Originally Published MDDI March 2003

Product Safety

Product safety requirements impact the entire design process. This article offers guidance on complying with these regulations, providing tips on everything from evaluation and documentation to methods for avoiding common mistakes.

by Michael L. Marcus and Brian R. Biersach

Designing medical electrical equipment to meet today's complex safety certification requirements can be costly and time-consuming for medical device manufacturers. This is doubly true if these requirements are not considered during the early stages of design.

Medical equipment is held to a higher level of safety than nearly all other types of equipment on the market. There are several reasons for this: medical equipment may be used on patients who are not able to respond to hazardous conditions or pain; an actual electrical connection between the equipment and patient may exist; and certain types of medical equipment function as life support and their failure could result in the patient's death.

Although engineers spend years in school and the workplace learning how to design equipment, they may not understand the relevant safety standard requirements. Understanding these requirements early in the design phase will reduce product development costs, expedite certification turnaround, and increase product safety.

This article is intended to increase awareness of product safety certification requirements both in the United States and internationally. It identifies the applicable safety standards and reviews their philosophy of safety, then describes the process of evaluation and documentation. Manufacturers' most common noncompliances are also discussed.

Safety Certification

Medical Equipment for the United States and Canada. Under the 510(k) paradigm, FDA recognizes consensus safety standards as a means to support a declaration of conformity. Many authorities in the United States and Canada require a safety certification mark on certain equipment. Underwriters Laboratories (UL) is the major product safety certification organization in North America. Manufacturers submit product samples and information to UL for evaluation to applicable safety standards, and the products that meet these requirements are authorized to apply the appropriate UL mark.

Medical Equipment for the European Union (CE Marking). All but low-risk, nonmeasuring, nonsterile medical devices used in Europe must bear the CE mark and the relevant notified body's identification number. A notified body is a third party designated by European authorities to grant CE marks following its assessment of product compliance with the Medical Device Directive (MDD; 93/42/EEC), which is essentially the European law for medical devices.¹ Assessment by a notified body encompasses compliance with the directive's requirements for safety, performance, suitability for intended use, and risk analysis. Manufacturers can choose from several conformity assessment routes, which usually involve a quality assurance assessment of the manufacturer's facilities.

Medical Electrical Safety Standards

Product safety certification agencies use standards to evaluate a broad range of product types. These safety standards are consensus documents that define minimum construction and performance requirements. UL standards, for example, cover more than 5000 product categories—including both medical and nonmedical. Table I provides a sample of UL standards that pertain to medical and related product categories. A complete list of UL standards can be found at http://ulstandardsinfonet.ul.com.²

Since 1972, electrically operated medical equipment used in the United States has been evaluated to the UL 544 standard for medical and dental equipment. This standard will be withdrawn at the end of 2004, requiring both new and current UL 544 equipment to be evaluated to the UL 2601-1 standard if they are to continue to carry the UL mark.³ In 1994, UL published UL 2601-1, which was written as a harmonized standard to IEC 601-1 (renamed IEC 60601-1).

Prior to this harmonization initiative, manufacturers were required to comply with different standards for different countries. This often required that multiple product models be designed and manufactured to meet different national standards. Using an internationally harmonized safety standard meant that a product could be designed and evaluated for compliance with a single standard, such as UL 2601-1, and also be eligible for use in many different countries. Other countries that use an IEC 60601-1– harmonized standard include those in the European Union, Canada, Brazil, Japan, South Korea, and Australia. In addition to providing the basis for many harmonized standards, IEC 60601-1 is an FDA-recognized consensus standard, used to support a manufacturer's declaration of conformity. A listing of all FDA-recognized standards is available at www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfStandards/search.cfm. 

The UL 2601-1 safety standard contains the full text of IEC 60601-1 and adds U.S. deviations, as shown in Figure 1. The U.S. deviations contain national requirements, such as those for the mains circuit (National Electric Code and UL), component requirements (ANSI and UL), lower leakage-current limits (AAMI and UL), enclosure flame ratings (UL), and production line testing (OSHA and UL). Since these deviations do not conflict with the base standard, the equipment is still in compliance with IEC 60601-1.

Additional Standards

The second edition of IEC 60601-1 contains two amendments that were published in 1991 and 1995. These amendments are additions and corrections to the base standard. The standard also has collateral (horizontal) standards, numbered IEC 60601-1-x, and particular (vertical) standards, numbered IEC 60601-2-xx. The collateral standards include requirements for specific technologies or hazards and apply to all applicable equipment, such as medical systems (-1-1), electromagnetic compatibility (EMC; -1-2), radiation protection in diagnostic x-ray equipment (-1-3), and software (-1-4). The particular standards apply to specific equipment types, such as medical electron accelerators (-2-1), high-frequency surgical equipment (-2-2), and hospital beds (-2-38).

Figure 2 illustrates the organization of the collateral and particular IEC 60601 standards. The U.S. deviations, amendments, and collateral and particular standards are used together to evaluate medical electrical equipment. They all use the same clause numbering system, which allows cross-referencing of the requirements.⁴

IEC 60601-1 Requirements

Philosophy. The underlying philosophy of IEC 60601-1 and the harmonized standards is that equipment must be safe in both normal and single-fault condition (NC, SFC). 

