16
\$\begingroup\$

I am in physical therapy now. Some of the devices are connected to wall power, and used for muscle electrostimulation. The patient information states that no single malfunction can connect me to 230V, and any malfunction that would allow a second one to do so, would prevent device from turning on, or sound an alarm.

This all feels nice and dandy, but I have a bit hard time to believe that. Can it really be achieved? What methods are used to do it?

Sadly, there's a strict policy disallowing anything with a camera in the facility, and I can't remember the names of the devices. But I don't expect schematics etc, just a general answer to put my mind at ease when I'm there, connected to electricity.

\$\endgroup\$
7
  • 3
    \$\begingroup\$ Well, if you have a device powered via step-down transformer - the only failure that can make it to pass the main voltage is if the two windings of the transformer are shorted. If you have some kind of voltage detection on the secondary side that will prevent the rest of the circuitry to power on - you have the mechanism described. Doesn't sound that complicated. \$\endgroup\$
    – Eugene Sh.
    Commented Mar 24, 2023 at 16:26
  • 5
    \$\begingroup\$ The problem with your question is you want specifics when there are multiple ways to accomplish this, including transformers, opto-isolators, insulation, electrostatic discharge, radio-frequency interference, monitoring equipment, etc. \$\endgroup\$
    – StainlessSteelRat
    Commented Mar 24, 2023 at 18:19
  • 1
    \$\begingroup\$ @EugeneSh. Transformer doesn't need to step down. I have worked for a couple of different medical device manufacturers, and in at least one product—a rolling cart containing several different mains-powered devices—we used a 1:1 isolation transformer. \$\endgroup\$
    – Solomon Slow
    Commented Mar 24, 2023 at 18:25
  • 1
    \$\begingroup\$ @EugeneSh., Yes. It's safer. A fault on the primary side of the isolation transformer potentially could cause mains voltage to appear between some part of the cart (or the equipment on the cart) and Earth. But the primary side has minimal exposure—practically no chance of a fault like that happening. Meanwhile, everything else on the cart is galvanically isolated from Earth. There is no chance of any other fault putting mains voltage between any part of the system and Earth. That is pretty much the whole reason why regulations required us to use the 1:1 transformer... \$\endgroup\$
    – Solomon Slow
    Commented Mar 24, 2023 at 19:12
  • 1
    \$\begingroup\$ ...Of course, the right combination of faults potentially could cause lethal voltage to appear between, for example, two patient leads. But adding the 1:1 transformer didn't make that risk any worse. \$\endgroup\$
    – Solomon Slow
    Commented Mar 24, 2023 at 19:18

3 Answers 3

Reset to default
37
\$\begingroup\$

There are a massive amount of regulations covering patient-attached medical equipment. IEC 60601 is the generally accepted standard for medical electrical and electronic equipment, required for the commercialization of this type of equipment in many countries. Leakage currents must be controlled, single-point failures shouldn't cause an usafe condition, and these are tested. Primary to secondary insulation and isolation are specified and tested as well. So equipment meeting the common standards is pretty safe.

Now, if you buy a TENS unit from AliExpress or Amazon you're on your own.

