EU regulations require manufacturers of medical devices and systems prove the single-fault safety of their products. However, it is not clearly defined in detail how to comply with these requirements. This article explains which technical and legal requirements apply and which aspects should be considered during development.

The essential performance of an active medical device or system has a direct impact on patient safety. Given this, safety and security assessments also address potential hazards that might arise during its clinical use. Functional safety, also known as “essential performance in single-fault condition”, marks an additional step in the safety assessment of a device that focuses on the reliability of its correct and safe function. It guarantees that in the event of a fault the function of a device is maintained and the system switches to a safe state. Given this, functional safety guarantees user and patient safety even in single-fault condition, and thus plays a critical role for the manufacturers, importers and distributors of medical devices.

Both normative and legal requirements focus on the principle of single-fault safety, which means that a single first(-occurring) fault must not cause any hazards for either users or patients or result in unacceptable risk levels. A fault in the dosage control unit of an infusion pump, for example, must not result in an overdose or underdose being administered to the patient.

Basically, single faults can occur anytime and anywhere—throughout the control circuit, its parts, and components and in the software. They cannot be predicted. To keep health risks for users and patients to a minimum, high requirements are imposed on the essential performance and safety of medical devices by both the applicable laws and standards.

In the European Union, the Medical Device Regulation (EU) 2017/745 (also known as MDR) defines the requirements for distributing medical devices within the EU. As far as functional safety is concerned, it includes the following requirement, “In the event of a single fault condition, appropriate means shall be adopted to eliminate or reduce as far as possible consequent risks or impairment of performance” (Annex I, 17.1).

In other words, in the event of a single fault, functional safety measures must either fully control the risk or at least reduce its probability of occurrence to an acceptable level. To guarantee this, both manufacturers and developers should implement measures to comply with the regulatory requirements and state-of-the-art standards.

As one of the fundamental series of standards, the IEC 60601 (“Medical electrical equipment”), and Part 1 in particular, defines the general requirements for the safety and essential performance (EP) of active medical devices. These general requirements include the requirement that medical electrical equipment and systems must by design ensure single-fault safety or residual risk must be reduced to an acceptable level as defined by risk management. The essential performance of a medical device must thereby be ensured.

However, the standard does not explicitly specify how to implement and test single-fault safety from a technical perspective. It only refers to risk management. The standard also does not adequately define how to handle latent faults, the term used for faults in the protective system that do not immediately result in a single fault. Upon occurrence of a single fault, a latent fault causes the protective system to fail.

Recognizing this shortcoming, the International Electrotechnical Commission (IEC) published an interpretation sheet in March 2021 (IEC 60601-1/AMD1/ISH1:2021), explaining how to apply the concept of single-fault safety to essential performance and clinical function. The interpretation sheet also includes provisions for documentation (Sections bb 1 to bb 6) and document review. However, the question of how to achieve and verify single-fault safety is not answered by the Interpretation sheet either.

Safe medical devices can only be achieved with comprehensive risk management. Manufacturers must identify the risks related to design and function and mitigate them by establishing suitable control measures or taking appropriate countermeasures. The ISO 14971 standard (“Application of risk management to medical devices”) provides guidance for this process.

Risk management must cover the entire product lifecycle and consider the information collected at every stage, including during post-marketing surveillance. This approach ensures that even very rare malfunctions and age-related degradation and failures are recorded and controlled.

Suitable diagnostic measures can identify single faults in a timely manner and initiate a targeted response before the multiple fault occurrence time (MFOT) expires after which a second fault must be expected. In suitable architectures the so-called watchdogs can, for example, monitor the microcontroller in a medical device, and put the device into a safe state in case of a fault. However, single faults may also affect protective systems. Given this, risk assessment should also consider (latent) faults that have no immediate consequences. In conjunction with a second fault, these latent faults could otherwise lead to an unacceptable risk.

While systematic errors cannot be fully excluded, their probability of occurrence and their consequences must be minimized. Integrated control and monitoring functions such as plausibility checks improve the robustness of devices. As a matter of principle, the more complex the product, the higher the potential risk of systematic faults. Given this, all tools used in development need to be qualified. This applies to software frameworks, but also to the hardware and the production process. Redundant (and, where necessary, diverse) structures, such as a second shut-off unit in the circuit and master-checker architectures, help to ensure effective control of random faults.

