MOPP required for SIP when considering Single Fault Condition (SFC) in 60601-1

ian44

Registered
#1
I am a bit confused on the MOPP required for SIP/SOP when thinking about single-fault condition (SFC).

As per 60601-1, Ed 3.2, subclause 8.1:
(a) NORMAL CONDITION includes ... the presence on SIP/SOP ... if the ACCOMPANYING DOCUMENTS place no restrictions... with MAXIMUM MAINS VOLTAGE...
(b) SINGLE FAULT CONDITION includes ... short circuit of any one insulation that complies with 1 MOP... <NO mention anything WRT SIP/SOP>

In Figure J.4, there is an implication that 1 MOPP at the MAXIMUM MAINs VOLTAGE and 2 MOPP at the WORKING Voltage is sufficient protection between the PATIENT CONNECTION and the SIP/SOP. I understand the need for 2 MOPP at the working voltage. However, I do not understand why 1 MOPP at MAXIMUM MAINs VOLTAGE is sufficient in Figure J.4. As per 8.1 (a), under NORMAL CONDITIONs we have to assume that there is MAINS VOLTAGE at the SIP. So under SFC conditions, that 1 MOPP is bypassed (as per 8.1 b), and because the SIP is assumed to be at MAINS voltage, that means that the patient is now at MAINS voltage. Which I would think is bad...

What am I misunderstanding about Figure J.4?
 
Elsmar Forum Sponsor

Peter Selvey

Leader
Super Moderator
#2
This is case where the standard is heading in the right direction but "wrong" in actual implementation.

Take a Class II (double insulated) laptop with say a USB port, it is possible under normal condition to have some "mains-like" voltages at the frame of the USB connector. However, it's not as bad as it sounds. The "mains-like" voltage occurs due to leakage through the EMC caps between the primary and secondary in the laptop's power supply. In a typical implementation, this would result in half mains voltage under open circuit condition, so for example a 230V system would have nominally 115Vrms open circuit, although note this assumes perfectly balanced EMC caps which may not be the case due to tolerances or non-balanced implementations, so it's probably better to assume it could be up to 150Vrms.

If anybody touches this, for example, the operator touching the exposed frame of the USB connector, the voltage drops to near zero due to the high impedance of the EMC caps. What's left is just the leakage currents as allowed by those caps, which is usually in the order of 0.1mA. Although IT standards allow a lot more, they usually don't push it too hard especially for laptops, and are definitely below 0.5mA.

An interesting side note is that although the voltage collapses on contact, the open circuit voltage is still important. This voltage can punch through the skin impedance and allow the full leakage to flow. This doesn't happen at say 5V or 12V. The higher voltage can also cause a spark just prior to contact which can concentrate the current and make 0.1mA to be felt and 1mA to be painful even though these are generally considered "safe" currents. However if you touch the metal with a larger contact area, even a few mm² the current can't be felt. But I digress :)

Once connected to the medical device, there is a possibility that this leakage could flow through to the patient or operator. If the medical device SIP/SOP is earthed, the current will be diverted to earth and not be an issue. If the SIP/SOP is unearthed, it is possible that the leakage could be accessible to the operator, depending on the design of the device. Since it's already current limited by the laptop EMC caps (which are safety approved) and the currents are "safe" according to the IT standards, it's not a huge issue, but technically the 0.1mA limit in IEC 60601-1 could be exceeded. There is also the possibility of adding currents, so if the medical device has 0.08mA and the laptop 0.13mA, together they could create 0.21mA, which is starting to get over the "WTF" if you happened to brush it lightly and felt a concentrated spark.

It could also flow through to the patient, where 0.1mA is a little more important. However, most critical types of patient contact (electrodes, catheters) also have additional patient isolation between the applied part and the secondary. So this is rarely an important issue.

Nevertheless, it is a possibility. If we assume that leakage into the SIP/SOP could cause leakages in the medical device exceeding the 601 limits, the designer may decide to use an isolated SIP/SOP. In this case, the isolated should be designed for mains voltages, since, as described above, the open circuit voltage is still "mains-like".

However, because it is current limited and we can expect the leakage in the external device to be well below 0.5mA, only 1MOP is enough.

So which point is "wrong" in the standard? The mistake is that instead of referring to mains voltage on the SIP/SOP as being (potentially) normal condition, it should refer to it as "current limited mains voltage", and this could be defined as a mains supply with current limited via an approved Y1 capacitor, selected to provide around 0.5mA leakage. This would mean for example, in the case of testing a medical device with an earthed SIP/SOP, the leakage current would be safely diverted to earth and no damage would be done.

