If you ever get involved in designing medical device electronics, you will find yourself in a complicated maze of regulations that the typical designer of consumer electronics never has to navigate. I have seen multiple cases of designers putting together a medical device, only to hit a concrete wall of safety regulations when they try and bring the device to market. They have to tear it apart and start over.
Regulations for medical devices are unique to each country, and many different medical devices have their own specific sets of rules and regulations. Most countries adhere to the guidelines put out by the International Electrotechnical Commission (IEC), with some country-specific variants.
- Choose The Right Resistors For Medical Applications
- Biomedical Devices Improve And Extend Patient Lives
- Next-Generation Ultrasound Will Rely On Real-Time Compression
As a designer, you need to get your hands on a copy of the IEC-60601-1 and IEC-60601-1-2 documents. Adhering to those documents will get a lot of what you need done to be “601 compliant.” In addition, you need to track down if there is a specialty document for the specific type of device you are working on. At last count, the IEC has produced about 60 of these special requirements documents.
In addition to safety design requirements, strict manufacturing rules are associated with the traceability of source materials and manufacturing procedures. Quality control is a big part of the process, but I will concentrate here on the things that affect electronic design.
Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.
Definitions And Risks
From the rules and regulations perspective, what is a medical device? Medical Electrical Equipment (Reference IEC 60601-1, 3.63) is defined as: “electrical equipment having an applied part or transferring energy to or from the patient or detecting such energy to or from the patient.” That includes EEG monitors, IV pumps, imaging systems, ECG devices, vital signs monitors, and similar devices that connect directly to a patient.
Items that don’t have direct patient connections are considered laboratory test devices and are generally regulated under IEC-61010, which deals with “Safety Requirements for Electrical Equipment for Measurement, Control and Laboratory Use.” Experimental medical devices need to comply with these regulations as well. The federal Food and Drug Administration (FDA) will grant investigational device exemptions, but getting them will require you to meet the safety requirements nonetheless.
Risk management recently became part of this process too. Application Of Risk Management to Medical Devices (Reference ISO 14971) requires an itemization of risks for all operation modes and all fault scenarios. This results in a risk matrix associated with using your device. Probability of occurrence versus severity of harm is classified, as anything significantly harmful and somewhat probable of occurring needs to be addressed. This is a simplification, but serves to illustrate the idea. I know of individuals inside medical device companies whose entire job is defining the risk matrix for devices and seeing that designers resolve the associated issues.
Patient isolation safety is a big part of the design process. There are well-defined rules for isolation of both the patient and the operator of the device. This includes tight controls on leakage currents, voltages applied, and energy limits that can make it to the patient. Physical separations as well as dielectric leakage across isolation bridges to the patient are itemized, and designers are restricted in how they can get both power and data across those isolation bridges.
A specialty industry exists for isolated power converters that can provide patient connected power and transport information (analog or digital) across those isolation bridges. No dc path exists between the patient and the “mains connected” system electronics (Reference IEC-60601-1-1, Section 8, p 135-269).
Any external power supply to your system needs to be 601 compliant as well, or you will bear the responsibility of that device as part of your compliance and safety testing. If you put an ac-dc power supply inside your device, any step-down transformer also needs to comply.
Medical devices need to undergo electromagnetic compatibility (EMC) testing and not just survive the tests, but also continue to work successfully and accurately throughout those tests. Error messages, system resets, component failures, changes to programmable parameters, changes of operating modes, false alarms, and faulty patient information are not allowed. If one blinking light on your device shows a faulty reading at any time under any condition, you need to fix your design. With that in mind, let’s look at the key EMC tests you need to pass.
Major EMC Tests
Conducted emissionstesting is pretty straightforward. The test determines what electromagnetic interference (EMI) your device is putting back onto the power lines (Reference CISPR 11 — Comité International Spécial des Perturbations Radioélectriques – “Industrial, Scientific, and Medical Equipment – Radio-Frequency Disturbance Characteristics – Limits and Methods of Measurement”). The test range is generally 150 kHz to 30 MHz. If your device is a power-line noise generator, it can be cleaned up with line filters, common-mode chokes, ferrite beads, or determining what the noise source is and locally reducing its noise. Switching power supplies are common culprits. Switching supplies are efficient, but they tend to be noisy.
Radiated emissions testing is pretty well known to most EEs who have brought a product to market. The Federal Communications Commission (FCC) limits your RF noise being generated (see “Quiet Down To Meet FCC Emissions Standards” at http://electronicdesign.com/contributing-technical-experts/quiet-down-meet-fcc-emissions-standards). You will need to meet FCC emissions standards from 9 kHz to 30 MHz for all devices and, depending on your design, may have to deal with radio-frequency interference (RFI) up to 40 GHz.
