Risk Management And IEC 60601-1: Assessing Compliance

Abstract

In December 2005, the third edition of International Electrotechnical Commission (IEC) standard 60601-1:2005 was published.1 In February 2006, the the U.S. adoption of IEC 60601-1:2005 was approved by the American National Standards Institute (ANSI; i.e., ANSI/ AAMI ES60601-1:2005).2 This article also refers to the international standards IEC 60601-1:2012 (edition 3 with Amendment 1), ISO 14971:2000, and ISO 14971:2007. Each of the following standards has been adopted as ANSI/AAMI U.S. national standards: ANSI/AAMI ES 60601-1:2005/(R)2012 and A1:2012, C1:2009/(R)2012, and A2:2010/(R)2012 and ANSI/AAMI/ISO 14971:2000 and ANSI/AAMI/ISO 14971:2007/(R)2010. Each ANSI/AAMI ES 60601-1 edition is identical to its respective IEC 60601-1 edition, with the exception of a few requirements that have been modified to comply with the U.S. National Electrical Code and relevant standards of the National Fire Protection Association. Each ANSI/AAMI/ISO 14971 edition is adopted identically without any difference to its respective ISO 14971 edition. For the purposes of this article, we will refer to the international editions of each standard. IEC 60601-1 had been under development for almost 10 years. The biggest change was the inclusion of requirements for risk management. Edition 3 required manufacturers of medical electrical equipment to implement a risk management process compliant with ISO 14971:2000 and to provide evidence related to specific risks for approximately 140 clauses in IEC 60601-1. Of note, the scope of the IEC 60601-1 series covers only electrical medical equipment. Therefore, for brevity, the term “medical device” is used in this article. Moreover, the content of the current work is specific to medical devices falling within the scope of the IEC 60601-1 series of standards. In August 2012, amendment 1 to IEC 60601-1: 2005 was published. A majority of the changes in the amendment related to risk management requirements. IEC 60601-1:2012 (edition 3.1) updated the reference to the current risk management standard, ISO 14971:2007, and reduced the number of clauses requiring risk management tasks to approximately 85. Since 2005, the inclusion of risk management in the IEC 60601-1 family of standards has been the subject of many discussions, trainings, and arguments around the world. As a result of this controversy, the standard has failed to gain traction in industry and was not required/ adopted by medical device regulatory agencies until 2012—and, at the time this article was written, some still had not adopted the standard. (Note: The use of standards for regulatory purpose differs globally. The use of the word “adopted” above is intended to indicate some form of acceptance by a regulatory agency that gives the manufacturer some benefit from declaring compliance with the standard as part of a regulatory submission.) The key questions frequently discussed include the following: • What are the requirements for risk management in IEC 60601-1? Risk Management And IEC 60601-1: Assessing Compliance