Without the current limit (Y1 cap), putting raw mains on a SIP/SOP is likely to cause damage for no reason, since this should never happen in the real world.
 

ian44

Registered
#3
Thank you for the very detailed explanation. I really appreciate having the thought-process behind these issues explained.

If I understand correctly, you are saying that subclause 8.1 a) should be modified to read “NORMAL CONDITION includes ... the presence on SIP/SOP ... the presence of current limited MAXIMUM MAINS VOLTAGE…”? And that you are also saying that Figure J.4 is correct and provides a safe design.

Am I correct that this analysis and conclusion assume that the device being connected to the MEE's SIP/SOP meets an IT-standard? (i.e. if the external device does not meet an IT-standard, then I presume we could not count on any current limitation.

Assuming I am understanding the above correctly, how does these two parts of the standard relate to subclause 8.7.4.7 c), which prescribes a test in which “… 110% of MAXIMUM MAINS VOLTAGE” is applied to the SIP/SOP (i.e. this test does not use a current-limited voltage). It would seem to me that the a device designed as per J.4 would fail the test defined 8.7.4.7 c) during the SFC condition.
 

MThomas

Starting to get Involved
#4
Can you tell us more about what is upstream from the SIP?

Is it equipment that you do not supply?

Is it powered by a 60601-1 approved supply or through an approved line isolation transformer?

Do your instructions limit what should be connected and are you the supplier for that part?

I would think that mains on sip sop from a 60950*-powered laptop is a reasonable single-fault condition, but unreasonable for a 60601-powered laptop or laptop with line isolation transformer/60950 approvals.

Using undocumented equipment upstream of the SIP/SOP is even more likely to have a SFC.

Having a 60950* powered laptop in the patient area is surely non-compliance due to touch (regardless of SIP/SOP faults)

*or 62368
 
Last edited:

ian44

Registered
#5
Can you tell us more about what is upstream from the SIP?

Is it equipment that you do not supply?

Is it powered by a 60601-1 approved supply or through an approved line isolation transformer?

Do your instructions limit what should be connected and are you the supplier for that part?

I would think that mains on sip sop from a 60950*-powered laptop is a reasonable single-fault condition, but unreasonable for a 60601-powered laptop or laptop with line isolation transformer/60950 approvals.

Using undocumented equipment upstream of the SIP/SOP is even more likely to have a SFC.

Having a 60950* powered laptop in the patient area is surely non-compliance due to touch (regardless of SIP/SOP faults)

*or 62368
One of the SIPs is a USB port, which is "intended" for USB flash drives or USB backup drive. The other SIP/SOP is an Ethernet port for connection to a LAN.

The equipment connected to the SIP/SOP will be "user-supplied" and effectively undocumented (i.e. these are generic inputs/outputs). In both cases, we do not expect the SIP/SOP to be connected to something that is 60601-1 approved. While we could instruct them to only use something that has specific approvals, my past experience with customers is that they are not very good at following instructions when dealing with something that they already "know" and "understand" (i.e. they "know" what a USB port can do...).

Neither of these SIPs/SOPs is in the patient area, but I still need to be decide the required MOPP between the SIP/SOP (outside patient area) and an APPLIED PART (inside patient area).
 

Peter Selvey

Leader
Super Moderator
#6
Annex J.4 is informative and just an example. The actual insulation requirements will depend on you particular design, including for example, addinitional insulation barriers inside the MEE between the secondary and the patient (which are not shown in J.4).

However, having an insulation barrier with 1MOPP @230V for any SIP/SOP does make it simpler and avoids any discussion. I personally prefer this kind of simple but clear solutions.

The device connecting to the MEE can be assumed to meet the IT standard. Although many people will say that if the IT system is undocumented you should assume the worst and therefore 2 MOPP is better, this is not reasonable since it means that anybody working on the IT side of things is in serious danger, not just the patient.
 

MThomas

Starting to get Involved
#7
Peter is correct...using isolation in the SIP SOP removes alot of discussion. There are power supply modules and optoisolators with 60601 approvals. My experience is that it is good to have a provision for a capacitor compliant with 8.5.1.2 for EMI purposes across the isolation boundary when going into EMI testing, either for emissions or limiting ESD transient voltage across the isolating components if necessary.

If I understand 8.1, accompanying documents can remove the need to have mains on SIP/SOP as a normal condition.

60950 is permitted to be 1xMOOP by the 60601 for common mains voltages. But if you need 2xMOPP from mains to a patient applied part, I do not see how this can be done ONLY with 60950 and 1xMOPP between the patient and mains. If there is a way, please comment.
 