\$\endgroup\$
8
  • 5
    \$\begingroup\$ Interestingly, while device companies generally design and test to IEC 60601, hospitals in the US often test equipment to NFPA 99. I suspect this has to do with every piece of equipment in clinical areas needing testing/inspection, but 60601 just covers medical devices. NFPA 99 and 60601 are usually, if not always, similar in terms of current that can reach the patient, and account for both macro- and micro shock situations. \$\endgroup\$
    – Scott Seidman
    Commented Mar 24, 2023 at 16:38
  • 2
    \$\begingroup\$ The marketplace has no effect on the product safety. Please remove the marketplace shaming. Better focus on product test and certification. \$\endgroup\$
    – Jonas Stein
    Commented Mar 25, 2023 at 16:17
  • 16
    \$\begingroup\$ @JonasStein I disagree, there are patient attached devices being sold directly to consumers that have not been designed to appropriate safety standards, so my point is if you buy from there you should understand the risks and do your research and verification. People have been injured and killed by improperly designed mains-attached equipment. \$\endgroup\$
    – John D
    Commented Mar 25, 2023 at 22:31
  • 3
    \$\begingroup\$ @JonasStein It actually does. In the US, product liability of sellers results in traditional retailers requiring third-party safety listing (UL, ETL, etc). If you walk into a brick and mortar store, everything electrical will have a logo. AliExpress and Amazon do not. \$\endgroup\$
    – user71659
    Commented Mar 26, 2023 at 3:41
  • 2
    \$\begingroup\$ @JonasStein Europe relies less on independent test labs, and more on manufacturer/importer self certification, but the same basic principle holds. Retailers have legal responsibility for the products they sell, marketplace sites don't. When you buy from a marketplace site often either you are the legal importer or the legal importer is a judgement-proof shell company. \$\endgroup\$
    – Peter Green
    Commented Mar 27, 2023 at 13:17
17
\$\begingroup\$

1. The transformer

Isolation is very easy using magnetic coupling. Consider the GM Magnecharge EV charging system. The entire paddle was lined with plastic. The inside of the slot was entirely lined with plastic. There were no metal surfaces at all. Yet, it could charge the car at 7kW or 50kW.

enter image description here

So this type of magnetic isolation is very easy. Simply have a "primary winding" around an iron core attached to AC mains, and at the other end of the core, a "secondary winding" at a much lower voltage. Power gets between them as magnetic flux which has no voltage at all. And as demonstrated by the EV1 charge paddle, it doesn't even need to be continuous iron! So a seventh insulation gap could be added.

The winding wires have insulation individually (mostly to insulate them from each other to keep the winding from shorting). Then the entire winding is wrapped or put in a plastic cage. Then the iron core itself is dipped in enamel. Just within this transformer, six insulations would have to fail:

  • primary winding wire insulation
  • primary wrapping or cage
  • transformer enamel at primary
  • tranformer enamel at secondary
  • secondary wrapping or cage
  • secondary winding wire insulation

Granted, an extreme electrical spike could blow a hole through all three in one place, but it would have to do that twice in two different places. It will get stopped at the iron core, because.....

2. Earthing the iron core allows fault detection

Before hazardous voltage can reach the secondary winding, it must reach the iron core. An additional safety layer can be added by earthing the iron core. That is, tying it to the earth/ground pin on the 3-wire electrical supply - the wire that is yellow w/green stripe.

That wire is bonded to the actual earth, but it's also bonded to supply neutral. This means the blowout from primary winding to iron core will cause some "live" 230V current to leak onto the ground wire and back to source. In sufficient volume (Dead short) this will trip the circuit breaker. Remember the secondary hasn't been affected yet.

But European installations have a feature called "RCD". Current should go out the 230V live wire (brown) and return on the neutral (blue) and these currents should be identical. The RCD compares the two currents and if they are not identical, it trips, disconnecting live and neutral. The detection threshold is 30mA on any random European home, 6mA on the more sensitive per-circuit RCDs used in America, and I presume a hospital uses this more sensitive level. It is VERY difficult to die from 6mA of leakage for a few milliseconds, which is all it takes for SNAP! Even dying at 30mA would be hard. These are not lethal currents.

The fairly dumb way that Europe provides earthing to homes provides some vulnerability, but mainly for people who are outdoors with their bare feet on the ground and holding a machine plugged into mains, like a hedge clipper or an EV.(it's a vexation for EV charging). Not so much a problem for a person inside a home, and definitely not a problem in a medical facility where the earthing is going to be first rate.

3. No limit to the number of transformers.

You can simply repeat transformers over and over, for as much isolation as you choose to pay for. After the first transformer, all the transformers are low-voltage on both sides, so no conceivable failure could hurt you.

