Consolidation within the healthcare industry and the rise of regional medical centers has led to larger facilities, often spread over a large area in a campus environment. These facilities require more standby power due to size alone, and the impracticality of evacuating a large patient census during an extended utility outage means capacity to permit normal or near-normal operation of the facilities may be required.
Higher power demand leads to use of larger generators at higher voltages to allow for practical and economical distribution of power throughout the facility. While traditional systems have usually used generators rated at 480 Volts and 1,000 kW or less, large systems typically use units rated from 4,160-13,800 Volts (a range referred to as “medium voltage”) and up to 2,500 kW. These installations are typically centrally located with other major utility systems to permit efficient operation and maintenance. This article will discuss the differences between large central systems and traditional single-facility systems from design, code compliance, and reliability standpoints and then offer advice on implementation based on lessons learned over the course of many projects.
Most large standby power systems use generator paralleling switchgear, which allows multiple generators to be connected together to meet high power demand and increase reliability. A typical arrangement of paralleling switchgear within a medium voltage system is shown in Figure 1. The normal power switchgear supplied by the utility service feeds step-down transformers throughout the facility that supply normal power loads and one side of automatic transfer switches for code-required essential system loads. The generators are connected to paralleling switchgear which feeds separate step-down transformers, which in turn supply the other “emergency” side of the automatic transfer switches.
This differs from a standard 480V paralleling scheme by the presence of the tie circuit between the utility switchgear and the paralleling switchgear through circuit breakers T1 and T2. This connection serves several purposes: If there is adequate generator capacity, it is used to feed generator power back to the normal power switchgear after disconnecting from the failed utility source, returning the facility to normal operation; it keeps the standby power system energized so any incipient fault that develops will be detected and can be corrected prior to the system being needed during a utility outage; and makes it unnecessary to run generators in response to an isolated problem within the facility that interrupts power to a transfer switch, since power is always available at the emergency side of the transfer switches via the pathway through the paralleling switchgear.
There are a number of design considerations for these more complex systems that don’t arise in isolated paralleling schemes:
- After the normal switchgear has been re-fed from the generators, the facility returned to normal operation, and the utility service restored, it is desirable to transfer back to the utility without another interruption to the load. This requires closed-transition switching in which the utility circuit breaker is closed, the generators operate in parallel with the utility, and transfer the load smoothly before their circuit breakers are opened and they shutdown. Utilities have requirements affecting selection of equipment, settings of protective devices, and operating procedures that must be satisfied to receive permission for this parallel operation.
- Feeder circuit breakers at the paralleling switchgear supply transformers which serve a mix of loads with different priority levels. Thus, loads cannot be added or shed based on priority by opening and closing circuit breakers at the paralleling switchgear; communication is needed from the generator control system to the automatic transfer switches so control can occur at that level. This may be hard-wired, digital communication, or a combination of both.
- Electrical distribution and control equipment must be taken out of service periodically for maintenance; the higher the operating voltage and the more complex the equipment, the more frequently this is required. Taking a central system that supplies all of the standby power for a large facility completely out of service for maintenance may not be acceptable from a risk management standpoint. In that case, the design must incorporate redundant equipment, dual feeds, or other mechanisms to permit shutting down part of the system while still supplying some or all of the critical load.
Beware (and take advantage) of the BAS
Standby power system status, alarms, and loading are typically monitored remotely, and many facility managers prefer to do this through the BAS so operators don’t have to deal with a separate system terminal. Cybersecurity must be considered in making such a connection to the software-based system controlling both utility and standby power equipment. If this provides digital access to the controller or protective relays, a hacker or a virus may be able to cause a complete loss of power to the facility. One approach to mitigation uses microprocessor-based meters as a digital bridge to transmit information and metering data to the BAS, as illustrated in Figure 2. The meters have no control of generators or circuit breakers, and thus access to them cannot compromise the operation of the system.
BAS integration can also assist in matching load to available generator capacity. Because it may take some time for a large number of generators to synchronize and be connected to the paralleling switchgear, the entire standby power load cannot be assumed immediately. Likewise, if one or more generators is unavailable or fails while operating, an automatic means of reducing load is required.
Traditionally, this has been done by controlling feeder circuit breakers or automatic transfer switches, delaying the transfer to standby power of less critical loads, and shedding them first if a capacity shortfall occurs. In large systems, this can be a blunt approach with the size of load blocks required affecting a great deal of equipment. From an operations standpoint, it may be desirable to select specific equipment as lower priority, or to change temperature or flow setpoints, reducing load without completely depriving any area of ventilation or cooling. Communicating the available generator capacity (or simply the need to reduce load) from the switchgear control system to the BAS can permit more precise control and prevent the need to delay or shed large load blocks of load indiscriminately. While code considerations may still require direct control by the standby power system, it can be relegated to a backup role.
Communicate Code Requirements
Central standby power generation systems serving health care facilities are considered Emergency Power Supply Systems (EPSS) under NFPA 99 — Healthcare Facilities and NFPA 110 — Emergency and Standby Power Systems, and may also be required to comply with NEC Article 517 requirements for health care facilities even if located in a central utility plant that is not a health care occupancy.
Some requirements of these codes are not typically considered in design and construction of medium-voltage generation and distribution systems, but they may be applied by the AHJ based on the occupancy served by the system rather than the occupancy of the central plant itself. As campus-type distribution systems and medium-voltage equipment have become more widespread, codes have adapted and modified requirements that were originally developed for standalone buildings to permit and accommodate central standby power generation and distribution, but inspectors and plan reviewers still may not be familiar with the details of these systems. Discussion with the AHJ during the planning and design phases to identify how they interpret the application of these codes to this type of system is highly recommended.