Power-line current harmonics determine what load current characteristics your device creates on the power mains that you plug into. The ac voltage (ideally) coming out of the wall is a sinusoid. If you present a resistive load, the current should be a sinusoid as well. But if you have active switching devices or other nonlinear responses, that current load can have higher-order harmonic content that needs to be filtered or otherwise reduced (Reference EN-61000-3-2).
Unstable power supplies are examined using two separate tests: power-line flicker (Reference EN 61000-3-3) and immunity to voltage dips and interruptions (Reference IEC 61000-4-11). Both deal with unstable ac power supplies and how your system responds. The acid test is a requirement where the ac power supply is reduced 95% for 5 seconds. Essentially, this is pulling the power supply plug briefly and requiring the system to operate fault-free. That’s why many medical devices can’t use a simple ac-dc supply and need a battery and charger electronics in the system. In some cases, a device may be able to run off of storage capacitance, but that will depend on your power consumption and space available.
Two additional tests are applied to mimic non-ideal external power. Electrical fast transient burst immunity(Reference IEC 61000-4-4) involves an intermittent burst of pulses applied to power or ground lines. Power-line surge immunity (Reference IEC 61000-4-5) requires a similar test with a wide range of time periods and waveforms. Both can apply up to ±2 kV to your power and ground inputs. Both require filtering and out-of-range safety shutoff circuitry to keep things running properly.
ESD immunity is conducted up to ±6 kV in contact with the device and air discharges up to ±8 kV. A systematic approach to ESD can get you past this hurdle (see “Protect Your Fortress From ESD” at http://electronicdesign.com/power/protect-your-fortress-esd). Remember that acceptable performance during ESD events for medical devices is not just damage-free survival, but successful, error-free functionality.
RF immunity testing (Reference IEC 61000-4-3) puts your device into a shield room and hits it with RF emissions to see if it has problems in a noisy RF environment. This testing now includes RF that mimics common cell-phone transmissions. Vulnerability to these tests includes high-bandwidth circuit nodes with high impedances and “long” antenna connections. Keep your impedances low and limit the bandwidth of any low-frequency control, bias, or power lines, and you should be able to survive this testing.
Power frequency magnetic field immunity (Reference IEC 61000-4-8) puts your device in a low-frequency (50 Hz and 60 Hz) magnetic field to determine sensitivity to applied magnetic fields at power-line frequencies. Some careful thought about how what’s in your system could respond as the secondary of a transformer will guide you through what’s needed to survive this test. Strategies include twisted-pair wiring for common-mode cancellation, differential signal processing, and (in rare cases) splitting any large inductor into two series wired parts that are physically wired so common-mode magnetic fields produce cancelling voltage on the two inductors.
Remember your medical device needs to pass these EMC tests in a manner that is error free. The device also can’t provide false medical information or cease treatment. Alarms and error messages aren’t acceptable either.
Testing The Software
Software, firmware, and other code used in a medical device also are regulated. There are two different testing approaches. The “little code” approach covers Verilog control code, digital ASICs, and simple microcontrollers. For little code systems, the regulations (Reference IEC-60601-1, Annex H) treat software as a black box component of the system. The functionality of the device is qualified and tested with that software as part of the overall functionality testing. The premise is that the device tests safe, and the code does not change once the device is released.
For devices with more complex software, the “big code” approach is a bit more involved. Complex software with multiple developers, code revisions, and releases needs to meet a separate regulatory process specified in the IEC 62304 document. The electromechanical parts of the system also must be 601 compliant.
In either the big or little code scenario, the device needs code that is robust and defensively designed. Designers should write things so the state or status can be lost at any time and the code is constantly updating and recovering where it is and what it is supposed to be doing. “Set and forget” code controls will fail if the core takes an ESD hit and every sensor line goes wild briefly. Medical events have distinct bandwidth and period characteristics that can be used to define code that only responds to the medical events.
All medical devices need to meet a rather complicated set of safety requirements. Compliance regulations will heavily affect the design, including mechanical, electrical, and software issues. Consequently, make sure your design team has some “literacy” in the regulatory aspect of the device during the R&D process. Otherwise, the device is going to undergo a sizable rebuild and redesign to get past the compliance milestone. Keep in mind when they put the defibrillator paddles on your chest, call “clear,” and push the button that everything else attached to you has to keep on working reliably and accurately. The “blue screen of death” can’t happen in medical devices.
Jerry Twomey has been involved in IC and PCB design since 1979. He has designed multiple consumer, commercial, and medical products including data communication, satellite systems, video, medical instrumentation, disk drives, cell phones, RF transmitters and receivers, and many others. Mixed-signal systems and design are his primary focus with a special interest in things not easily defined or solved. In addition to design, he teaches in both industry and academia and is a Senior Member of the IEEE. He holds an MSEE from Worcester Polytechnic Institute. He can be reached at [email protected].