Computertaste mit Medizintechnik-Symbolen
Martin Winzer / Fotolia
2023-08-14 expert contribution

Electrical safety in active medical devices: The IEC 60601-1 standard

Ensuring electrical safety is essential for electrically operated medical devices to protect the health of patients, users and third parties. Learn in this technical article how this is achieved by applying the IEC 60601 series of standards. 
Contact
Dipl.-Ing. Hans Wenner
Topics
Health
Medical technology
Safety

Electrically operated medical devices must meet special safety requirements. The IEC 60601 series of standards with the basic standard IEC 60601-1 "Medical electrical equipment - General requirements for basic safety and essential performance" describes these requirements and is therefore one of the most important and also most comprehensive standards for medical devices. 

Definition

First, here is a clarification to clear up any common ambiguities in advance.  

An "active medical device" is a device that depends for its operation on a source of energy, other than energy generated for that purpose by the human body or by gravity, and that acts by changing the density or converting that energy. A device that is used to transfer energy, substances, or other elements between an active device and the patient without a significant change in energy, substances, or parameters is not considered an active device. Software is also considered an active device. (See Medical Device Regulation (EU) 2017/745 (MDR), Art.2, para. 4). An "active medical device" can also be powered by other forms of energy than electrical energy, such as pneumatic or hydraulic.  

A Medical Electrical Device (ME device), on the other hand, is an electrically powered device that either has a so-called "applied part" (this is a part of the device that comes into contact with the patient during use (example: electrodes, bearing surfaces, ...), that transmits energy to the patient (example: X-rays, heat rays, ...) or that indicates such energy transmission. 

In addition, there is also the term "Medical Electrical System (ME System)", which describes a combination ("functional connection") of individual devices, of which at least one of these devices in the system is an ME device.  

In simplified terms: an ME device is usually an active medical device, but an active medical device does not necessarily have to be an ME device. 

Scope

The IEC 60601-1 standard with its collateral standards and special parts (see below) applies to the basic safety and essential performance of ME equipment and ME systems.  

Basic safety describes the "freedom from unacceptable risk directly caused by physical hazards" (example: electric shock, crushing of body parts, ...). Essential performance, on the other hand, refers to clinical functions. An essential performance characteristic exists if an unacceptable risk arises as soon as such a function deteriorates beyond specified limits or is no longer available at all.  

All requirements of the standard aim to ensure these two core principles, both in normal operation, in the event of the first failure, and during maintenance. 

What is outside the scope? 

The IEC 60601 series of standards does not apply to in vitro diagnostic devices. Here, the IEC 61010 series of standards applies (please note that at the time of writing, two corrigenda are available). Similarly, it does not apply to implantable parts of active implantable medical devices, for which the ISO 14708 series of standards applies, nor to medical gas supply systems, which are specified in the ISO 7396-1 series of standards.

Structure

The structure of the IEC 60601 series of standards consists first of all of a basic standard (IEC 60601-1), which specifies the general requirements for all ME equipment. It forms the basis to which the other standards in the series refer.  

Since the basic standard is applicable to all ME devices, this means that the contents are quite general. In order to describe specific topics that are precisely not applicable to the generality of ME devices, special topics are dealt with in the supplementary standards, the "Collateral Standards". In terms of nomenclature, the collateral standards are designated 60601-1-X and contain specifications for basic safety and essential performance characteristics for specific equipment subgroups (e.g., radiological equipment) or for specific characteristics of all ME equipment where further specification of the basic standard is required. In detail, there are the following supplementary standards: 

IEC 60601-1-1: (General requirements for safety; Collateral standard: Requirements for the safety of medical electrical systems). Withdrawn; the content has been incorporated into IEC 60601-1, chap. 16 "ME systems".   