Peter Selvey

Leader
Super Moderator
#8
950 (or 62368) will always have 2MOOP to accessible parts including SIP/SOPs. It has to, it is a fundamental rule of safety, 2MOP structure is not just for medical, it applies to all electrical devices. The only catch is that 2MOOP for 950 may have higher leakage limits than 601. While technically this could be 1MOPP according to 601 it is nothing like raw mains voltage which is very dangerous. According to the existing 8.1, we are required to consider raw mains voltage on the SIP/SOP as being normal condition, which is crazy.

The accompanying documents switch is a great example of going from one extreme to the other. Labs in the CB scheme created a standard wording or paragraph to address this issue. If you had this paragraph, you could skip the mains on SIP/SOP test, which was desirable being potentially destructive. If the paragraph did not exist, labs (me too) insisted to put this paragraph in. Of course, in the real world, irrespective of the warning, there will be current limited mains on SIP/SOPs all the time, it is a very normal condition. It occurs due to the EMC caps in any device (IT or otherwise). Warnings in manuals don't change this. And in some cases, the additional leakage via the SIP/SOP can cause problems; again a warning in the manual won't change this.

Thus the condition of current limited mains on SIP/SOPs should be normal condition. Full stop. And to account for a broken earth in the IT device, potentially higher currents (but still current limited) values should be considered in SFC.

The only points needing some discussion is the exact values to use. I would propose a circuit that has mains open circuit voltage and limited to 0.25mA in normal condition (e.g. Class II IT device) and 1mA in SFC (e.g. Class I, IT device with mains earth broken), but to be honest I'm not up to date for the limits in 62368 and other standards, so that may need some study to decide what is reasonable.
 

MThomas

Starting to get Involved
#9
Is there a clause that says 60950 has two moop?

I thought 60601-1 had a clause accepting 60950 as 1 MOOP only. It could be unreasonable to treat a bridging of 60950 insulation, but I still dont think 60950=1xMOPP. Perhaps one can resort to risk analysis.

My experience:
As an aside many newer laptops have very low impendance surfaces, for aesthetics or EMC.

Mains without current limit on all wires and shield simultaneously of a USB may not cause damage if, for example, the PCBA is isolated by a plastic enclosure.

I believe 60950 max leakage current has two limits: one for a power supply brick that has 2 connections to mains and the higher limit for a brick which has an earth. 750uA comes to mind for the low limit. Big manufacturers can give a certificate promising touch currents will not exceed 500uA in normal condition.

I have seen some sip sop shells with a galvanic connection to chassis and some with capacitive isolation.
 
Last edited:

Peter Selvey

Leader
Super Moderator
#10
The "2MOP" way of writing is relatively new but there has always been either "double/reinforced insulation" or "basic insulation + earth" since the 1970s at least, it doesn't matter if it is an electric fence, TV, laptop or washing machine. This is common to all standards. The 2MOP is just a more generalistic way of writing and allows esoteric implementations.

The only difference is the limits in the standards. Years ago, the insulation limits in 950 were considered for medical, but it was actually the 950 committee said they couldn't guarantee the probabilities were low enough if you had for example electrodes on the patient, catheters, infusion liquids, they were unconscious (no pain based retraction from contact) and also had a nice solid return path to earth. In the real world that kind of perfect path through the heart is pretty rare, but the medical standard wanted to assume it as normal condition. So for example, 950 limits might be based on a probability of insulation failing of 1/100,000 times per year, which is OK when combine with a further factor of 1/10 that this causes actual serious harm in the real world, achieving the proverbial one in a million. For 601 this second factor was assumed to be 1 (i.e. 100% sure to kill if the insulation breaks down), so they raised the limits for creepage and clearance, dielectric strength to be one in a million on their own.

These days though, any device with intimate contact with the patient has an additional barrier (the F-type barrier), which is equivalent to 1MOPP. This additional barrier makes all the above moot, since clearly there is no longer a perfect path to the patient. So it is perfectly fine to have 2MOP in the 950 device plus the 1MOPP to the patient. The 3rd edition allows this, although there continues to be misconceptions that IT equipment must be assumed to be dangerous and have only 1MOOP or even no MOP.
 
