Embed Size (px)
Citation preview
Medical and Life-Safety Systems
Balancing Life-Safety and Critical System Reliability
PRESENTED BY
Michael Fluegeman, PE Principal, PlanNet
Learning Objectives
• Identify the unique operational aspects of managing medical and life safety facilities
• Understand what puts life safety systems at odds with reliability
• Analyze common causes of emergency shut downs
• Learn about real-world shut down scenarios in a variety of healthcare systems
2
Speaker Background
• PlanNet since 2007 Ø A Technology Consulting & Construction Company Ø Assessments Ø Strategy/Design/Basis of Design/Specs Ø Construction/Project Management Ø Commissioning Ø Operations/Documentation/Training
Ø Litigation support
Prior: Syska Hennessy, Power Management, PRK Emerson/Liebert, Siemens/ITE, Westinghouse
3
Life-Safety Priorities
4
Life-Safety Priorities
Priorities
• Patient Life-Safety
• Worker Life-Safety
• Continual Functionality of Technology Supporting Patient-Care Equipment
5
Life-Safety Risks
Risks
• Shock, electrocution, arc-flash
• Smoke, fire, fire detection & fire suppression shutdown of critical equipment
• Failure of patient-care technology
• Loss of communications during treatment v Tele-surgery, robotic surgery breakdown v Loss of remote phone / internet support
6
Shock, Electrocution & Arc-flash Risks
7
Shock, Electrocution & Arc-flash Risks
Shock & Electrocution Risks – Wiring issues
– Bonding & grounding issues
– Equipment malfunction
Arc-flash Risks – Largely affects electricians &
electrical equipment service providers
– Live “hot” work no longer permitted. Without proper design & redundancy, maintenance & repairs requires critical systems shutdown
8
Wiring Issues
Ground currents & high neutral-ground voltages
• Wiring code violations – Ground loops (multiple neutral-ground bonds)
– Neutral & ground conductors reversed
– Difficult to troubleshoot
– The older the building, the more likely these problems persist
• Insulated, isolated ground systems contribute to problems if not carefully maintained throughout
9
Bonding & Grounding Issues
Bonding • Code minimum is not good enough for reliability • Good practices include not relying on conduit grounding, making
home-runs to master ground bars, two-hole lugs, not stacking lugs
10
Grounding • The goal is to achieve equi-‐poten9al grounding • Exo9c chemical earth ground systems normally not required • Do not violate code with separated ground systems
Grounding Fix
Ideally, root out the problems to reduce N-G potential & ground currents
Isolation transformers are effective electrical band-aids – Grounding effectively starts over at the transformer output – With proper wiring & bonding downstream of transformer, N-G
potential and ground currents should be near zero, regardless of the mess upstream
11
Ø Shock & electrocution risks reduced
Shutdown of Critical Equipment from Smoke,
Fire, Fire Detection & Fire Suppression
12
Smoke & Fire Critical Shutdowns
Most shutdowns are not because of an actual emergency!
Ø Overly sensitive equipment Ø Hair-trigger actuation Ø Operator error Ø Technician error Ø Equipment failure Ø Not designed with uptime as a priority
o EPO triggered by fire alarm
13
Smoke & Fire Critical Shutdowns
Fire & Security design & technician professionals have a shut-down-when-in-doubt approach
Ø Systems cross-wired to shut down
Critical facility design & technician professionals have a shut-down-as-last-resort approach
Ø Eliminate shut down cross wiring unless code-required
14
Smoke & Fire Critical Shutdowns
Fire & Security design & technician professionals design held-closed circuits
Ø Open-circuit will become apparent (alert, alarm) Ø Open-circuit will normally be forgiving
Critical facility design & technician professionals design held-open circuits
Ø Open-circuit is forgiving, but may not become apparent
Ø Short-circuit can be catastrophic
15
Failure of Patient-Care Technology
16
Failure of Patient-Care Technology
ICU life-support machines require reliable, continuous power
v Mechanical ventilators v Heart-lung bypass machines v Baby incubators
Local UPS units are often included with life-support machines; UPS unit failures can get ignored
Ø UPS batteries require proactive maintenance
17
Loss of Communications during Treatment
18
Loss of Communications During Treatment
• Loss of communications during treatment v Tele-surgery, robotic surgery breakdown v Loss of remote phone / internet support v Loss of access to patient records
19
Data Centers & other Critical Facilities
20
Data Centers
Increasingly remote from healthcare facilities
• Enterprise – Often poorly located within multi-purpose facility
