential case of suspected falsification and therefore escalated. If no assessment is made within the
If no assessment is made within the deadline, the alarm is also automatically escalated.
Please note that the pharmaceutical company may only escalate the alarm in the case of errors that it has
errors (e.g. missing data upload, incorrect expiry date uploaded, incorrectly printed pack, etc.).
printed pack, etc.) can only be de-escalated. It is therefore all the more important that you
verifying point, check the scanner settings and adjust the processes if necessary.
adjust the processes if necessary.
If an escalation occurs, the alarm message is forwarded by the securPharm system to the BfArM.
forwarded. The BfArM acts as the contact for all supervisory authorities.
Please note any reporting obligations that exist independently of the evaluation by the phar
pharmaceutical company.
May a pack that has triggered an alarm be returned to the sales stock before the competent
before the review by the responsible pharmaceutical company has been completed?
has been completed?
The decisive factor for the return to sales stock is the pack status, which is
30.06.2021 Version 1 created by securPharm e. V. 22
first-opening protection and the assessment of the verifying body.
If, after careful analysis, there are good reasons to assume that a technical error or own handling
technical error or own handling errors (e.g. inadvertent write-off in the incoming goods department) were
were the reason for the alarm and there are no other indications of counterfeiting, the suspicion can be
counterfeiting, the suspicion of counterfeiting can be refuted even without the examination of the pharmaceutical
company can be refuted. Manual verification, the transaction overview in the software and the
overview in the software as well as the alarm monitoring in the securPharm GUI can be helpful here.
(https://securpharm-gui.ngda.de/).
In addition to the error analysis and the verifying body’s assessment of the
the packaging status in the securPharm system is relevant for the assessment of dispensability.
eligibility for dispensing. Only packs with the status “dispensable” may be included in the sales stock.
be included in the sales inventory.
What is the difference between alarm status and pack status?
The status of the alarm expresses whether an alarm could indicate an actual suspected case of counterfeiting
or whether a false alarm has been triggered. The status of the pack determines whether
the pack is “dispensable” (active) or not, whereby other factors can restrict the dispensability despite the
active status. The pack status and alarm status can be checked via the
software and the securPharm GUI.
What is the securPharm GUI?
The securPharm GUI is the web interface of the NGDA’s securPharm pharmacy server. GUI
stands for Graphical User Interface. Via the GUI, a
verifying body can access the following functions via the GUI:
(a) Manual verification and write-off of medicines subject to verification.
This option allows you to manually verify medicinal products subject to mandatory verification
and the option to change the status of the pack. This function is particularly useful in the event of
in the merchandise management system.
b) Alarm monitoring
The alarm monitoring system provides you with an overview of alarms that have occurred in your
and information on the evaluation of the alarm. With the help of a search and
sorting function, individual alarms can be filtered out. This information can be helpful
to clarify alarms, detect sources of error and avoid them.
The securPharm GUI is available at the following link: https://securpharm-gui.ngda.de/
Please also refer to the GUI alarm monitoring documentation, which you can find in the GUI under the
tab: “:help”.
30.06.2021 Version 1 created by securPharm e. V. 23
Where can I view all transactions (verifications and status changes) of my business premises?
retrieve?
Many software companies offer the option of using their software to view the previous actions
in connection with the Delegated Regulation (status verification and change).
to understand. This check is carried out via a protocol or log file. If you have any questions about this
please contact your software manufacturer.
When is a suspected case of falsification reported to the authorities by the securPharm system?
reported?
After an alarm has occurred in the system, this alarm can be reported to the authorities by the responsible pharmaceutical
pharmaceutical company within a time window of seven calendar days.
days. The result can be viewed in the securPharm GUI in the respective alarm status. If the pharmaceutical
pharmaceutical entrepreneur determines within this time window that it is a false alarm
is a false alarm, it is classified as such and thus de-escalated. De-escalation eliminates the need for au
automatic notification by the system. If no reason for a false alarm is found, the alarm must be
the alarm must be classified as a potential case of suspected falsification and therefore escalated. If
If no assessment is made within the deadline, the alarm is also escalated automatically.