Without adequate safety functions, a single fault in an incubator’s temperature control unit may cause the temperature to rise above the acceptable limit. A protective system typically identifies a single fault in temperature control and shuts off the system as soon as the temperature exceeds the defined limit. If there is a latent fault in the safety system, however, the latter may not be able to identify the fault in the temperature control unit.

In this simplified model, a redundant architecture with two safety devices would ensure a sufficient level of functional safety. In case of a latent fault in one of the two safety systems, the other system will step in and ensure the safe function of the device. Important in this context is that safety devices must be independent of the system that they protect and not share features such as the same power supply.

The applicable regulations and standards require single-fault safety of clinical functions without defining technical details. Given this, many tests in accordance with the IEC 60601-1 standard fail to address the aspects of functional safety in adequate detail. Third-party review of the documentation and independent safety assurance (ISA) reduce health risks for patients and users. This approach secures the sustainable economic success of the medical device.

Medical devices and medical software are becoming increasingly connected to hospital networks, other medical devices…

A review of common risks and pitfalls of incorporating artificial intelligence in medical devices and…

From glucose monitors to heart monitors, the mobile technology market for medical products continues to…

How can medical device companies establish end-to-end regulatory compliance as a strategic initiative?

Dr. Abtin Rad has 13 years of professional experience as a Biomedical and electrical Engineer with focus on Software, Cybersecurity and Artificial Intelligence, as well as medical Imaging and Therapy using Ultrasound and optical laser systems. Rad is a Cybersecurity and Artificial Intelligence Specialist for medical devices and medical software, as well as a Lead Auditor for ISO 13485, ISO 9001, MDSAP and MDD/MDR.

Your email address will not be published. Required fields are marked *

© Copyright 2015 - 2022 Innovative Publishing Co., Inc., All Rights Reserved

Other Innovative Publishing Co., Inc. Sites: Food Safety Tech  |  Cannabis Industry Journal

Move from disconnected PACS and VNA instances to a unified architecture that enables data analysis in real-time and seamlessly shares data with all the stakeholders. Learn about the Arrow Electronics and Dell Technologies OEM Solutions portfolio for unified medical imaging solutions.

Please take this Manufacturing Trends Survey. The survey is 11 multiple choice questions and should take 3-4 minutes to complete.

Tony Blank is president of Infinity Biomedical Group. He is formerly the cofounder of Barton & Blank, a regulatory consulting firm specializing in providing strategic and tactical regulatory support for medical devices and combination products. Immediately prior to forming Barton & Blank, Blank spent 12 years at Boston Scientific Corp. in both corporate and business regulatory leadership roles. Under his leadership of the cardiovascular regulatory teams, Boston Scientific obtained numerous regulatory approvals for cardiovascular medical devices and combination products—among these being worldwide regulatory approvals for drug-eluting stents, implantable cardioverter defibrillators (ICD) and cardiac resynchronization therapy defibrillators (CRT-D), cardiac pacemakers and cardiac resynchronization therapy pacemakers (CRT-P), and detachable coils for peripheral embolization. Blank has likewise been an active representative for Boston Scientific, the medical device industry and the regulatory profession on numerous policy issues working with AdvaMed. Among these activities has been participation in numerous Industry Working Groups—including the Pediatric Devices, Advertising and Promotion, and Reprocessing Working Groups (each of which he co-chaired). He is very involved in developing and delivering meaningful educational programs in the field of regulatory affairs and has been a regular speaker at educational events. In addition to his time at Boston Scientific, Blank has worked with cardiopulmonary, surgical, ophthalmic, vascular access and critical care medical devices.

Pat Baird works at Philips as the head of global software standards. Baird likes to think of his job as “policy engineering”— understanding the unmet needs (and frustrations) of regulators and developers, and working to develop standards, whitepapers and training to meet those needs. Past roles have included software developer, engineering manager, project manager, lead engineer, and most recently he was the director of risk management at Baxter Healthcare. Drawing on 20 years’ experience in product development, he has published and presented more than 50 papers regarding product development. Baird has an MBA and a Masters in healthcare quality and patient safety from Northwestern University.

