Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

GUDID data deficiency communication - IS THIS A SCAM?

Marcelo Antunes

Addicted to standards
Staff member
Admin
#23
Marcelo, do you know if third parties other than Issuing Agencies are involved in the UDI process?
Not sure what you mean exactly. For example, the labeler can indicate q third party to upload the UDI information in his name. Is the what you are asking about? Or are you asking if there's any third party organization involved in in the UDI process?
 

Ronen E

Problem Solver
Staff member
Super Moderator
#24
Just to clarify, for me the question was never about GS1 itself or the content of the email the OP received. I know exactly who GS1 are and what their (legitimate) role / affiliation with the FDA is. I've had exchanges with GS1AU and GS1US in the past.

For me the issue was simply being cautious about suspicious emails, and verifying independently. There may well be a real problem that needs attention; just need to verify first that it is indeed what it seems.

I was also trying to highlight that (AFAIK) other than email address verification, we know very little (nothing?) about the real identity and motives of members here, especially new ones, and therefore need tot take the contents of any posting here with a pinch of salt (and caution), at least until some confidence is duly built. In that regard I think Beth made two mistakes: The first was making an appearance here to reassure the OP (or all of us) without considering the above and without investing in providing unquestionable supporting evidence that she is who she said she was; and the other was leaving the way she did, which looked either like damage control (maybe ordered from above) or like an outro of an unsuccessful scammer (I tend to believe it's the former, but it definitely didn't look good and probably did more damage than good).

All in all I think it's a fairly simple situation for the OP - just contact GS1US independently and ask what's going on.
 

Watchcat

Involved In Discussions
#25
Marcelo, I mean the latter, I think.

It seems to me that the simplest process would involve only two parties, the labeler and the FDA. The labeler may be able to contract out some part of its UDI work (eg, uploading), but that's not what I mean. I mean inherent in the process. I gather the only way to get a UDI is from an Issuing Agency? In that case, Issuing Agencies are what I'm calling third parties. You can't comply with FDA's UDI requirements without them.
 

Watchcat

Involved In Discussions
#27
So my question is, are there any other such third parties (can't comply with FDA's requirements without them) that are involved in the UDI process?
 

Watchcat

Involved In Discussions
#29
I guess labelers are potentially third parties also, if the "manufacturer" contracts labeling out? But they would not be inherent in the process if it is reasonably possible for a manufacturer to do its UDI/GUDID labels inhouse.
 

Watchcat

Involved In Discussions
#30
It appears that beth1212 is now an “inactive” member who does not allow her profile to be viewed. Whether this means she is still getting alerts, at this point I don't care. And now that I’ve had more time to think about this, I have that much more to say. So, more than you ever wanted to know…

Who is Beth1212, why did she come here, why did she leave?

If you want to know who she is, it is easy enough to find her on LinkedIn. (Of course, just because LinkedIn says so, doesn’t mean it’s true either.) Her title says she’s in “industry engagement, healthcare” at GS1 US.

Her supply chain background doesn’t seem inconsistent with someone who might join the Cove for much the same reasons as most Covers, but her timing suggests she might have joined specifically to “assure” us of the legitimacy of the email. She might not have known that medical device quality management types have a very different concept of assuring than someone saying so.

I don’t know why she left, but what I personally noted was that it was immediately after I posted, “This isn’t a marketing email. (Or is it?)”

Is the email a scam?

According to Merriam Webster, a scam is “a fraudulent or deceptive act or operation.” Following that definition, isn’t pretty much everything in our society a “scam” these days, on one level or another?

It doesn’t appear to be a spoof email, and it appears that the content is legit. I think this is probably what markg123 was really asking. As previously noted by others, appearances can be deceiving (a scam), so I still concur with advice to not click on the email link and to go directly to the GS1 US website to follow up.

[As an aside, I will opine that advising someone to follow this practice for “suspicious” emails strikes me as a lot like telling someone to point only unloaded guns at other people.]

To me the question remains as to whether the sole purpose of the email was to comply with FDA’s notification requirements or if it might also have been intended to serve some other unstated purpose. The latter, I would consider a form of deception.

If so, what kind of scam is it?

To me, the term “industry engagement” evokes “patient engagement,” a term with which I am painfully familiar. Virtually no one involved in “patient engagement” is interested in engaging patients. Instead, they are eager to “engage” what is commonly referred to as “patient-generated healthcare data.” This is another scam, IMO, the kind of classic misdirect used by con artists, magicians, and politicians the world over. The term “patient generated” directs the mark’s attention toward the source of the data and away from who gets it and how. (The redundancy in “patient-generated“ and “healthcare data’ is the clue here. At base, all healthcare data is generated by patients.)

One group that is riding the patient engagement bandwagon wants patients to enter their “patient-generated healthcare data” on their “smart”phone (my vote for the #1 scam of the 21st century) which then sends it up into “the cloud” (heh). Where it goes from there, only the appsies know. Since “patient engagement” is all about data mining, I have to ask whether “industry engagement” isn’t about the same thing. Maybe it seeks to engage “company-generated company data,” lol.

This leaves me wondering how such an email might be used to “engage” company data. I can’t think of anything especially exciting, but I’m no cybersecurity expert.

Perhaps FDA expressly prohibits Issuing Agencies from using the data they receive from UDI clients as part of the process of issuing them a UDI for any purpose other than to issue them a UDI. But maybe if they can get a client to email them outside of the UDI issuing process, e.g., in response to a notification, that’s a little loophole that leaves them free to add the email address to their marketing distribution list. As scams go in this day and age…yawn.

On the other hand, in addition to issuing UDI’s, GS1 US also offers some “tools” like the GS1 US Data Hub and the GS1 Company Database. Perhaps it is free to make information on its UDI clients available through those tools already, or perhaps it is not. Perhaps its UDI clients actually need for their information to be available through these tools in order to support their UDIs somehow, maybe they want their information available there for other reasons, or perhaps not. Perhaps by replying to the email, you open the door for your company’s information to being made available, whether your company wants it to be available or not. As scams go in this day and age…not a yawn, but probably not a yikes, either.

As for “non-profits”

When someone in the US describes an organization as a non-profit, they are almost always referring to an entity defined by the IRS as a tax-exempt organization (TEO).

There are 29 different TEOs identified under section 501(c) of the federal tax code and another four in other sections. Only one type of TEO is a “charitable” organization. The different types of TEOs are identified by their organizational purpose, not by a lack of profit. The important thing is that these entities defined by federal tax code, not by the angels, and their tax-exempt status doesn’t come anywhere close to being a seal of good character. State governments may have their own provisions for non-profits, with few requirements beyond a filing a little paperwork and paying a modest fee, so not a seal of much of anything.

In short, a claim that an organization is a “non-profit organization” is virtually meaningless. A claim that an organization is “designated as a tax-exempt organization under Section XXX of the Internal Revenue Code” has some meaning, if only that its management at least knows what kind of organization they are supposed to be managing, but it is still in no way an indicator of the character of the organization or its management. It makes more sense to think of these organizations as corporations, because that’s what they are.

So enough already. And you're welcome.:p
 
Last edited:
Top Bottom