How to Build a Real-time Patient Monitoring System

When it comes to patient monitoring, there is no such thing as being too attentive to a patient's needs. Telemedicine and remote patient monitoring (RPM) have been gaining traction and have actually received adaptation since the COVID-19 pandemic due to their efficiency and capabilities to deliver timely healthcare services while containing COVID-19 transmissions. These medical devices communicate with each other using the latest technology of real-time systems to track specific vitals relative to a person. The real-time decision is then calculated based on these metrics, usually using historical data and the current patient's vitals to track if they need assistance or medical attention. In this how-to, we will develop a real-time system that can be implemented on any medical device, whether implanted, wearable, or mobile. We will then use PubNub Illuminate to track these metrics and make real-time decisions based on a patient's health vitals.

What is Real-time Patient Monitoring

Real-time patient monitoring involves the use of advanced medical devices and real-time services such as PubNub that together enable the continuous observation of a patient's health data. It differs from patient monitoring in the past by providing immediate care solutions when an anomaly is detected. With real-time patient monitoring, doctors gain access to continuous, instantaneous data.

There are two massive benefits of real-time patient monitoring. First, real-time patient monitoring stops re-admissions into hospitals. This would decrease the number of people who need medical attention, which would, in turn, decrease the average wait time per hospital. Second, half the world lacks medical attention primarily due to people paying out of their own pocket. The good thing about patient monitoring is that it would reduce medical costs by shifting the focus from treatment to prevention.

Security & Compliance

Security and compliance regulations are non-negotiable when transmitting or even storing electronic patient health information (ePHI). Healthcare applications must follow strict rules to protect sensitive information; one of the most important laws in the U.S. is the Health Insurance Portability and Accountability Act (HIPAA), created in 1996.

PubNub is HIPAA compliant, meaning it can transmit and store ePHI, making it an excellent choice for building a real-time patent monitoring solution. However, how does PubNub ensure HIPAA compliance?

End-to-End Encryption: PubNub encrypts all messages sent across its network with AES256 encryption.

Access Control & Authentication: PubNub can ensure that only authorized healthcare professionals can access patient data with Access Manager.

Secure Data Storage & Playback: PubNub does not store data by default but can be configured to comply with HIPAA rules. Data can be retrieved later for analysis while ensuring patient security.

Developing a Real-time Patient Monitoring Solution

This system will utilize PubNub's real-time messaging layer combined with PubNub decision intelligence to send data from a wearable device through the PubNub network into Illuminate, where we can track analytics and make decisions on a patient's vitals. PubNub is platform agnostic, meaning any language or platform can implement this solution. For this tutorial, I will be developing the application in JavaScript using PubNub’s Core JavaScript SDK, but feel free to check out the variety of PubNub’s SDKs.

Let’s start by breaking this down into steps:

Step 1: We set up the communication layer of our application, enabling the PubNub keyset, ensuring it is secure and can handle the protected transmission of data. We will install the PubNub Core JavaScript SDK and ensure it is configured on the client side of our application. Lastly, we will set up a server to store the PubNub secret key securely for secure authentication.

Step 2: When the communication layer is enabled, we will set up a system to store and transmit ePHI information securely across PubNub. We will then be able to view this data from authorized devices.

Step 3: Now that client information is transmitted across the network, we can visualize this data using PubNub Illuminate. We can then configure decisions based on client metrics for real-time patient monitoring and alerts.

Setting Up the Secure Communication Layer

To set up PubNub, configure your keyset and install all the dependencies required to follow the steps outlined below:

1. Sign up for a free account

2. Navigate to Apps & Keysets → click Create App

3. After creating an App, you will be brought to the application home screen, where we will need to configure our keyset

4. After clicking on your keyset, we will enable Access Manager, Message Persistence, and App Context

5. Your keyset should now look like the one in the image below

After enabling Access Manager, Message Persistence, and App Context on our keyset, we will now implement a way to authenticate our clients so only authorized users can access ePHI. Three actors are involved when working with Access Manager: your server, the PubNub Platform, and client devices. The authentication flow is as follows:

1. The client application requests authentication from the server during the login process

2. The server issues an auth key to allow specific privileges for the client

3. The client application sets PubNub credentials with that auth key and passes it to the PubNub Platform to perform API operations

Now, let’s set up a server and client to see how this will work in a real-world application.

For the server, we will first need to set up a “grant” request using the API of choice. The code below shows the logic you will need to implement on the PubNub side to grant an authentication token for the doctor to access information about “patient-1” and “patient-2”. For this example, let’s say a doctor is authenticated into a portal where he will need to see previous information or messages about both patients.

