The basic idea behind essential performance is that some things are more important than others. In a world of limited resources, regulations and standards should try to focus on the important stuff rather than cover everything. And risk is a great starting point to decide this.
But is it very complicated area, and the approach in IEC 60601-1 is doomed to fail as it oversimplifies it to a single rule: "performance ... where loss or degradation beyond the limits ... results in an unacceptable risk".
The first problem is that using acceptable risk together with the function alone is incorrect: generally you need a higher threshold when deciding to vary controls based on risk. Regulators do this all the time, for example allocating different controls for Class I, II, III devices. While risk is in the background, no regulator in the world uses acceptable risk to discriminate between different levels. In Europe for example, there are several pages of questions used to decide what classification to use, other regulators prefer to decide for each device individually. It's not easy and certainly not something that can be handled by a singe sentence rule.
The second problem is knowing what is important is highly context driven, you can't derive this purely from the function. Technology A might be susceptible to humidity, technology B to mechanical wear, technology C might be so well established that spot checks are reasonable. Under waterproof testing, function X might be important to watch, while under EMC test function Y is far more susceptible. Simply deriving a list of what is "essential" out of context makes absolutely no sense.
Following on from this idea, a better term to use might be "susceptible performance", which is decided on a test by test basis, taking into account:
- technology used (degree to which it well established, reliable)
- susceptibility of the technology to the particular test
- probability of the test condition occurring (i.e. normal use or an abnormal condition)
- the severity of harm if the function fails
There are four complications to throw into the mix before we consider "susceptible performance" is a good idea.
First is that "susceptible performance" presumes that, in the absence of any particular test condition, general performance has already been established. Currently in IEC 60601-1 there is no general clause which establishes what could be called "basic performance" prior to starting any stress tests like waterproof, defib, EMC and so on. This is an oversight in the standard.
Second is that third party test labs are often involved and the CB scheme has set rules that test labs need to cover everything. As such there is reasonable reluctance to consider true performance for fear of exposing manufacturers to even higher costs and test labs thrown into testing they are not qualified to perform. This needs to be addressed before embedding too much performance in IEC 60601-1. Either we need to get rid of test labs (not a good idea), or structure the standards that allows them to do their job efficiently and focus on the areas they are qualified and can add value.
Third is that for well established technology (such as diagnostic ECGs, dialysis, infusion pumps) it is in the interests of society to establish standards for performance. As devices become popular, more manufacturers will get involved; standardisation helps users be sure of a minimum level of performance and protects against poor quality imitations. This driver can range from very high risk devices through to mundane low risk devices. And the nature of standards is such that this is unlikely to be comprehensive, for example, monitoring ECG may have functions for ST segment analysis not covered by IEC 60601-2-27. Currently IEC 60601-1 includes standardised performance under the umbrella of essential performance, but it doesn't really fit since this performance is not always high risk and rarely comprehensive.
Finally, IEC 60601-1 has special requirements for PEMS for which applicability can be critically dependent on what is defined as essential performance. These requirements can be seen as special design controls, similar to what would be expected for Class IIb devices in Europe. The are not appropriate for lower risk devices, and again the inclusion under the single umbrella of essential performance creates more confusion.
Taking these into account, it is recommended to revert a general term "performance", and then consider four sub-types:
Basic performance: performance according manufacturer specifications, labelling, public claims, risk controls or can be reasonably inferred from the intended purpose of the medical device.
Standardised performance: requirements and tests for performance for well established medical devices published in the form of a national or international standard.
Susceptible performance: subset of basic and/or standardised performance to be monitored during a particular test, decided on a test by test basis, taking into account the technology, nature of test, severity if a function fails and other factors as appropriate, and documented in the risk management file.
Critical performance: subset of basic and/or standardised performance performance which if fails, can lead to significant direct or indirect harm with high probability; this includes functions which provide or extract energy, liquids, radiation or gases to the patient in a potentially harmful way; devices which monitor vital signs with the purpose of providing alarms for emergency intervention, and other devices with similar risk profile (Class IIb devices in Europe can be used as a guide). Aspects of critical performance are subject to additional design controls as specified in Clause 14 of IEC 60601-1
Standards should then be structured in a way that allows third party laboratories to be involved without necessarily taking responsibility for performance evaluation that is outside the laboratories competence.