ezFMD checks against a list of valid serial numbers – who runs that list?
The basic data – a list of valid serial numbers along with the article number, the batch number and expiry date – is provided by the National Medicines Verification Organisation (NMVO – e.g. in Ireland it is the imvo.ie), each of which is associated with a pan-European umbrella organisation. The basic data for each pack is provided by the manufacturer or parallel MA holder and sent automatically to the relevant national organisation.
Is there a record kept of scans performed by ezFMD?
Yes, each scan is recorded immediately. If there is no Internet access at the time, the data scanned is retained for later recording.
Where does ezFMD store my recorded data?
ezFMD is designed to write the user’s records to a SQL database for safe storage and later use in reports, etc. For most users, the SQL database will be set up and maintained in the cloud as part of the ezFMD setup and users will be told how to retrieve their data. For larger user organisations, with an in-house IT team and a SQL server available, it is straightforward to set up ezFMD to store the data in-house.
Who owns the data of the scans performed?
The convention in the entire chain is that the creator of the data is the owner and that only use for the intended purpose by others is permitted. For instance, the NMVO will need to look at each request for validation and they will know from whom that request came. However, they cannot retain that data for marketing or other non-related purposes.
Can I get reports?
Reports can be retrieved for all scans or just scans which returned an unexpected result, using a start and end date “window”. These can be saved as a PDF or as an Excel file. The reporting module can be restricted to the use of a manager, RP, etc. if the user wishes. See also: Reporting
My data – Retained for how long?
The data is normally retained for a year. A five-year option is available at a modest additional storage cost. Some users will prefer to download the data periodically and archive it on their own systems, others will prefer to see it saved in the cloud. The flexibility is there, to let the user ensure a good fit with their in-house procedures and policies on data retention. Where the user chooses to use an in-house SQL server, they will then independently determine their retention policies.
When I scan, can others see what I scanned and how will that be used?
The data will flow through the NMVO during the verification / supply cycle. In certain defined circumstances, the manufacturer will receive an alert that a serial number was the cause of an alarm – e.g. an attempt was made to dispense a pack marked as “Destined for destruction”. Use of data is restricted to the validation of the pack in accordance with the Falsified Medicines Directive (FMD). Otherwise no third-party retention of data is designed into the system.