In this specific case, the code above grants permissions to channels “patient-1” and “patient-2.” The doctor will also have access to any metadata stored in App Context for all users where their ids match the pattern “.*” (All users).

We can now call this API request from the client side and receive the token needed to authenticate the PubNub client on the front end.

Note: that we have the token on the client side of the application, we can authenticate the PubNub instance like such:

Note that I did not store the secret key on the client side of the application. The role of the PubNub secret key is to generate the authentication token, and it should always remain in a secure place. I have stored it in a local .env on the server side of my application. For this application, I also highly recommend using OAuth 2.0, JWT-based authentication, or a custom authentication flow to generate the PubNub authentication token, as anyone right now who has your publish and subscribe key can call the requestAccessManagerToken to authenticate a PubNub instance. We can not assume that the publish and subscribe keys are protected as they will be compiled on the client side of the application.

Severely Transmitting ePHI Information

PubNub is serious about the security of your data, even in transit. The next way PubNub helps you secure your data is with message encryption. We will need to enable message encryption when initializing our PubNub instance on the client side of the application.

This message will now be encrypted at the time of publish by the PubNub SDK before it is sent and remains encrypted throughout the PubNub Network until it reaches the clients that subscribe to it. If you do not want to encrypt the entire message, PubNub also offers a way to partially encrypt messages. This is useful for tools like PubNub Illuminate, which can track patients' data and make real-time decisions based on that information. Since we have enabled encryption on the PubNub instance, any message now published using that instance declared above will be encrypted.

Below is an example of partially encrypting a message if the PubNub configuration is not declared with the cryptoModule.

In this example, we will encrypt the doctor's notes and the patient's status. However, let’s say we want to know as a hospital how many positive vs. negative results we have (to keep it simple). We will not encrypt this so we can analyze this data inside of PubNub Illuminate later. Everything related to the ePHI is now encrypted.

Now that we have our encryption done, let's publish a PubNub message. I will use the message we have declared above called json. It is important to remember that AES-CBC encryption returns an ArrayBuffer, and a JSON can not natively handle binary data. This is why we had to convert the ArrayBuffer to a Base64 string before sending it across the PubNub Network.

After we have published a message we will want to be able to receive it on the patient's dashboard or the doctors dashboard. We will first add a listener for incoming messages to receive information about that specific patient that is published. We will first start with returning that Base64 string back into an ArrayBuffer and then decrypt the message using the cipher key “pubnubenigma”.

Note: When the message reaches the client side of the application after publishing, you will need to ensure that the PubNub instance that receives the message has the same publish and subscribe keys as the instance that sent the message.

Analyzing and Acting on Patient Health Data with PubNub Illuminate

We have initialized a secure way to store and transmit messages. Let's say we want to track certain metrics about our hospital patients and make real-time decisions based on that through PubNub Illuminate. These metrics/events could be statistics that are important to our hospital or data we want to act on right away. For example, we can set up a trigger for when a positive pregnancy result comes through PubNub Illuminate to notify the doctor.

Using PubNub Illuminate, you can set up a business object as follows for the example above.

Business Objects define what you want to track. In this case, we have tracked. I have defined a business object to track the pregnancy results for all patients in the hospital. We have mapped the data field “message.body.results” to the part of the message that has not been encrypted. This value will either map to “positive” or “negative”.

Next, we will need to set up an Illuminate Dashboard so we can visualize this business object. We can select the business object and metric in order to do this.

The red bars on the graph indicate whenever a Decision was made, so let’s look at that:

Here we are defining a condition based on an event if a Pregnancy Result has come through. Every pregnancy event in this case (can be configured differently) will be sent to the doctor. We can now define an action for what the message will say for when it is sent through PubNub. We can also set variables in our action to showcase what the result of the pregnancy was. We will send the message to “doctor-private-notification” to warn the doctor on his own independent channel.

If you now subscribe to this channel on the client side of your application, you should see the message come through whenever there is a message published that has a pregnancy result included.

Conclusion

Building a real-time patient monitoring system using PubNub provides not only a scalable solution but a secure solution. At PubNub, we care about the protection of data while supporting fast development and scalable infrastructure. With real-time data streaming, the possibilities are endless; healthcare providers can proactively monitor vitals, identify anomalies, and intervene when necessary—ultimately reducing hospital readmissions and improving patient outcomes.

Learn more about how PubNub can enable your real-time healthcare data streaming solution; get in touch, or sign up for a free PubNub account to explore how you can safely store and transmit data across the world.