For electrical safety, the standard requires two levels of protection (LOPs) against excessive unintentional current, defined as leakage current, passing through the patient or operator. Figure 3 illustrates the two LOPs between the live part (mains) and the patient (1A and 2A), and between the live part and the enclosure (1B and 2B). In the case of 1A and 2A, the levels of protection are basic insulation (BI) and supplemental insulation (SI). For 1B and 2B, they are BI plus protective earth.

Table II provides the minimum spacing requirements and dielectric requirements for these barriers. If the insulation does not meet both the dielectric and the spacing requirements, it cannot be considered a level of protection and can be shorted in testing. Note that BI and SI spacing requirements are the same; however, the SI dielectric values are greater than the BI values. For the enclosure or other conductive parts to be considered protectively earthed, the grounding path of the equipment must pass from the protectively earthed part to the earth connection for 5 seconds at 15 A or 1.5* rated current. Additionally, this must be done with  0.1-? resistance for equipment with a detachable power supply cord, or  0.2 ? for equipment with a nondetachable power supply cord. The Canadian ground-bonding requirement increases the current to 30 A or 2* rated current and the time to 120 seconds.

To demonstrate that medical equipment is safe in both NC and SFC, certain conditions must be addressed. Table III describes these conditions, which are specified in the standard.

Evaluation of Medical Equipment

The process of evaluating medical equipment for compliance with the requirements in UL 2601-1 includes not only the equipment itself, but the users' manual, markings, software (if it mitigates a hazard), the biocompatibility of applied parts, and EMC. 

Before submitting equipment for evaluation, certain information should be developed. Most importantly, the manufacturer must ask, does the equipment fit the scope of UL 2601-1? If it does, look to the IEC 60601-1 collateral and particular standards to see whether any apply. Once the applicable standards have been established, review them, paying particular attention to the standards that have specific requirements for the type of equipment.

IT Equipment. All equipment functions and accessories that can be used with the equipment should also be identified. If the equipment is intended to connect to other equipment, such as a computer or printer, there are additional issues that need to be addressed. Information technology (IT) equipment is evaluated to UL 60950, which does not have the same spacing requirements or leakage-current limits as UL 2601-1. Per the collateral standard IEC 60601-1-1, any nonmedical equipment connected to the medical equipment must have certification to its applicable IEC or IEC-harmonized standard. The data ports of the medical equipment must also be evaluated for the worst-case electrical input it could experience. For IT equipment, this is considered to be 50 V dc in NC and the highest rated mains voltage of the medical equipment in SFC. These numbers were derived from the highest normal voltage that could be present on data ports from IT equipment and the difference in mains separation spacing requirements between medical and IT equipment (only equivalent to one LOP).

Insulation Diagrams. Using schematics, circuit diagrams, and the determined standard classifications of the medical equipment, manufacturers should create an insulation diagram. The insulation diagram is very important, as it is a graphic illustration of the LOPs, used to determine required spacings and dielectric test values. It also helps identify the critical components. 

From the insulation diagram, manufacturers should document all components that cross the specified BI, SI, double insulation (DI), and reinforced insulation (RI) barriers and measure the creepage and clearance spacings required by the insulation diagram (printed wiring boards, transformers, relays, positions of circuitry and wiring, etc.). The U.S. deviations in UL 2601-1 also specify that primary components (up to the mains transformer), lithium batteries, cathode-ray tubes less than 5 in., printed wiring boards, optical isolators acting as a required barrier, and conductive coating processes meet a nationally recognized standard, such as UL or ANSI. Overall, all component ratings must meet the equipment's ratings in both voltage and frequency. Manufacturers must also verify that the proper mains fusing configuration has been used (Class I: line and neutral, Class II: line only, permanently installed equipment: line only).

Flammability assessments of equipment and components should also be made. Enclosure materials need to meet the UL 94 flame-rating requirements for polymeric enclosures if there is >15 W available power in the enclosure (minimum of V-2 for mobile portable equipment, and V-0 for fixed or stationary equipment).

To ensure that the enclosure meets the construction requirements of the standard, a number of mechanical and physical inspections should be performed. Mechanical inspections encompass examination of any enclosure openings, using the IEC test finger and pin, to ensure no access to live parts. In addition, the need for a tool to access any live parts (screws securing the enclosure openings) should also be verified.

Documentation and Labeling. Documentation and labeling requirements must also be addressed, since the standard considers all markings and accompanying documents as part of the equipment. Clause 6 in UL 2601-1 specifies requirements for labels and inclusions in the accompanying documents. Because of this requirement, manufacturers must be sure to have at least a draft of the accompanying documents ready for the equipment's evaluation.

Once this information is developed, device makers can initiate the safety evaluation of the equipment. One or more samples are required, depending on the equipment type and time requirements. Multiple samples of components may be needed to perform destructive tests (transformers, relays, plastic enclosures, motors, etc.). For medical equipment in particular, it is advantageous to conduct a preliminary evaluation at the manufacturer's facilities. This allows for more expedient changes to the equipment if there are construction or test-related noncompliances.