Ø Water intrusion risks, central-plant dependencies
• Colocation – Single-purpose, multi-tenant, focused on data centers
• Cloud services
• Hybrid data services
21
Critical Rooms in Healthcare Facilities
q Telecom rooms q Network equipment rooms q Distribution rooms/closets (MDF, BDF, IDF) q Radiology centers q Emergency Operation Centers (EOC)
22
Critical Rooms in Healthcare Facilities
ü Reliable network/telecom/internet/phone system ü Reliable 24/7 cooling ü Reliable power: UPS & generator backup ü Fire protection (upgrades from wet sprinklers) ü Central-plant dependencies (generator, chilled water, etc.) ü Regulatory requirements ü Emergency Power Off (EPO) shutdown systems
23
Telecom/network rooms, MDFs, BDFs, IDFs require or may have:
Critical Rooms in Healthcare Facilities
Reliable network/telecom/internet/phone system
ü Redundant rooms ü Redundant electronics ü Redundant carriers, diversely routed
back to separate PoP sites ü Reliable network architecture
24
Critical Rooms in Healthcare Facilities
Reliable 24/7 cooling ü Redundant cooling equipment ü May require backup to central plant (DX, etc.) ü Generator backup for cooling ü Redundant cooling equipment should be powered from
redundant ATSs
25
Critical Rooms in Healthcare Facilities
Reliable power: Generator backup for long-duration outages. Generator system typically supports:
– Emergency lighting – Fire alarm, suppression, pumps, etc. – Elevators – Essential medical equipment & treatment areas
Reliable power: UPS backup for short-duration outages – Telecom/network rooms, radiology equipment – UPS equipment ideally located outside of critical spaces
Redundant power distribution 26
Generator & UPS Power Back-up Systems
27
Backup Generator Systems
Life-safety generator system – Supports life-safety systems; may also support a data center
• Life-safety loads higher priority than data center – Normally configured as parallel N+1 redundant – 10-second availability required by Code – Regular load transfer testing required by AHJ – ATSs normally closed-transition to reduce testing power bumps
Optional standby generator system – Cannot support life-safety systems – Supports data centers and other critical operations – Better to configure as distributed redundant (2N, 3N/2, etc.) – Regular load transfer testing not required by AHJ – ATSs normally open-transition to reduce failure risk & complexity
28
Backup Generator Systems
If one generator system supports both life-safety & technology:
Use separate ATSs & breakers
• Life-‐safety ATSs require regular Agency-‐mandated transfer tes9ng Ø Closed-‐transi9on ATSs are beFer
• Op9onal-‐standby ATSs do not require Agency-‐mandated transfer tes9ng Ø Open-‐transi9on ATSs are beFer
29
UPS Systems
UPS systems provide 5-15 minutes of battery backup • Healthcare network/MDF room healthcare power typically
configured with A-side UPS/generator; B-side utility o B-side allows full maintenance bypass of UPS and ATS o B-side will get bumped during power failures
• Better to configure A-side UPS/generator/ATS-A; B-side UPS/generator/ATS-B (or at least generator ATS-B) o No single-point failure risk; no need to rely on straight utility o No B-side bumps or alerts
• Lead-acid batteries used for decades; remain inexpensive • Lithium-ion batteries gaining acceptance
o Smaller, less weight, much longer life, more reliable
30
Critical Rooms in Healthcare Facilities
Fire protection for telecom/network rooms, MDFs – Dry-pipe pre-action sprinklers – Early warning, aspirating smoke detection (VESDA) – Gas suppression decreasingly used due to cost
31
Critical Rooms in Healthcare Facilities
Central-plant dependencies
• Central backup generator system with life-safety as priority Ø Almost never more than N+1 redundant Ø Small critical rooms can draw from separate, redundant ATSs
• Chilled water plant Ø Generally available 24/7 and reliable Ø Subject to partial or full shutdowns for maintenance & repairs Ø Small critical AHUs can draw from separate, redundant ATSs
32
EPO Systems
33
Critical Rooms in Healthcare Facilities
Emergency Power Off (EPO) “kill switch” shutdown systems
• Shutdown mechanism at the computer room exit(s) Ø Typically a button at all doors
• Entire room shutdown not normally required Ø Only power & supply air to IT equipment needs to be shut down Ø Lighting, UPS & PDU equipment can remain energized
• Legacy from 1960s mainframe data centers • Required by national safety codes & Local AHJs • Only applies to certain types of “computer rooms”
Ø Generally those with access floors used both for supply air and cabling that is not anchored (flex power cabling)
34
EPO Systems
Everyone has an EPO story.
