Working Out the Bugs

Fri, 05/08/2009 - 12:19pm
Paul Nickelsberg
Among the most important factor in medical device design is timely launch to market of a quality product. Aiding designers is an extremely useful process—Design Failure Mode Effects Analysis (DFMEA). DFMEA enables design teams to review their products, down to the component level, to ensure that all elements are working properly and within necessary parameters.

Paul Nickelsberg, president and CTO of Orchid Technologies Engineering and Consulting, Inc., has over 20 years experience in electronic product design and development. He can be reached at
Medical products must meet a high standard of efficacy and safety. One of the most effective tools in the designer's bag of tricks is the Design Failure Mode Effects Analysis (DFMEA). This type of analysis was first introduced into the design of military equipment over sixty years ago. Since then, it has been effectively applied in commercial automotive design, chemical process control design, and medical equipment product design.

Overview of DFMEA
Click image for a full resolution version.
The DFMEA is a thought experiment that product designers use to identify possible design failures, what the effects of those failures might be, and how the severity of those failures may be remediated or eliminated all together. Concepts such as risk severity, probability of risk occurrence, and risk detectability are used to calculate a "Risk Product Number"—RPN—also known as a "Risk Assessment Number." The magnitude of the RPN is used to identify failure modes that require attention. The goal of the DFMEA process is to obtain RPN, which are "As Low As Reasonably Possible" (ALARP) for each failure mode identified.

During the design of a forced hot air patient warming medical product—intended to keep unconscious patients warm during surgery—the team used the DFMEA to identify industrial, mechanical, electrical, software, and documentation design risks.

In the implementation of DFMEA, procedures are a team effort. Product marketing, clinical testing, development engineering, and quality assurance departments, as well as legal and technical regulations, provide input into the process. DFMEA is a meeting activity; it evolves with the product. Numerous revisions are required to obtain its full benefit. Copious revisions are required to reach the full DFMEA process. The DFMEA should include all Bill of Materials (BOM), components, subsystems, and systems in the product design. Components and samples supplied by the customer, as well as customer provided drawings, simulations, and animations are part of the input.

Where to Begin
Click image for a full resolution version.
DFMEA often starts with risk identification. Product marketing and clinical testing may lead the way to identifying and defining failure types and assigning numerical values of risk severity to each.

For example, for a patient warming device, one might identify the possibility of burning a patient's skin as a risk. That risk could be assigned a high-level severity. Another risk that the team might identify is the lack of therapy—something might prevent the product from working. Depending upon the known usage model for the product, one might imagine that "lack of therapy" carries a lower risk severity than risk of burns. The team then assigns a less severe risk value to the risk category. In this way, all of an organization's departments that have product responsibility are represented and have input into the risk severity definition process. Strong team leadership is essential to keep the process on track.

The Process
The DFMEA should be performed down to the component level—a rigorous task. Every resistor, capacitor, and semiconductor device is analyzed for its contribution to product safety. Components, including transistors and diodes, are reviewed for open, short, and wrong values. Digital semiconductor components are reviewed on a pin-by-pin basis for stuck at 1, stuck at 0, open, and short conditions. More rigorous DFMEA might add other factors to the component failure matrix. Less rigorous DFMEA might subtract factors considering failure in a more general manner.

Click image for a full resolution version.
A typical exchange between designers seated around a table might resemble the following example. "OK, next, R1627. This resistor functions in temperature sensor 1 circuit. Open results in over-temperature. Over temperature was previously assigned severity eight on a one to ten scale. Probability of occurrence for an open resistor was previously assigned a two on our one to ten scale. Multiplying eight by two, we arrive at sixteen—low on our threshold of possible RPN values. Considering further, we review the failed resistor's detectability. Temperature sensing is triple-redundant; this failed resistor is 99% detectable—a detectability rating of 0.1 on our scale. Thus our final RPN for R1627 is 1.6—well into our previously defined safe range for RPNs.

With risks identified and severity assigned, the development team can proceed with the DFMEA process. Failure modes may now be identified. Potential failure modes are the consequences of the failure cause. One failure mode may cause a number of risks. Often the development team selects the highest risk severity for the failure mode identified.

One must review possible product failures. One such failure might be in the heating elements. For example, a design team may identify heating element failure and assign a numerical probability value. All such identified failure types are then assigned probability values. A design team may now understand its RPN for each failure-made: risk severity pair.

The last factor to be taken into consideration by the team is failure risk probability. The team considers if a particular failure may be detected. Again assign numbers.

As one can imagine, a component level DFMEA results in a very large matrix. Using a spreadsheet program, this large matrix can be managed and shared between all concerned parties. A single component level DFMEA can have thousands of individual risk entries. As the analysis proceeds, patterns emerge. Product designers look for these patterns. The DFMEA can be used to ferret out design weaknesses.

Early in the electronic product design cycle, the DFMEA often picks up a number of design weaknesses. These deficiencies are recorded and the design is iterated. Another DFMEA is performed on the iterated design. Fewer deficiencies are identified and improving detectability reduces others. After a few design updates and DFMEA iterations, the design team reaches a high degree of confidence that the particular electronic design has a failure mode effect, which is ALARP. It is a good feeling to know the team's design has gone through a rigorous development process.

For additional information on the technologies and products discussed in this article, see MDT online at or Orchid Technologies at


Share this Story

You may login with either your assigned username or your e-mail address.
The password field is case sensitive.