The medical safety standard IEC60601-1 3rd Edition has been implemented. What do engineers involved in power supply selection for medical equipment need to know?

Standards and their implementation can often cause a lot of confusion, and the 3rd edition of the medical safety standard IEC60601-1 is no exception. Initially ratified as early as 2005, it has only been since the recent withdrawal of the second edition that engineers are forced to take note of the changes. In some ways it might even be considered a new standard, especially as some regional regulatory agencies are only now in the process of adopting it. The first amendment of the standard has recently been issued and helps clarify some of the queries engineers had with the initial document. In addition, the amendment rectifies some of the mistakes that have been uncovered through practical use.

There are many IEC60601-1 based standards that are implemented for a specific country or region of the world. These standards are based on the formal IEC60601-1 standard but with deviations from the “root” IEC standard. Designers of medical equipment need to carefully consider the different variations of the standard across the potential countries and regions of the world where the end-system might be used. The standard in the United States is ANSI/AAMI ES60601-1:2005 (+C1:09 & A1:10), and the safety of most medical devices is regulated by the Food and Drug Administration. For example, the changes implemented by ANSI/AAMI amount to over 40 pages of deviations from the main standard. Some of these relate to how equipment is connected to a domestic power main and aim to bring the standard to be in harmony with the US National Electrical Code. In Canada, the national standard is CSA C22.2 No. 60601-1 (2008). Medical devices in Canada are regulated by the federal agency Health Canada. For the European Union, medical devices “must meet the essential requirements” (Medical Device Directive: 93/42/EEC, Article 3). Compliance is presumed by conformity to EN60601-1 with the regional differences and applicable Directives.

Also, an IECEE CB Test Certificate and report can be obtained. A National Certification Body can evaluate (including testing) a product and determine that it meets the IEC60601-1 standard (along with desired national deviations) and issue a Certificate and Report. The CB can be used to help with approvals in individual countries. More than 30 CB scheme member countries accept IEC60601-1 CB Certificates. Clearly, engineers of end-product need to know what regions of the globe a product will be intended, determine which standards and requirements apply, and then design the product accordingly. There are no “quick fixes” for this process, but desk research will yield the necessary criteria products must meet.

Figure 1. An illustration of a risk evaluation chart.The main principle behind IEC60601-1 is that it applies to any medical equipment used within the vicinity of a patient. This proximity is stipulated to be within 1.5 meters of the patient in any horizontal or vertical direction. If the operator of equipment can touch the equipment and patient simultaneously, that equipment also should be evaluated for patient protection.

In addition to meeting the physical and performance requirements of the 60601-1 standard, there is also a requirement for “Risk Management.” The standard for risk management is ISO14971. This standard does not define what is or is not an acceptable risk. It does, however, provide the framework to analyze risks. An acceptable risk has to be determined by the device manufacturer. It should be noted that power supplies have been exempted of risk management by the IECEE. The risk is evaluated at the system level, inside of which a power supply or supplies are located. A potential hazard is gauged by the probability and severity of an incident occurring in order to determine the risk. If a risk is deemed too high, then the severity could perhaps be reduced or the probability made less likely. A Risk Management file for the product is required, and records are maintained per ISO14971 for the life of the device. The risk management evaluation is to determine that the product is safe for its intended use.

Figure 2. One of many methods of isolation providing two Means of Protection between AC Mains and a Patient or Operator.There are various leakage current requirements with maximum permissible limits based on the application. Leakage current is defined as any current that is not functional. Typically for 60601-1, the “Earth Leakage Current” is a maximum is 5 mA for MOOP and a maximum of 500 uA for MOPP. The “Earth Leakage Current” is the current flowing from AC mains to Protective Earth. The power supply has a major impact with this due to the Y-capacitors. Additional leakage current requirements apply to the system, and they can be less or not impacted by the power supply.

The standard uses some additional terms relating to leakage current that might need explanation. Touch Current is current flowing from the enclosure to operators or patients. Patient Auxiliary Current is current flowing between any patient connection and all other patient connections. Patient Leakage Current is the flow of current from the patient connections (through the patient) to earth.

For MOOP, the last three would not apply. The second could apply (for an operator) depending on applications. If the equipment were in the vicinity of a patient, the current would be stricter because the operator could touch the equipment and patient at the same time. Again, engineers need to be fully aware of the intended purpose of the equipment so that it can be designed to meet the applicable requirement.

Figure 3. Rotating fans are a type of mechanical hazard that must be guarded against.Finally, there are a number of requirements regarding the mechanical design and layout of a power supply as well as the system as a whole. The mechanical design of the enclosure needs to provide suitable protection against access to hazardous voltage or energy such as exposed terminals and bare conductors. It also needs to be free from sharp edges or moving parts such as a rotating fan, or any other potential hazards. The enclosure should also limit the risk of fire propagation should the unit overheat or a surrounding component or board overheat or burn. The operating environment of the equipment will also influence the choice of the mechanical design and layout used.

When embarking on a new design, engineers should select components that help rather than hinder the safety compliance evaluation. Starting with the power supply makes a lot of sense. The front-end (AC-DC) power supply should be approved by a minimum of one regulatory agency with approvals for the regions where the equipment is intended to be used. The chosen unit(s) should have suitable isolation and protection against overheating and fault conditions. If there are multiple voltages necessary, then additional power supplies (DC-DC) can be used for specific voltages and perhaps additional isolation if needed.