Twice awarded IVT’s Speaker of the Year, Roberta Goode is the founder of Goode Compliance, where she created more than 350 jobs, forming an astonishingly talented team of biomedical engineers. After she and her team remediated enforcement actions for the world’s largest medical device manufacturers, Goode turned her attention to sharing that wealth of accumulated knowledge. Look for her in 2018 in a technical training and mentoring role as the head of Altrec, LLC.

MedTech Intelligence is the leading online trade journal. Join the MedTech Intelligence community and stay engaged the way you want to!

Sign up for our FREE newsletters and get the top stories from MTI right in your email inbox.

Susan Alpert, M.D. is president of SFA Consulting, LLC. She previously served as senior vice president, chief regulatory officer at Medtronic and was responsible for all of the company’s global regulatory efforts. Prior to joining Medtronic, Alpert served as vice president of regulatory sciences for C.R. Bard, Inc. She also previously worked at FDA where she held a variety of positions in the Centers dealing with drugs, devices and radiological health, and foods, including six years as the director of the Office of Device Evaluation.

Alpert is a microbiologist and a pediatrician with a specialty in infectious diseases and has practical experience in laboratory research and clinical trials. She serves on the board of advisors for the Medical Technology Leadership Forum and the board of the Women Business Leaders, or organization of women leaders in the health care sector. She also serves on the Executive Committee of the Clinical Trials Transformation Initiative, one of the public/private partnerships working with FDA to streamline the development of medical products.

Dr. Christopher Joseph Devine is the president of Devine Guidance International, a consulting firm specializing in providing solutions for regulatory compliance, quality, supplier management, and supply-chain issues facing the device industry. Devine has 32 years of experience in quality assurance, regulatory compliance and program management. He is a senior member of the American Society for Quality (ASQ), a member of the Regulatory Affairs Professionals Society (RAPS), and a member of the Project Management Institute, and resides on several technical advisory boards. Devine received his doctorate from Northcentral University, with his doctoral dissertation titled, “Exploring the Effectiveness of Defensive-Receiving Inspection for Medical Device Manufacturers: A Mixed-Method Study.” Devine holds a graduate degree in organizational management (MAOM) and an undergraduate degree in business management (BSBM).

Mark Leimbeck is the principal of UL Solutions Risk Management Practice. He has served as a subject matter expert and advisor in a number of functional areas, including risk management, quality management, project management, software application development, and engineering. During his career, Leimbeck has led and supported the implementation of various corporate improvement and development programs including quality system and regulatory compliance programs, new product development, IT systems and enterprise resource planning (ERP) implementation, and quality/lean Six Sigma process improvement projects. Leimbeck continues in a subject matter and advisory role, and participates in international, national and industry-based standards and guidance development committees. He holds a B.S. E.E.T. from Southern Illinois University and an M.B.A from the University of Chicago.

Stephen Wilcox, Ph.D., FIDSA is a principal and the founder of Design Science (Philadelphia), a 30+ person firm that specializes in optimizing the usability of products, particularly medical devices for clients including many major multinational corporations. Wilcox is a member of the Industrial Designers Society of America’s (IDSA) Academy of Fellows. He also served for several years as Chair of the IDSA Human Factors Professional Interest Section.

Wilcox also serves on the Advisory Boards of the Industrial Design Department of Philadelphia University and the School of Design of Carnegie Mellon University, on the Human Factors Engineering Committee of AAMI, and on the ISO/IEC committee (“Working Group 4”) that wrote the standard, IEC/ISO 62366. He holds a BS in psychology and anthropology from Tulane University, a Ph.D. in experimental psychology from Penn State, and a Certificate in Business Administration from the Wharton School of the University of Pennsylvania. He has won a number of design awards, has guest edited the journal Innovation several times and has served as a judge for a number of product design award competitions.

Wilcox has given hundreds of invited addresses to various organizations, has published more than 70 articles in professional journals, and is the current Editor in Chief of the Human Factors and Ergonomics Society journal, Ergonomics in Design. His book, Designing Usability into Medical Products (CRC/Taylor & Francis), co-authored with Michael Wiklund, was published in 2005.

Alberto Velez is a consultant for Chimera Consulting North America, LLC. Velez is a recognized expert in organization development for combination products with more than 12 years of experience in applying CGMP concepts to more than 35 combination products in new product development, manufacturing and quality systems. He is a frequent speaker on combination products topics at industry meetings and has more than 30 years of varied experience in medical device and combination product quality assurance, FDA readiness, product development and organizational effectiveness in the pharmaceutical and medical device industries. Velez has applied the CGMP’s/QSR’s to several different divisions in the Johnson & Johnson family of companies as well as other smaller medical device companies. He has also led R&D teams to develop and launch new technologies in endoscopic surgery and enteral feeding. His educational background is in chemical engineering, industrial engineering and quality engineering.

