How to Design a Protective System for Infusion Pump

Roland chung

Trusted Information Resource
#21
We just did the manual bolus test in-house and the results vary from people to people. One did the test and got the max. 10% deviation, but others could get the error up to 21%. The feedback time is this case is very important.

Furthermore, I don't think one would use the manual bolus function to delivery critical drug.
 
Elsmar Forum Sponsor

Peter Selvey

Staff member
Super Moderator
#22
This is a classic situation: because the cause of the error is outside of the equipment, the manufacturer thinks it is not their problem.

I remember a blood pump manufacturer that wanted to claim 3% accuracy for flow/volume. But the pump's actual accuracy was 10%. The problem: the tubing diameter, sourced from another manufacturer, was not well controlled. The 3% claim was just the motor control, not the whole set up. The pump manufacturer felt that as the tubing variation was outside their control, a 3% declaration was OK.

But from the user's and regulatory point of view, it's misleading and illegal. The instruction manual should state 10%. If they want, they can clarify pump motor control is 3% as a separate line item, but any claim for blood pump flow/volume accuracy must be 10%.

The same here: it does not matter what the cause of the error (i.e. user response time), in the end you have to know and declare the true accuracy in the real world. This value is not only important to the user, but affects risk management, claim of intended use etc etc.
 

Roland chung

Trusted Information Resource
#24
2) Power supply voltage monitoring
Case by case depending on the effect of out of tolerance power supply voltage.

Example 1: main SMPS output with +24Vdc only. System has two CPUs (one control, one protection), and each CPU has a separate regulator to step down +24V to +3.3V supply and no low impedance connection between CPUs. In this case there really is not much concern. Typical SMPS overvoltage protection is enough.
Hi Peter,

I was asked why the voltage monitoring is not that critical for two CPUs system. Two CUPs are powered by ONE supply source, there is a potential risk to fail the two CPUs simultaneously if over/under-voltage occurs.
 

Peter Selvey

Staff member
Super Moderator
#25
In the example I gave before it states:

each CPU has a separate regulator to step down +24V to +3.3V supply and no low impedance connection between CPUs
If two CPUs share a common voltage supply, then the problem exists as you mentioned. But in the example, it is not the case.
 

Roland chung

Trusted Information Resource
#26
I am thinking a question: since the standard assumes software would be 100% failure, one CPU system is really not safe enough.

I am also confusing the purpose of software/ PEMS evaluation according to IEC 62304/ clause 14 of IEC 60601-1, Ed.3. Can we say the software/ PEMS is reliable enough (failure is unlikely) when passed the standard?
 

Peter Selvey

Staff member
Super Moderator
#28
In IEC 62304, the assumption of 100% failure is used to determine the safety classification of the system (A, B or C), not for making decisions such as risk controls.

For PEMS (IEC 60601-1) there is no such assumption.

You could decide a single CPU is reliable. I found many such cases in practice. A CPU's hardware has to be super reliable for economic viability, so the failure rates for an individual logic bit, gate, memory cell are incredibly low. And even the rare case of CPU failure, the most common result is CPU lock-up, the risk of which is controlled by an external WDT, not by software.

Also, even if it is a single CPU, you would still have to use some monitoring software independent of the control software, such monitoring the feedback from an encoder on the motor. So from a software point of view, it is still a two channel system, control and protection.
 

Roland chung

Trusted Information Resource
#29
For PEMS (IEC 60601-1) there is no such assumption.
Clause 14 of IEC 60601-1_Ed.3 states that,

The requirements of this clause shall apply to PEMS unless:
? the PESS provides no BASIC SAFETY or ESSENTIAL PERFORMANCE; or
? the application of ISO 14971 demonstrates that the failure of the PESS does not lead to an unacceptable RISK.

From the second dash, it may imply the failure of PESS is 100%.

As regards one CUP + one external watchdog system, is it necessary to carry out the self-test every second?
 

Peter Selvey

Staff member
Super Moderator
#30
Good point re Clause 14.1, but again it is only related to the application of design controls (i.e. whether to apply Clause 14 or not), not the technical solutions or risk controls applied. For an infusion pump, it is clear that Clause 14 needs to be applied, so it's not really an issue.

Once Clause 14 applies, then you can use realistic failure rate figures for making actual technical decisions. Of course, you may also assume 100% failure rate for simplicity, if you plan to use fully independent protection (e.g. 2 CPUs).

From IEC 60601-2-24, a single CPU should have self tests in the shortest time in which an air bubble can reach the patient (e.g. maximum flow rate, smallest tubing, shortest length). This is usually in the 10-60s range.

Sometimes RAM and ROM tests can be difficult to complete in this time. And there are other complications and limitations.

If two separate software routines (using separate areas in the RAM, ROM) are used to monitor the air bubble detector, it might be justification that the CPU self tests are not as critical and so don't need to be completed in the above time.
 