If an escalation occurs, the alarm message is forwarded by the securPharm system to the BfArM.
forwarded. The BfArM acts as the contact for all supervisory authorities.
In this context, please note that the competent supervisory authorities have a right to all information
information necessary to check compliance with the Delegated Regulation. Not applicable
If the verifying entity or the securPharm system fails to submit a notification, the supervisory
authorities can still view all information (including transactions and alarms) for this package.
pack can still be displayed.
When do I have to report an alert to the authorities?
An alarm could always indicate counterfeiting. You should therefore act immediately. Investigate
Investigate the pack and the alarm, using all the information available to you.
information available to you (e.g. assessment of the alarm status by the responsible company, manual input and
and scanner test or the transaction history in the software if available). Regarding the
Please consult the relevant legislation for information on reporting deadlines and channels.
What information does the authority have access to?
Competent supervisory authorities have a right to all information necessary to verify compliance with the Delegated Regulation.
compliance with the Delegated Regulation. This includes information on alerts, but
the transaction history of a package, including verifications and write-offs. To obtain the
information from the data repository, securPharm performs a de-pseudonymization of the originating
mization of the originator towards the authority. The identity of the verifying
The identity of the verifying body remains hidden from the database of the pharmaceutical industry.
Up to now, the supervisory authorities have accessed the database by individually querying the so-called
audit trails and the alert ID via the securPharm office.
30.06.2021 Version 1 created by securPharm e. V. 24
In the future, this process will be automated and authorities will have direct access. Potential
potential violations of the Falsified Medicines Directive can be tracked even more easily and comprehensively.
more easily and comprehensively. The respective associations of the user groups will be informed in advance.
inform in advance.
Why should you deal with the securPharm system and alarms?
In addition to fulfilling the legal requirements, each individual user contributes to maintaining the high level of safety in the legal pharmaceutical trade.
level of safety in the legal pharmaceutical trade.
For the anti-counterfeiting system to work, any alarms that occur must be registered and categorized.
classified. The key question here is whether the alarm indicates a counterfeit or a false alarm.
a false alarm.
So investigate the cause and familiarize yourself even more with the securPharm system.
system: “What does the error code that appears when scanning or changing the status of the pack mean?
“How do I recognize a package that has been booked out twice?”; “Is the scanner set up correctly?“
correctly set?”; “Which alarms indicate an incomplete data upload?”; “What is the
securPharm-GU=?”, “Who can help me with problems and questions?”
Does the securPharm system report a suspected case of falsification to the supervisory authority?
4.20: Does the securPharm system report a suspected case of counterfeiting to the supervisory authority?
Alarms are always stored in the securPharm system so that they are available for processing by the authorities.
available for processing by the authorities. Authorities that receive a suspected falsified
reported by market participants using the data from the securPharm system
from the securPharm system currently still have to inquire with securPharm to obtain the corresponding audit trails.
receive the corresponding audit trails. After the planned connection of the authorities to the securPharm system, they will have
will then have direct access to the data from the system.
It is also planned that the securPharm system will provide the Federal Institute for Drugs and
Medical Devices (BfArM) automatically as soon as an alarm is escalated in the system.
The BfArM then coordinates the cases in consultation with the Paul Ehrlich Institute (PEI), enters them
into its own official counterfeit database and informs the supervisory authority responsible for the pharmaceutical
responsible supervisory authority for the pharmaceutical company.
The notification by the securPharm system is an additional notification that does not replace the previous
reporting obligations of the market players. The previous reporting obligations continue to apply in the event of
a well-founded suspicion of falsification.
Downloads & Links
In der Verfassung vom 15. Dezember 2022pdf, 112,27 KB
In der Verfassung vom 20. Januar 2020pdf, 662,50 KB
Ansprechpartner
Haben Sie Fragen oder benötigen Sie Hilfe?
Kontaktieren Sie uns jetzt, und wir stehen Ihnen zur Seite.
Kontakt aufnehmenmade in Berlin. 2025 securPharm