On the 9th of February 2019, the Falsified Medicines Directive (2011/62/EU) entered into force. The purpose of the directive is to ensure patient safety by preventing falsified medicines from entering the supply chain. All EU and EEA countries should be able to comply with this directive, and a pan-European system was designed and developed – the European Medicines Verification System (EMVS). Each country is connected with a National Medicines Verification System (NMVS). These are connected via a European HUB.
The HUB is operated, validated and developed by the European Medicines Verification Organization (EMVO), while the national NMVOs (National Medicines Verification Organization) are responsible for the national systems (NMVS).
All prescription packs must be uniquely identifiable. This means that all packages must be marked with a unique serial number, in addition to being marked with a 14-digit product code (GTIN – Global Trade Item Number), batch/lot and expiry date. This must be printed in a readable format and in a 2D Matrix code (often abbreviated 2D code). In addition, all packages must have a seal (AntiTampering Device).
There are some exceptions to the serialization requirement. This is regulated at ATC code level, and includes, for example, homeopathic medicines, radionuclides, some allergen extracts and some other liquid solutions. See appendix 1 in the Ordinance on Safety Devices (link in chapter 7 – References). Furthermore, there are also some OTC preparations that are covered by the directive. These are reproduced in Appendix 2 of the Regulation. As of today, none of these are on sale in Norway.
All persons and entities that supply medicinal products to customers and patients are obliged in accordance with the directive to be connected to the national NMVS. This includes all the country’s pharmacies and wholesalers that import and sell prescription drugs, and it applies to certain hospital departments. In addition, the Norwegian Medicines Agency has access to parts of the system to issue reports and monitor alerts.
It is strictly regulated who has access to which data in NMVS. Each end user owns its own data, and this must not be shared with other parties without consent. For example, Nomvec only has access to transactions on packages that have either generated an error message, or transactions that pharmacies or other end users request information about. Nomvec can only share this information with the actor who carried out the transaction. MAHs do not have access to information about which end user that carried out which transaction, but they are receiving error messages that are generated on packages where they are registered as the owner of the product (GTIN/PC).