  • IEC 60601-1-1: (General requirements for safety; Collateral standard: Requirements for the safety of medical electrical systems). Withdrawn; the content has been incorporated into IEC 60601-1, chap. 16 "ME systems". 
  • IEC 60601-1-2: General requirements for safety, including essential performance - Collateral standard: Electromagnetic disturbances - Requirements and tests.  
  • IEC 60601-1-3: General requirements for safety, including essential performance - Collateral standard: Radiation protection of diagnostic X-ray equipment.  
  • IEC 60601-1-4: (General requirements for safety; Collateral standard: Programmable electrical medical systems). Withdrawn; some of the content has been incorporated into IEC 60601-1, Chapter 14 "Programmable electrical medical systems (PEMS)". This chapter also contains the normative reference to IEC 62304. The contents on risk management are in ISO 14971.   
  • IEC 60601-1-6: General requirements for safety, including essential performance - Supplementary standard: suitability for use. The standard is valid, but it has been defacto superseded by IEC 62366-1. We explain this aspect in detail in our technical article Usability and Usability Engineering for Medical Devices. 
  • IEC 60601-1-8: General requirements for safety, including essential performance - Collateral standard: Alarm systems - General requirements, tests and guidelines for alarm systems in medical electrical equipment and in medical electrical systems.  
  • IEC 60601-1-9: General requirements for safety, including essential performance - Collateral standard: Requirements for reducing environmental impact.  
  • IEC 60601-1-10: General requirements for safety, including essential performance - Collateral standard: Requirements for the design of physiological closed-loop control systems.  
  • IEC 60601-1-11: Particular requirements for safety, including essential performance - Collateral standard: Requirements for medical electrical equipment and medical electrical systems for medical care in a domestic environment.  
  • IEC 60601-1-12: General requirements for safety, including essential performance - Collateral standard: Requirements for medical electrical equipment and medical electrical systems in emergency environments. 

These supplementary standards target specific properties, but are still not specific enough to formulate concrete requirements for specific devices. For this purpose, there is an even further refinement in the IEC 60601 series of standards: the "Special Specifications", the Particular Standards, also referred to as "Product Standards". They generally comply with the IEC 60601-2-XY nomenclature and describe specific aspects for the basic safety and essential performance characteristics of specific ME equipment.  

So how are these standards read and applied?  

If "Special Provisions" are applicable, they may modify, supersede or invalidate the requirements of the Supplementary Standards. A supplementary standard (possibly with the modification by "special provisions") can now supplement, modify, replace or invalidate the requirements of the basic standard ("general requirements"). The result is the requirement for the product.  

Simplified: (the "higher order" standard comes first in this order): Special specifications -> Supplementary standards -> General requirements. 

General requirements

The core idea of IEC 60601-1 is the first-fault safety of ME equipment, supplemented by risk management. First-time fault safety can be considered to be given if no unacceptable risk occurs during the expected operating time, although a first fault has occurred or a single, abnormal external condition (example: power supply failure or excessive voltage at a signal input or signal output) is present. Based on this, risk management goes even further: the manufacturer uses the results of the risk analysis to simulate possible further failures and to check for failures.  

Another task of the mandatory risk analysis is that manufacturers must determine the "essential performance characteristics" of the clinical functions of the ME device or system. An essential performance characteristic exists when an unacceptable risk arises as soon as such a function deteriorates beyond specified limits or becomes unavailable altogether. Thus, they are required for the intended use of the ME device or system, or they are safety critical. The aim of the risk management process is then to control any risks by means of suitable methods and to maintain the essential performance characteristics. 

However, IEC 60601-1 also separately addresses certain safety-critical aspects in the course of risk assessment, risk management and risk control of an ME device or system. These include the expected operational lifetime (see also our technical article "Expected lifetime of medical devices: What does it mean exactly?"), requirements for parts and components that can be touched by patients, the technical suitability of the power supply, and specific power consumption characteristics. 