An unplanned shutdown.
The story almost never involves an actual emergency!
35
EPO Systems
For critical system reliability, the best EPO system is one that not required and is never designed or installed
Ø Zero EPO systems
The next best EPO system, if required, is a system designed to prevent or limit erroneous activation
Ø Two EPO systems for A/B power & redundant cooling
A single EPO system presents high risk to reliability
Ø One EPO system requires special care
36
EPO Systems
EPO systems are not normally required in small telecom/network rooms, MDFs, BDFs, IDFs, etc.
An EPO is normally not required for the following: • Room with no access floor • With access floor, but not used for supply air • Access floor for supply air but not for cabling • Access floor for supply air & cabling but all cabling anchored
Once an EPO is installed, or even part of a design package, it is difficult to remove
37
EPO Systems
q Code allows two buttons q Use separate A & B systems wiring, separate j-boxes q Requires proper signage
38
Dual EPO System
Much Lower Risk
EPO Systems
39
q Covered, recessed buttons are best q Consider alarming cover (siren, strobe, etc.) q Maintenance bypass systems allow low-risk testing, changes q Avoid held-closed designs q Avoid fire alarm & control interfaces to EPO shutdown q Maintain accurate wiring as-built diagram
Single EPO requires hardening
High Risk High Risk Lower Risk
EPO Shutdown Recovery
q Maintain step-by-step recovery procedures q If buttons are held-locked, provide access to key q Do not disable an EPO system
– Do not remove shutdown wiring! – Do not padlock EPO button covers!
q To reconfigure or eliminate an EPO system, do it thoroughly and completely.
Argument: If life-safety (patient-care) technology is supported by the UPS and cooling systems, then patient-care might be better served without an EPO system
40
Reliability Killers
41
Reliability Killers
§ EPO systems § Circuit breaker nuisance tripping
Ø Make sure trip settings are adjusted out from minimum Ø Don’t set ground fault current interrupters (GFCI) too sensitive
§ Generator, switchgear or ATS not in auto mode § Generator breaker left open § Generator incorrect software installed § UPS battery failure
Ø Monitoring & self-testing can provide false sense of security § UPS left in bypass § Maintenance, construction w/o effective MoPs
42
Keys to Reliability
43
Keys to Reliability
§ Design commensurate with reliability requirements Ø Eliminate or reduce single-point failure risks
§ Effective remote monitoring & controls § Accurate, maintained as-built construction drawings § Site-specific operating procedures, maintained § Continuous operator training § Preventative maintenance
Ø Be aware of non-OEM service-provider limitations: UPS
§ Performance testing, commissioning § Evaluate live facility risk vs. benefit
44
Regulatory Requirements
45
Healthcare Facilities
Regulatory requirements – NFPA 70, 99 & 110
• Generator load testing “30% testing” • Load transfer of operating mechanical, electrical, plumbing, vertical transportation
and clinical systems from normal power to emergency generators and then back to normal power
• Emergency power supply system (EPS) maintenance
– The Joint Commission Accredits Healthcare Organizations – 39 month survey – OSHPD: California's Office of Statewide Health Planning and Development
• OSHPD also monitors the construction, renovation, and seismic safety of hospitals and skilled nursing facilities and provides loan insurance to assist the capital needs of California's not-for-profit healthcare facilities
• Special equipment ratings: shake table testing • Regular EPO testing (bypass, simulation allowed)
46
Healthcare Facilities
Regulatory requirements – Surge Protection Devices (SPDs) – NEC Article 700.8 requires SPDs on all emergency power system
switchboards and panel boards, added to NEC 2014 – Special requirements for SPDs with patient care equipment. The National
Electrical Code for Health Care Facilities (NEC Article 517) requires SPDs to protect medical equipment used in general or critical patient care areas. SPDs in these areas also must comply with the requirements of UL-60601 - Medical Electrical Equipment, Part 1: General Requirements for Safety and IEC 60601-1-1 - Medical Electrical Equipment - Part 1: General Requirements for Basic Safety and Essential Performance.
– NEC 2017, issued in September of 2016, added requirements for SPDs on disconnects supplying emergency systems in Article 620.51(E). This section addresses SPD requirements for elevators, escalators, moving walks, platform lifts, and stairway chair lifts. Where any of the disconnecting means has been designated as supplying an emergency system load, surge protection shall be provided.
47
Comments & Questions
Contact: Michael Fluegeman, PE, Principal PlanNet 2951 Saturn St., Suite E, Brea, CA 92821 Office 714-‐982-‐5836 (rolls to mobile) [email protected]
48
