For most products, preliminary hazard analysis is simple when it comes to battery failure — worst-case scenarios are temporary loss of function or data loss. But suppose you are designing a pacemaker and consider the following real scenario.
A friend of mine had her pacemaker checked over the phone in early July, and everything looked good. For the rest of the summer, she felt lousy and had difficulty sleeping, but she blamed it on allergies and stress. In the first week of October, another telephone check prompted her doctor to send her to the hospital for a replacement pacemaker; the unit’s battery had died.
My friend’s pacemaker was one of the few that reports only whether the pacemaker is working over the phone. It doesn’t report on the charge remaining in a functioning battery. Information stored in the pacemaker indicated the unit had lost power to control her heart shortly after the July telephone check, and her heart had been stopping on a regular basis all summer. She was lucky that her heart stoppages didn’t result in brain damage or death.
Many common heart problems can be traced to malfunctions in the heart’s electrical system and corrected with pacemakers. These include abnormally slow heartbeats that cause collapse, dizziness, or confusion; alternating fast and slow heartbeats; irregular contraction of the heart’s upper chambers; pauses in heart rhythm that cause loss of consciousness; and desynchronicity of beats in the heart’s lower chambers.
Pacemakers can ameliorate these problems by monitoring cardiac electrical signals and delivering electric pulses as needed to ensure proper function. They pack batteries, electronic circuitry, software, and heart-rate-activity memories into sealed containers weighing 1 to 2 ounces and taking up the same space as a deck of cards.
Using specially equipped computers, cardiologists retrieve pacemaker memories and reprogram the units. In addition, doctors can monitor pacemakers quarterly over the telephone for function and, in most cases, battery condition. When the battery charge gets too low, usually after six to 10 years, doctors replace the entire pacemaker.
However, pacemakers do not always work as well nor as long as expected. My friend’s pacemaker had only been implanted for four years when the battery failed. The pacemaker manufacturer provided a five-year warranty on her unit and hadn’t issued any warnings or recalls, so she had only her general feeling of malaise to alert her to a problem.
This premature pacemaker failure is not an isolated incident. My 102-year-old mother was told after a telephone check that her five-year-warranty pacemaker needed to be replaced, via a simple outpatient procedure, after four-and-a half years due to a run-down battery.
How many people die from premature pacemaker failure? Is it any wonder that pacemakers implanted in people who die are removed and returned to the manufacturer for failure analysis? Perhaps additional hazard analyses before implantation could reduce the need for failure investigations after the fact. MD
Lanny Berke is a registered professional engineer and Certified Safety Professional involved in forensic engineering since 1972. Got a question about safety? You can reach Lanny at [email protected].
Edited by Jessica Shapiro