General requirements for the design of ME equipment are spread across the individual chapters of IEC 60601-1. Common to all of them, in addition to the requirement that an appropriate level of safety must be ensured, is suitability for use (reference to IEC 62366-1). ME equipment must have suitably located controls and be designed to provide adequate access for maintenance purposes.   

Summary: in addition to specified limits that are measurable and testable, a key component of IEC 60601-1 is the risk management process. This is required for compliance with the standard. The risk management process follows the relevant risk management standard ISO 14971. IEC 60601-1 explicitly references ISO 14971, but allows for exceptions, especially with regard to production and post-testing. How a risk management process is carried out in detail can be found in the detailed technical article on the subject of risk management for medical devices. 

Further general requirements of IEC 60601-1 refer to representative random tests of ME equipment. This includes specifications on the number of test specimens, ambient temperature, humidity and humidity pretreatment, pressure, operating conditions, test sequences, power supply, and the procedure for applied parts and touchable parts.    

Classification, marking and accompanying documents

The IEC 60601-1 standard divides ME equipment and ME systems into protection classes that must be defined and identified by the manufacturer. Essential criteria are:  

  • Protection against electric shock  

  • Protection against harmful ingress of water or solid substances  

  • Sterilization process  

  • Suitability for use in oxygen-enriched environments  

  • Mode of operation (continuous or non-continuous)  

  • Appropriate markings and inscriptions must be legible and permanently affixed to the device, for which special symbols are defined. 

IEC 60601-1 places great emphasis on the information provided to the user of the device (but also to those performing maintenance work, for example), such as information on mains voltages or type of current for ME devices connected to a supply network or whether the device has an internal power supply. In addition, there is information on the location of an inscription, i.e. on the outside or inside of the device or on operating elements and displays. Also specified are safety and pictorial symbols to be used, colors of the line insulation, signal lamps and operating elements, marking of the protective conductor connection, potential equalization, etc.  

In addition to inscriptions on the device or its nameplate, information must also be provided in the accompanying documents (instructions for use and technical description). These accompanying documents are an integral part of an ME device and are therefore also subject to the test requirements of IEC 60601-1.  

All this information (accompanying documents, inscriptions on the device, operating and display elements, ...) must be examined for their suitability for use - see IEC 60601-1-6 and in particular IEC 62366-1

Protection against hazards

In addition to the requirements already described with regard to the "essential performance characteristics" and risk management, a large part of the IEC 60601-1 standard deals with specifications for protection against direct hazards that can emanate from ME equipment, the so-called "basic safety".  

A major source of danger from ME equipment is, of course, the electrical current itself, so the standard makes basic statements about protection against these electrical hazards. It should be noted that not only electric shock but also leakage currents are relevant. Depending on the application, these can also lead to ventricular fibrillation and thus, in the worst case, to death. Therefore, requirements are placed on current sources and the limitation of voltage, current and energy. The electrical isolation of components, connections, lines, etc. by means of suitable design measures is also the subject of the specifications. Further specifications concern the design of the protective conductor connection, the limitation of leakage and auxiliary currents, dimensioning of creepage distances and clearances, selection of components, construction of line connections and the design of power supplies. 

Another source of danger results from the mechanical properties of the device. Moving parts, surfaces, corners, edges or instabilities can lead to a wide variety of mechanical hazards, such as crushing, pinching, scraping or cutting. IEC 60601-1 therefore describes a large number of requirements with regard to moving parts (between which one can become trapped), safety distances, protective devices, stops or positioning. In addition, there are specifications relating to vibrations and acoustic energy as well as to pressure vessels and support systems.  

ME equipment must demonstrate sufficient mechanical strength and meet a number of defined test criteria. Examples include impact, shock and drop resistance. In general, equipment components must be designed and installed to minimize potential damage as described above.  

Excessive radiation can also lead to hazards. This concerns X-rays, alpha, beta, gamma, neutron and other corpuscular radiation, microwaves, lasers and other visible electromagnetic radiation, as well as infrared and ultraviolet radiation. Specifications mainly concern radiation quantities and determination methods or corresponding power values. Special specifications and supplementary standards are also frequently found in this context. 