Thread starter Similar threads Forum Replies Date
B Protective impedance as MOOP/MOPP - Requirements? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
A 1 MOPP and 1500V/4mm/2.5mm separation IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
G Why 1 MOPP to main voltage but 2 MOPP to working voltage IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
N BF-type applied part MOPP vs secondary IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
B Accessible parts per 8.4.2 b) - Touch currents in combination with MOOP or MOPP? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
T Clearance and Creepage according to Subclause 8.9.1 for MOPP IEC 60601-1 IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
S IEC 60601-1 - MOPP and MOOP Requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
W Body-worn brain stimulator (MOPP isolation requirements) IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
F MOPP in battery powered device with metal enclosure IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
N USB Powered EEG - USB provides 1 MOPP want 2 MOPP IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
J Medical Device Electronics - Secondary to output isolation for 1 MOPP IEC 60601 - Medical Electrical Equipment Safety Standards Series 9
S Number of MOPP for Type BF Applied Part (Medical Device Electronics) IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
U USB Connector Operator Protection (MOPP) IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
F How to provide 2 MOPP (Means of Patient Protection) - Heating Rod IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
B Use of Y1 capacitors for MOPP (means of patient protection) IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
P Effective way for DC/DC conversion for 2 MOPP @ 250VAC IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
S Do Medical Sterile Drapes count as MOPP? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
M Surface mount resistor as a MOPP (Means Of Patient Protection) IEC 60601 - Medical Electrical Equipment Safety Standards Series 10
A Why is Protective Earth Resistance required <0.1ohm or 0.2ohm in 60601-1 IEC 60601 - Medical Electrical Equipment Safety Standards Series 9
D Is Good Laboratory Practice (GLP) Required in ISO 17025? ISO 17025 related Discussions 4
K What are the differences between the certificates required for home and medical medical equipment? US Food and Drug Administration (FDA) 1
B AS9100:D - Purchase Order required if ordering paint on supplier portal? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
V Is it required to recalibrate reference- standard instruments after equipment qualification General Measurement Device and Calibration Topics 0
B Supplier Evaluation report - Validation required or not ISO 13485:2016 - Medical Device Quality Management Systems 3
H Registration for REACH required for Non-EU Down Stream Manufacturer? REACH and RoHS Conversations 3
P AS9100D clause 8.6 - Documentation required to show evidence of conformity AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
D Is IATF certification required when customer doesn't require it? IATF 16949 - Automotive Quality Systems Standard 19
Kevin Walters IAQG Required Audit Days Needed (Please help) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
S Is MDSAP Audit Required? ISO 13485:2016 - Medical Device Quality Management Systems 3
H Required explanation of sub clause 7.2.101.2 (Exception) of IEC 61010-2-020:2006 CE Marking (Conformité Européene) / CB Scheme 5
Ashland78 PPAP required for repair of machine? IATF 16949 - Automotive Quality Systems Standard 5
Y Is preventive action required for each CAPA initiated? ISO 13485:2016 - Medical Device Quality Management Systems 24
B Spreadsheet - Used for complaint investigation - Validation required or not ISO 13485:2016 - Medical Device Quality Management Systems 9
N 8.3.3.3 Special characteristics - Auditor said we are required to create our own, if no customer char. exist. IATF 16949 - Automotive Quality Systems Standard 10
P 9.2.2.2 & 9.2.2.3 Audit Cycle alignment required? IATF 16949 - Automotive Quality Systems Standard 1
M Is complete testing required as per ISO 10993 for materials used in orthopedic implants or is literature review route possible Other Medical Device Related Standards 3
I Are suppliers required to hand over process validation reports? ISO 13485:2016 - Medical Device Quality Management Systems 20
B Is 14971 Annex C checklist now in ISO/TR 24971 required to complete prior to 510k filing? ISO 14971 - Medical Device Risk Management 3
D IEC 60601-1-2: Is EMC immunity testing required for a device without essential performance? IEC 60601 - Medical Electrical Equipment Safety Standards Series 25
V ISO 9001 or ISO 17065 required for an organization issuing 5 star rating certification of digital experience? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
D Is calibration really required? IATF 16949 - Automotive Quality Systems Standard 6
D Filling totes and pails - when is a calibrated scale / flowmeter required in ISO 9001 General Measurement Device and Calibration Topics 4
S Supplier performance required to be reported to supplier? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
S Is the Design Service Provider required to be ISO 13485 certified? ISO 13485:2016 - Medical Device Quality Management Systems 13
B What are "appropriate drawings" required for a MDR in 21CFR820? ISO 13485:2016 - Medical Device Quality Management Systems 4
S Record approval- Signatures required ISO 13485:2016 - Medical Device Quality Management Systems 4
M MDSAP required for Device Initial Importer/Distributor into Canada? Other Medical Device Regulations World-Wide 11
I Is SRN required for a contract manufacturer (CE-Marking product)? EU Medical Device Regulations 2
O New GTIN (DI) required? Other US Medical Device Regulations 0
P Is the second factor authentication (2FA) required for external users? Qualification and Validation (including 21 CFR Part 11) 1

Similar threads

Top Bottom