Thread starter Similar threads Forum Replies Date
DuncanGibbons Section 8.3 relevant for design organisations AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
P DFMEA - Machinery Design Best Practices FMEA and Control Plans 0
R Is a FAIR required on parts that we design? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
U API Spec Q1 - 5.6.1.2 C (3) - Design software Oil and Gas Industry Standards and Regulations 3
N Example for design and development planning,input,output,review,verification,validation and transfer Misc. Quality Assurance and Business Systems Related Topics 4
A 8.6 Release of products and services, 8.3 Design and development - evidence required ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
C Stress / Challenge Conditions for Design Verification Testing to Reduce Sample Size 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 11
J Significant change related to design and intended use EU Medical Device Regulations 3
S Traceability of requirements to design and risk Design and Development of Products and Processes 3
U NOC - What is considered a "design change" EU Medical Device Regulations 5
Q PPT used as Design Review ISO 13485:2016 - Medical Device Quality Management Systems 3
D Design Verification Sample Size vs Repeats Statistical Analysis Tools, Techniques and SPC 9
A Design and development procedure for API Spec Q2 Oil and Gas Industry Standards and Regulations 6
D Design controls - Inputs, outputs, V&V, DHF, DMR ISO 13485:2016 - Medical Device Quality Management Systems 10
LostLouie Manufacturer divorced from Design process, is he justified in design process deficiencies? ISO 13485:2016 - Medical Device Quality Management Systems 9
R DFA & DFM - Examples for Design for assembly and design for manufacturability Lean in Manufacturing and Service Industries 2
D Using Laboratory Notebooks in R&D and Design and Development ISO 13485:2016 - Medical Device Quality Management Systems 3
D ISO 13485 - 7.3.6 Design and development verification - Do most folks create a separate SOP? ISO 13485:2016 - Medical Device Quality Management Systems 5
K Joint approval between OEM and Manufacturer on Design Documents ISO 13485:2016 - Medical Device Quality Management Systems 4
M API 4F/7K/8C Design Package Validation Oil and Gas Industry Standards and Regulations 2
A Design History File - Not ready to share the design drawings or Bill of Material US Food and Drug Administration (FDA) 2
W Need for current design or process control FMEA and Control Plans 2
A What is the difference between Design Process, Process Design and Design Control? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
D Test summary report example for design validation wanted - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
B Why the Greek god Hephaestus should have done a design FMEA (DFMEA) on his giant robot APQP and PPAP 1
S Documenting Design Verification Test Results (ISO 9001) Design and Development of Products and Processes 1
DuncanGibbons Understanding the applicability of Design of Experiments to the IQ OQ PQ qualification approach Qualification and Validation (including 21 CFR Part 11) 5
S Requirement to Conduct New Shelf-life Testing? (re-do testing for design change) EU Medical Device Regulations 3
A Sample Agreement available for Outsourcing Medical Device Design activity? ISO 13485:2016 - Medical Device Quality Management Systems 1
DuncanGibbons How is the arrangement between Design and Production organisation envisaged? EASA and JAA Aviation Standards and Requirements 4
L Design & Development of a SERVICE Service Industry Specific Topics 13
C Documentation for items used for Design Verification 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
P Design verification driven by new equipment. How is this different than process validation? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
A AS9102B - 3.6 Design Characteristics and form 3 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
P Design FMEA - Detection Rating criteria ISO 14971 - Medical Device Risk Management 3
U Medical Device Design finalization testing ISO 13485:2016 - Medical Device Quality Management Systems 2
S MDR Delay - MDD design Change? (before new MDR DOA) EU Medical Device Regulations 8
J Iterative design and production for custom made products ISO 13485:2016 - Medical Device Quality Management Systems 3
T Design Input detail & specificity ISO 13485:2016 - Medical Device Quality Management Systems 4
J Design file for pre-existing products - Inputs and Outputs ISO 13485:2016 - Medical Device Quality Management Systems 5
D Design Transfer Template capturing Customer Specific Requirements Other Medical Device Related Standards 3
T Design Control Procedures later in the Development Process ISO 13485:2016 - Medical Device Quality Management Systems 6
M Looking for a Presentation on Design for Excellence (DfX) Manufacturing and Related Processes 2
K Old medical devices -> 7.3.7. Design and development validation ISO 13485:2016 - Medical Device Quality Management Systems 1
R Design and Manufacture Guidelines for Surface Mount Technology Misc. Quality Assurance and Business Systems Related Topics 9
optomist1 Design Exclusion, but now we might have an outsourced Product Design ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Relabeler for patent expired product - design control responsibilities? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
B Supplier of design and manufacture process ISO 13485:2016 - Medical Device Quality Management Systems 10
I Does anybody use Detection in medical device Design FMEA? ISO 14971 - Medical Device Risk Management 18
A Design process goal for ISO 9001 Manufacturing and Related Processes 23

Similar threads

Top Bottom