Other sources of danger that are also related to energy are excessive temperatures and fires. IEC 60601-1 specifies maximum allowable temperatures of equipment under certain conditions, such as whether there is skin contact or contact is likely. The environment in which an ME device is operated must also be considered. Therefore, requirements are set, for example, for the operation of ME equipment in oxygen-enriched atmospheres or for the fire resistance of enclosures.  

In addition, factors such as spillage, leakage, ingress of liquids or solid materials, cleaning, disinfection, sterilization and substance compatibility as well as biocompatibility for parts that are touched or come into contact with patients, users or third parties play an important role with regard to potential hazards.   

Medical software

The originally existing supplementary standard on software (IEC 60601-1-4 General requirements for safety; Supplementary standard: Programmable electrical medical systems) has been withdrawn - see above. 

The consideration of software is now included in ch. 14 of the IEC 60601-1 standard; it is called "Programmable Electrical Medical System", or "PEMS" for short. Importantly, while stand-alone software (e.g., an APP) is an active product under the MDR, it does not meet the criteria for an ME device. Therefore, IEC 60601-1 is not applicable to stand-alone software (SaMD - Software as Medical Device).  

Essential requirement: when creating software, a defined software development lifecycle must be followed and this must also be documented. For this purpose, IEC 60601-1 describes the necessary elements of such a development lifecycle and also refers to IEC 62304. The essential elements are to draw up a detailed requirements specification at the beginning, from which the PEMS architecture and, if necessary, the design are derived. Accompanying the software integration are steps of PEMS verification and finally validation. The process is (of course) accompanied by risk management and - in accordance with IEC 62304 - by further accompanying processes such as configuration management and problem-solving process. If the PEMS is also to be integrated into an IT network, IEC 60601-1 also contains requirements for this process.  

Note: We discuss the topic in detail in our technical article Software Lifecycle for Medical Devices

ME systems

As described above, the term "medical electrical system (ME system)" describes a combination ("functional connection") of individual devices, of which at least one of these devices in the system is an ME device  

In Chapter 16, IEC 60601-1 specifies requirements for ME systems. It should be noted in particular that non-medical devices can also be integrated in such a system (e.g. printers, monitors). These have a different safety level than ME equipment, so there are special requirements with regard to installation and spatial arrangement, accompanying documents, power supply, housing design, disconnecting devices, leakage currents, protection against mechanical hazards, power supply interruptions, connections and wiring. 

Electromagnetic compatibility

Finally, IEC 60601-1 deals with electromagnetic compatibility requirements, because EMC is inextricably linked to electric current. As part of the mandatory risk management process, the manufacturer is required to evaluate and take into account the electromagnetic phenomena prevailing at the site of use of an ME device or system. The same applies in reverse to the electromagnetic phenomena generated by the ME device or system itself, which could affect the performance of other devices or equipment. For further details, reference is made here to the above-mentioned supplementary standard IEC 60601-1-2

Conclusion

IEC 60601-1, as the basic standard, together with the supplementary standards and the respective product-related special specifications, is an extremely comprehensive set of standards and essential reading when placing active, i.e. powered, medical devices (including the software they contain) on the market.  

Due to its sheer volume, the entire series of standards is subject to constant updating and adaptation - as is the case now. Added to this are changed regulatory requirements for medical devices resulting from the MDR, to which normative reference must be made. At the same time, the EU has so far harmonized very few relevant standards for use with the MDR - EN 60601-1 (the "European edition" of IEC 60601-1) is unfortunately not one of them.  

Therefore: if you want to be sure to know the current developments around the IEC 60601 series of standards and to be informed about trends so that you can already consider them in your product design: feel free to contact us! We will support you in all regulatory matters.  

Follow Us
© 2024 VDE Association for Electrical, Electronic & Information Technologies