John Pracyk, is a rare Neurological Surgeon with an uncommon blend of business and medical expertise. This sophisticated futurist is recognized as a national thought leader in the design, development, and management of collaborative care delivery based on his history of healthcare program build-outs and medical administration successes. An accomplished writer and platform speaker, he is a frequently requested keynote speaker at prestigious organizations such as the Congress of Neurological Surgeons, The Barrow Neurological Institute, and Stryker Performance Solutions.

Having completed a healthcare-focused MBA from the nation’s preeminent physician-only degree program, with a Master’s thesis on competitive strategy and service-line development, Dr. Pracyk is a proactive innovator who inspires teams to surpass organizational goals, exceed patient care metrics, and enable transformational change. Healthgrades acknowledged him with their honor roll distinction.

His career to date has been characterized by three key elements: First, his ability to foster multidisciplinary consensus and collaborative care; second, his grasp of competitive strategy as a program architect; and third, his ethics-driven approach to medicine. While recognizing that revenue generation drives business, Dr. Pracyk balances business necessities with patient care and market realities. In 2016, Johnson & Johnson Medical Devices appointed him Franchise (Worldwide) Medical Director for Spine.

Patrick Caines is director, quality & post-market surveillance at Baxter Healthcare where he is responsible for the company’s global post-market surveillance and associated quality systems. Caines has 20 years’ experience in quality systems and compliance for both medical devices and clinical diagnostics and served as director, corporate post-market surveillance at General Electric Healthcare and Boston Scientific, and director of worldwide customer quality at Johnson and Johnson. Caines began his career as a hospital-based clinical laboratory scientist and held faculty appointments at the University of Windsor and Wayne State University. He holds a Ph.D. in clinical biochemistry from the University of Windsor, Ontario, Canada as well as an MBA from St. John Fisher College, Rochester, New York.

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings .

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

We use tracking pixels that set your arrival time at our website, this is used as part of our anti-spam and security measures. Disabling this tracking pixel would disable some of our security measures, and is therefore considered necessary for the safe operation of the website. This tracking pixel is cleared from your system when you delete files in your history.

We also use cookies to store your preferences regarding the setting of 3rd Party Cookies.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we say “cookies” to discuss all of these technologies.

Our Privacy Policy explains how we collect and use information from and about you when you use This website and certain other Innovative Publishing Co LLC services. This policy explains more about how we use cookies and your related choices.

Data generated from cookies and other behavioral tracking technology is not made available to any outside parties, and is only used in the aggregate to make editorial decisions for the websites. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent by visiting this Cookies Policy page. If your cookies are disabled in the browser, neither the tracking cookie nor the preference cookie is set, and you are in effect opted-out.

In other cases, our advertisers request to use third-party tracking to verify our ad delivery, or to remarket their products and/or services to you on other websites. You may opt-out of these tracking pixels by adjusting the Do Not Track settings in your browser, or by visiting the Network Advertising Initiative Opt Out page.

You have control over whether, how, and when cookies and other tracking technologies are installed on your devices. Although each browser is different, most browsers enable their users to access and edit their cookie preferences in their browser settings. The rejection or disabling of some cookies may impact certain features of the site or to cause some of the website’s services not to function properly.

Individuals may opt-out of 3rd Party Cookies used on IPC websites by adjusting your cookie preferences through this Cookie Preferences tool, or by setting web browser settings to refuse cookies and similar tracking mechanisms. Please note that web browsers operate using different identifiers. As such, you must adjust your settings in each web browser and for each computer or device on which you would like to opt-out on. Further, if you simply delete your cookies, you will need to remove cookies from your device after every visit to the websites. You may download a browser plugin that will help you maintain your opt-out choices by visiting www.aboutads.info/pmc. You may block cookies entirely by disabling cookie use in your browser or by setting your browser to ask for your permission before setting a cookie. Blocking cookies entirely may cause some websites to work incorrectly or less effectively.

The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer, you may set your browser to block all cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here.