A typical evaluation of medical electrical equipment begins with a review of previously identified information and the insulation diagram, along with a construction inspection. Next, the required testing is performed. This includes electrical, mechanical, temperature, abnormal-condition testing, etc. If software is required for mitigating fire, shock, or mechanical hazards, or is specified by an applicable particular standard, the software design process and implementation are evaluated using IEC 60601-1-4 and parts of ISO/IEC12207 and ANSI/UL1998, 2nd edition. While not currently required for UL classification, an optional action is to conduct EMC testing using IEC60601-1-2 and review biocompatibility documentation on patient- contact parts using ISO 10993-1. The critical component list is then developed using the insulation diagram, construction requirements from the standard, and test results.

The Process of Documentation

The documentation developed as a result of a safety evaluation depends on the manufacturer's requirements. The three common types of documentation are a UL report, an informative test report, and a certified body (CB) report. 

UL Report. A UL report (consisting of a product description and test report) authorizes the manufacturer to apply the UL/C-UL mark (for products sold in the United States and Canada) to products covered in the report. It also describes the equipment evaluated and its critical components. UL conducts quarterly audits (required of nationally recognized testing laboratories by OSHA) using this report to verify that the equipment bearing the UL/C-UL mark is the same as the equipment that was tested. 

Informative Test Report. An informative test report is a complete documentation of all the requirements in a standard (N/A, Pass, or Fail). It includes a test record, insulation diagram, illustrations, equipment markings, and other applicable information, and it is the preferred document for MDD technical files (required for CE marking). It is also required by some international hospitals and clinics for equipment purchases. 

CB Report. A CB report, also known as a national certification body report, is similar to an informative test report, but also contains a certificate from the issuer, who is required to be a member of the IECEE CB Scheme. A CB report is used to obtain certification marks in different countries without repeating the full evaluation of the equipment. The informative test and CB reports are very important—they act as international "passports" for a device.

Common Noncompliances

There are many common noncompliances that could have been easily avoided had the designers known the safety standard requirements early in the design phase. The most common noncompliance item relates to the accompanying documents, about which the standard is very specific. Since most companies have separate departments that create these documents, the creators are often not aware of these requirements.

The next common noncompliance—and likely the most costly—is the power supply selection. The best advice is to use a UL 2601-1–recognized power supply. By doing this, compliance with spacing, leakage-current, and mains-component requirements is assured. Also, the manufacturer avoids the cost of evaluating the power supply and of quarterly inspections at the power supply manufacturing facility. Many designers begin with a non–UL 2601-1–recognized power supply, only to change to a recognized one when they discover the associated costs of using the nonrecognized model. Also, when designing medical equipment, it is important to be aware of the minimum spacing requirements for electrical barriers.

Inadequate spacings on circuit boards and between circuits and metal enclosures are another typical mistake. One example of this is dc-dc convertors crossing required barriers. Very few dc-dc convertors, including UL-recognized models, provide the spacing or insulation barrier required by these standards, so manufacturers must make sure to get the specifications on the spacings or barriers from input to output. For equipment with plastic enclosures, be sure that the plastic chosen for the enclosure has the required UL-recognized flame rating, as specified above. 

The last typical mistake relates to indicator lights. Red indicator lights can only be used for a warning, yellow for caution. Keep this in mind when selecting LEDs for any indicator lights.

Conclusion

To avoid costly and time-consuming last-minute device design changes, medical device manufacturers need to be familiar with the existing safety certification requirements in their respective fields. Understanding these requirements and dealing with them early in the design phase results in cost reduction, faster certification turnaround, and increased product safety.

References

1. Medical Devices Directive, 93/42/EEC, June 1993.
2. UL StandardsInfoNet, Catalog of UL Standards for Safety (http://ulstandards-infonet.ul.com/).
3. Remainder of Effective Date for Withdrawal of UL 544 and UL 187 UL bulletin to subscribers of UL's service for medical electrical equipment (Melville, NY: Underwriters Laboratories, May 10, 1999).
4. See http://www.iec.ch/seatop-e.htm.

Bibliography

Fundamental Aspects of Safety Standards for Medical Electrical Equipment, IEC 60513. Geneva: International Electrotechnical Commission (IEC), 1994. 

Medical Electrical Equipment—Part 1, General Requirements for Safety, EN 60601-1. Brussels: European Committee for Electrotechnical Standardization (CENELEC), 1991. 

Medical Electrical Equipment—Part 1, General Requirements for Safety, IEC 60601-1. Geneva: IEC, 1988. 

Medical Electrical Equipment—Part 1, General Requirements for Safety, UL 2601-1. Northbrook, IL: Underwriters Laboratories Inc. 1997. 

Mellish, Richard G. “The Single Fault Philosophy: How It Fits with Risk Management” (paper presented at ACOS Workshop VI, Safety of Electromedical Equipment—An Integrated Approach through IEC Standards, Toronto, May 6–7, 1998). 

UL 2601-1 Medical Seminar “Designing For Safety.” Northbrook, IL: Underwriters Laboratories, 2002.

Copyright ©2003 Medical Device & Diagnostic Industry