FMD Serialization for Wholesalers: NMVS Alerts and Decommissioning
FMD Serialization for Wholesalers: Managing NMVS alerts, verification, and decommissioning without errors
If you scan a pack at goods-in and “Unknown pack” or “Pack Already Inactive” appears, the first risk is not technical: it is organizational.
The real risk is that someone says:
“It must be the system, just put it aside and move on.”
And in an audit, that becomes: lack of control over potential falsified medicines or supply chain anomalies.
In 30 seconds
For a wholesaler, FMD does not mean “scan everything.” It means knowing when you must verify and when you must decommission.
NMVS alerts must be handled through a quality-driven workflow: quarantine + triage + evidence + escalation.
The dangerous myth is: “Serialization is mainly a pharmacy issue”. False. Wholesalers have their own specific obligations and critical control points.
Inspection vocabulary (LSI) you need to master
Falsified Medicines Directive (2011/62/EU), Delegated Regulation (EU) 2016/161, Unique Identifier (UI), 2D DataMatrix, GTIN, NMVS, EMVO, decommissioning, verification, alert status, tamper-evident, risk-based verification, aggregation, exception handling, Sistema Farma / XML flows, dual system (bollino + DataMatrix).
The point that creates the most errors: confusing verification and decommissioning
Many deviations start from a simple misunderstanding:
Verification = checking that the code exists and is valid in the system.
Decommissioning = changing the status, for example to “export” or “supplied,” so that the pack is no longer dispensable in the EU.
During audits, the problem I see most often is the absence of a clear decision matrix applied consistently by operators.
Decision table (ready to turn into an SOP)
| Operational scenario | Typical FMD action | Risk if you get it wrong |
|---|---|---|
| Purchase from manufacturer/MAH and sale to pharmacy | often no pack-by-pack action, unless internal policy says otherwise | inefficiency if you scan everything without added value |
| Purchase from a “secondary” wholesaler / intermediary | verification, often including risk-based sampling | invalid packs entering the supply chain |
| Supply to non-dispensing entities, such as doctors, ships, or special institutions | decommissioning, for example “supplied” | pack may re-enter and appear duplicated or inconsistent |
| Export outside the EU | decommissioning, typically “export” | risk of reintroduction or status mismatch |
| NMVS alert during receipt or picking | immediate quarantine + alert handling | potential falsified pack ignored = critical finding |
| Returns, where applicable to your model | dedicated workflow: GDP assessment + possible UI handling according to rules and control conditions | improper reintroduction into stock |
Operational note: the exact rules depend on your role in the supply chain and the national setup. The goal here is to make the rationale and the control auditable.
NMVS alert playbook: what to do when an error appears
When an alert is triggered, you need a standardized response. Not “the shift hero.”
8-step workflow
1. Stop and segregate
The pack must go into physical quarantine, or into a dedicated “FMD alert / suspect” area, with an “ON HOLD” label.
2. Capture evidence immediately
Take a screenshot or photo of the error and record date/time, workstation, scanner ID, and operator.
3. Controlled second scan / double check
Not to “make the error disappear,” but to confirm repeatability and reduce the chance of a purely technical false alarm.
4. Check pack integrity
Inspect tamper-evident features, packaging condition, and any signs of rework or tampering.
5. Open a quality event
Raise a deviation or QMS event and classify it as potential falsification or technical error.
6. Technical triage with IT / supplier
Check connectivity, latency, software updates, and synchronization issues.
7. Regulatory / supply chain escalation
Contact the national helpdesk and involve the MAH or supplier if required by your procedure.
8. Traceable disposition
Release only if a false alert is clearly demonstrated. Otherwise manage it as a suspected falsified medicine or recall case according to procedure.
Contrarian insight: the obsolete practice is “reset the scanner and keep retrying until it passes.”
That is risky because it destroys data culture. In an audit, they will ask how many alerts you had, how you handled them, how quickly, and with what evidence.
Scanner-software integration: the hidden risk is ergonomics, not the regulation
FMD often fails for “simple” reasons:
- slow scanners
- too few workstations
- non-integrated software leading to double scanning and operator workarounds
- slow NMVS response causing operational pressure and shortcuts
What works in practice from a warehouse perspective
- adequate 2D hardware and maintenance, because “tired” scanners create errors
- integration with WMS or middleware to avoid duplicate entries
- peak management with more workstations during heavy load periods
- exception-handling procedures for cases where NMVS does not respond or the network is down
Italy: DataMatrix + bollino, a duality that creates “silent” deviations
In Italy, the administrative component (bollino / SSN) and the anti-falsification component (DataMatrix) may coexist and generate:
- operational redundancy
- reconciliation errors
- incomplete flows to central systems
From a compliance perspective, this is not “bureaucracy.” It is traceability.
A strong RP setup requires:
- clear ownership of the flows, meaning who sends what, when, and under which control
- periodic reconciliation between physical movements and transmitted data
- treatment of rejects or file errors as deviations or incident logs where traceability is affected
Useful KPIs that make a difference during audits
- NMVS alerts per 10,000 scans
- % of alerts closed within X days
- average triage time
- % of operators trained and requalified on FMD
- number of exceptions per workstation/scanner, to identify technical or process weaknesses
What to remember
For a wholesaler, FMD is mainly about correct decisions + evidence.
An alert is not “a nuisance.” It is a quality event until you prove otherwise.
If the technology slows operations too much, the process will start bypassing itself, and you will pay for that in an audit.
FAQ
Is it mandatory to scan every outgoing pack?
Not necessarily. Many operating models rely on targeted obligations and risk-based controls. The key is to have a coherent, demonstrable procedure.
What does “Pack Already Inactive” mean?
It is a signal that requires controlled handling. It may be a technical issue or a real anomaly. The correct response is always quarantine + triage + evidence.
Is aggregation worth implementing?
Not always mandatory, but it can reduce time and errors if you handle high volumes. The important point is that it must be well governed, otherwise it only moves the problem elsewhere.