Trace: Home » documents » documents:development » documents:development:jpns » safetynotes_v1

jPNS v1.57 Safety Notes - IMPORTANT!

The following is an email from Michael Neary, who was kind enough to review the jfish v1.57 PNS schematic and highlighted some significcant design flaws that need to be addressed. Full discussion of these points can be found on the Developers mailing list.

Subject: jfish hardware design
From: “Michael Neary”
Date: Wed, January 4, 2006 1:18 pm

Congratulations on your forward looking contributions.

I must call attention to several hazards in the published hardware design.

As I understand it, the regulated output of the MAX641 is approximately 300V.

The 300V output appears through a capacitor on JP3. Under no circumstances should the circuit “ground” be allowed to touch the patient, or earth. There’s 300V between the regulator output and the circuit “ground”, and the above accidents could be fatal. Unfortunately the battery appears to be exposed. I presume that the serial connection JP2 is only for programming and is well protected during patient contact. (It will activate the high voltage output when in use).

C5 is rated at only 250V. C6 is rated at only 63V. If this device fails, the patient could be burned. Q5 is only rated at 60V.

If Q5 is ever turned off by the PICAXE, it allows the MAX641 VFB input to float towards 300V (trough a megohm). Although there are undoubtedly protection diodes for this pin, it still can’t be good for the MAX641. If this pin function fails, it may allow the 300V to increase essentially without limit. (There has to be a better way to enter low power mode.)

No current limit through Q2 and D1. No current limit through Q1 and LED2. If LED2 fails due to excess current, it won’t provide its indication.

The 78L05 should have a minimum of 0.33 uF on its input for battery operation.

If the power is removed from the device, it will take up to 30 seconds for the output voltage to fall to a safe value.

S1 (the main power switch) probably should be sealed, or explosion rated. The photo shows an open style switch.

Suggestions:

  • Protect “GND” aggressively. Add critical note to schematic.
  • Place battery inside the enclosure. 300V should not be generated if battery cover is off.
  • Capacitor voltage ratings (2). 100 ohms (?) in collectors of Q1 and Q2.
  • Explosion rated.
  • Use LBI pulled to GND to enter reduced power mode.
  • Discharge across C6. (1 megohm?)
  • (Non critical) Q3 is redundant. You can connect LED3 directly from R21
  • (cathode) to +9V (anode).
  • (Non critical) The device will have better performance under low-battery conditions if there is 100 uF or more between 9V and GND.

jfish.org is powered by the excellent Dokuwiki. Hosting, server, OS and design credits.
This work is licensed under a Creative Commons License.

Creative Commons License