A key issue for AHJs is segregation and fire separation of the standby power system equipment and circuits from normal power equipment and circuits — not only within the central utility plant, but also as power is distributed throughout the facility and stepped down to the utilization voltage at individual buildings. It is also critical that the designer and the AHJ be on the same page regarding where the coverage of specific code requirements begin and end.
For example, we typically specify a listed PVC conduit product designated as Type EB-20 for use in concrete-encased underground ductbanks for medium-voltage circuits. On a recent project, the electrical inspector determined that such underground circuits carrying power from the central generation facility to a health care building should be classified as part of the building emergency power system, and since EB-20 is not listed as an approved wiring method under NEC Article 517, it required the use of Schedule 40 PVC conduit instead. This had a relatively minor cost impact to the project, but could have been a major problem if it had not been identified before the concrete was poured.
Reliability: The Devil is in the Details
As standby power systems become larger and more complex, factors that can negatively affect reliability increase as well. In contrast to a simple generator running under control of an on-board governor and voltage regulator serving load through an automatic transfer switch, paralleling systems with utility interconnections include multiple microprocessor-based devices implementing complex control and protection schemes. Engine-generator controls incorporate real and reactive power load sharing, automatic synchronizing and soft loading capability, all making use of analog or digital control loops that require proper setup and tuning at startup.
Relatively simple low voltage circuit breakers are replaced by medium-voltage circuit breakers with digital protective relays that sense and react to voltage, frequency, phase angle, and direction of power flow in addition to current, and must be programmed with control and tripping logic similar to a Programmable Logic Controller (PLC). The PLC-based overall system controls not only provide basic logic functions needed to sense utility failure, start and stop engines, and open and close circuit breakers, but these controls are also capable of prioritized load add/shed schemes based on real-time load monitoring; digital communication to engine-generator controls, protective relays and automatic transfer switches; and touch-screen operator interfaces.
A system that appears to be highly reliable based on having multiple generators, redundant switchgear, and alternate pathways to serve the load may actually provide less reliability than a simpler system if the control schemes required to automatically manage the configuration of the system become too complex. Complex control systems present more opportunity for inherent failure and make it difficult for facility staff to fully understand how the system is intended to work, how it should respond under contingency conditions, and how to take parts of it out of service for maintenance without affecting the remainder of the system, all increasing the likelihood of outages resulting from normal operations and maintenance activity. In the course of designing and commissioning many such systems, I have learned some of the following lessons, often painfully.
- Respect the KISS (Keep It Simple, Stupid!) principle. Make the system only as complicated as it has to be to perform the required functions, and avoid the temptation to write control sequences that cover all possible contingencies or that respond to situations that would require three or four simultaneous failures to create.
- Look beyond the single-line diagram. Significant investment in redundant generator and switchgear capacity can be compromised by a control system in which failure of a single component or communication pathway affects the entire system. Make sure that the controls as well as critical auxiliary systems such as fuel supply and engine room cooling are designed to the same reliability criteria as the power system.
- Set only the functions of protective relays that are truly required. Modern digital relays are designed to adequately protect central station turbine-generators as large as 1,000 MW and contain far more capability than necessary for engine-driven standby units. Setting complex protection elements that are not essential is more likely to result in tripping a generator offline when needed than to enhance its protection.
- Use intuitive arrangements of control switches and indicators. The value of building space and cost of sheet metal often leads to switchgear and control panels with a dense arrangement of identical-looking control switches with small labels grouped for convenience of wiring rather than by function. Improving the layout and visibility of controls through color coding, clear labeling, and functional arrangement can reduce operator error.
- Don’t shortcut commissioning. These systems require integration and coordination between generator controls setup by an engine-generator distributor, PLC controls programmed by a paralleling switchgear supplier, protective relays set by a power system engineer, and monitoring by the BAS systems integrator. In too many cases, coordination is left entirely up to the individuals involved, and no one is designated as responsible for overall verification of proper interaction at a systems level. The more complex the system, the more critical that a formal commissioning process be used to verify and document functionality and compliance with design intent. If you think this requirement presents unreasonable cost and schedule impact during construction, just wait until you have to recommission an existing system in an operating hospital environment because it wasn’t done correctly up front; the cost and time commitment will be at least an order of magnitude higher!
Designing for the Future
Central standby power systems, like other central utility installations, are expected to outlast the life expectancy of the facilities they serve and must be capable of being expanded as the facility grows and upgraded as new technology is introduced and as manufacturer support for the originally-installed equipment is not available. Consideration of these requirements during design can significantly lessen the difficulty and impact of making such changes when they become necessary in the future. Some features to consider:
- Providing spare circuit breaker positions with control and protection components and wiring as part of the initial installation can avoid the need to shut down switchgear to connect new sections or to safely work in existing unprepared sections.
- PLC logic should be written for the ultimate number of generators up front, with blocks of code for future units disabled until they are added. This can reduce the extent of needed recommissioning of existing control sequences when generators are added.
- Locate only those control components whose function requires it in the switchgear; control upgrades are much more easily accomplished without the need to work around energized medium-voltage equipment.
With careful attention to detail and consideration of reliability, maintainability, and expandability central generation systems can provide an effective and flexible means of meeting the standby power requirements of a healthcare facility well into the future.