You can also just buy an isolation transformer, that plugs into the wall and has a normal socket on the side. So you can add more isolation transformers at home.

Small amounts of power can also have opto-isolation, think "LED shining on solar panel".

4. Or, just run it on batteries.

And lastly, the equipment which actually energizes you can be run on batteries. Now it is fully isolated from AC mains.

\$\endgroup\$
9
  • 4
    \$\begingroup\$ I once received a shock from a music amplifier that had two concurrent failures: mechanical shock had loosened one of the transformers and it had rubbed against the chassis, eventually rubbing off insulation. That meant that the primary winding was connected to the chassis making the chassis live. The second "failure" was that the owner of the amp had removed the safety ground pin so they could plug it into two-prong outlets. Point being, while I'm sure the devices in question are safe, to me transformers are not comforting. \$\endgroup\$
    – Todd Wilcox
    Commented Mar 25, 2023 at 7:10
  • 6
    \$\begingroup\$ @Todd You're blaming the wrong thing. The negligence there was breaking off the ground instead of using a 50 cent cheater. If you're going to use transformers as a substitute for good safety practice, you'll need to stack them higher LOL. Assuming "the show must go on" (precluding GFCIs), the only sane answer to 2-prong sockets at venues is additional isolation transformers. They are the cure not the problem. \$\endgroup\$
    – Harper - Reinstate Monica
    Commented Mar 25, 2023 at 20:42
  • 2
    \$\begingroup\$ Removing a ground/earth connection is sadly common for musicians working with analog audio. In some locations, a ground-loop can result in a sustained 50 or 60 Hz hum. While the correct solution is to have all the analogue audio gear on the same circuit, that's not always convenient. A really long extension cord can help, but again conditions may disallow that, so the only way to break the earth loop is to break earthing somewhere. Going Optical resolves this too, but the gear is pricey and cheap stuff may add latency. \$\endgroup\$
    – Criggie
    Commented Mar 27, 2023 at 2:15
  • 3
    \$\begingroup\$ @criggie and transformers to the rescue again, since they can disconnect ground in a much less dangerous manner. \$\endgroup\$
    – Harper - Reinstate Monica
    Commented Mar 27, 2023 at 4:11
  • 1
    \$\begingroup\$ @Criggie optical is more modern than many sound engineers' background and attitudes. You often end up grounding through kit through the audio signal grounds to other pieces of kit anyway (the cause of the earth loop in the first place, but also a pattern that hides the lack of ground) \$\endgroup\$
    – Chris H
    Commented Mar 27, 2023 at 12:34
6
\$\begingroup\$

This is a supplementary answer: others have covered the physics admirably, but you may wonder whether the manufacturer has done all they should.

There is an international standard ISO 14971:2019 Medical devices — Application of risk management to medical devices. Manufacturers need approval from the appropriate government agency (FDA in the US, TDA in Australia, whoever looks after CE marks in the EU...). I have worked on devices intended for all three markets, and I can assure you the regulators insist on evidence that risks have been managed in accordance with ISO 14971. This requires that risks that might harm someone be identified, classified by severity and likelihood, and a decision made as to acceptability: killing patients, hospital staff, or visitors is not acceptable. Risks that are not acceptable must be mitigated, and a later analysis must show whether they are acceptable. The regulator will review the records to determine whether they are convinced that the risks have been managed properly. In some countries the regulators have draconian powers.

Here is part of what happens in a risk analysis. A group of engineers is assembled, people who had nothing to do with the design. The design team present on the problem, and their solution/design. The outsiders them brainstorm things that might go wrong: if the first transformer fails, and the second one does too, and the Moon is in Sagittarius, we might electrocute the patient; if this seven segment display, an operator might set the wrong input and fry the patient. The design team records all the failure scenarios (the meeting doesn't try to solve problems), and uses them as input to analysis.

\$\endgroup\$

Not the answer you're looking for? Browse other questions tagged or ask your own question.