← PART 01

Part 1 covered the three failure modes that that overwhelm RPM platforms in hospital environments: the silent polling fallback, the reconnection dead zone, and the concurrent connection collapse. The root cause of all three is the same: streaming infrastructure built for the public internet, deployed in a hospital network. Read Part 1 →

Part 1 closed with a promise: the fix is architectural. Today, we discuss this fix in production detail, with the specific Lightstreamer capabilities that make each layer work, and the on-prem deployment model that keeps HIPAA compliance intact.

Why MQTT Doesn't Solve the Last-Mile Problem

MQTT is excellent at what it was designed for. It was designed by IBM in 1999 for monitoring oil pipelines over satellite links[1] with constrained hardware, unreliable networks, minimal bandwidth. A protocol that could survive those conditions is exactly what you want for medical IoT devices: low power consumption, small packet overhead, reliable delivery with QoS levels[2], and native handling of intermittent connectivity.

MQTT was not designed for browsers. There is no native MQTT client in any browser. To get MQTT data into a web application, you need either MQTT over WebSocket - which requires broker-side configuration and still hits every proxy and firewall problem from Part 1 - or a server-side bridge that translates MQTT messages into a browser-compatible protocol.

"MQTT is a device protocol. The care team's dashboard is not a device. Expecting MQTT to handle both ends of the data journey is asking the protocol to do something it was never designed to do."

The practical consequence is that every RPM platform must have something between the MQTT broker and the care team's dashboard to carry data in the last mile. A bridge that handles hospital network environments securely, efficiently and reliably.

Technical note
MQTT over WebSocket is a common approach and works on permissive networks. The issue is the same as standard WebSocket: hospital proxy servers that strip Upgrade: websocket headers silently break the connection.[3] A broker configured for MQTT-over-WebSocket in a hospital environment will hit the same proxy failure mode as any other WebSocket implementation, falling back to polling or failing entirely, without the client knowing.[4]

The Full Architecture Stack

The production architecture for sub-second clinical alert delivery has four layers. The Lightstreamer MQTT Connector sits between the broker and the care team clients - it's the bridge. Importantly, it runs inside the hospital network perimeter, which means patient health information never leaves the hospital's infrastructure.

MEDICAL DEVICES & SENSORS
Wearable vital signs monitorsBedside patient monitorsInfusion pumps & drip sensorsPulse oximetersContinuous glucose monitors
MQTT LAYERRight protocol for devices → cloud. Wrong protocol for cloud → browser.
MQTT broker (Mosquitto / HiveMQ / AWS IoT Core)QoS levels 0–2 per device typeTopic hierarchy: hospital/ward/bed/vitalDevice auth & TLS in transit
LIGHTSTREAMER MQTT CONNECTORThe bridge. Runs inside the hospital network perimeter.
Subscribes to MQTT topics on behalf of all clientsIntelligent Streaming → per-client transport negotiationAlert fan-out → only subscribed care team members notifiedDelta delivery → changed vitals fields onlyHospital proxy traversal → automatic fallback chainStreamSense → explicit connection state, no silent failureOn-prem deployment → PHI never leaves hospital perimeter
CARE TEAM CLIENTS
Web dashboards (WebSocket / HTTP streaming / long-poll)iOS & Android native appsNurse station wall displaysPhysician mobile rounding apps

The architecture is minimal. We are not replacing anything in your existing stack - not the MQTT broker, not the device firmware, not the EHR integration. We add one component between the broker and the clients: the Lightstreamer MQTT Connector. It subscribes to your existing MQTT topics and handles every last-mile delivery problem that MQTT alone cannot handle efficiently

What the connector actually does

The connector maintains a persistent subscription to the MQTT broker on behalf of all connected care team clients. When a vital sign update arrives on a topic, the connector processes it once and fans it out to all subscribed sessions, applying delta delivery (only changed fields) and per-client bandwidth adaptation in the process.

This matters for scale. At a 200-bed ward with 300 monitoring devices each publishing vitals every 2 seconds, and 80 concurrent care team sessions, a naive fan-out would generate 300 × 80 = 24,000 deliveries per second. With delta delivery, most of those deliveries are a handful of bytes - only the SpO₂ value that changed, not the full vital signs record. With selective fan-out, a nurse monitoring patients in Bays 1–6 only receives updates for those patients. The actual network load is a fraction of the theoretical maximum.

The Sub-Second Alert Pipeline

In Part 1, we called out the clinical target: sub-second end-to-end alert delivery from sensor reading to care team dashboard. Here's what that actually looks like, step by step, in a production deployment.

Click each step below to walk through the full alert delivery pipeline
STEP 01 - 0msSensor reading

A bedside pulse oximeter captures a SpO₂ reading and heart rate. The device firmware packages this as an MQTT payload and publishes to its assigned topic: hospital/ward-4b/bed-12/vitals.

Device firmware overhead: ~5–20ms depending on hardware. MQTT QoS 1 ensures delivery acknowledgement to the broker.
Click each step above to walk through the full alert delivery pipeline

The sub-300-millisecond figure reflects end-to-end latency in controlled deployments under comparable network conditions (on-prem broker, local WiFi, with minimal competing traffic). Real hospital environments introduce additional variance: contested WiFi adds 20–40ms, cellular handoffs add 50–150ms. All paths remain comfortably sub-second under normal operating conditions. For Lightstreamer's own benchmarking data, see their published performance documentation.[10]

Clinical context
The clinical significance of sub-second vs. 30-second alert delivery is not abstract. Early warning score systems calculate a deterioration risk score from continuous vital sign streams.[5] A system running on 30-second polling intervals can miss an acute deterioration event that develops and peaks within that window. Sub-second delivery means the early warning score reflects the most current physiological state of the patient - not the state from 25 seconds ago.[6] Research consistently shows continuous monitoring detects deterioration significantly earlier than conventional spot-check early warning scores, giving care teams a meaningful intervention window before an ICU transfer becomes necessary.

MQTT Direct vs. MQTT + Lightstreamer

For teams evaluating whether the bridge is worth adding to the stack, the comparison below may be helpful. MQTT direct-to-browser may work well in ideal conditions. But, hospital environments are not ideal conditions.

CapabilityMQTT directMQTT + Lightstreamer
Designed forDevice → cloud (IoT)Cloud → browser/mobile
TransportTCP (raw)WebSocket + HTTP fallback chain
Browser supportNone - requires gatewayNative - all modern browsers
Hospital proxy traversalNo - blocked by most proxiesYes - automatic negotiation
Mobile handoff handlingSession breaks, manual reconnectTransparent session continuity
Fan-out to 1,000 clientsRequires custom broker logicBuilt in - selective per subscription
Delta deliveryFull payload every messageChanged fields only
Connection stateBinary: connected / notExplicit: streaming / degraded / offline
On-prem HIPAA deploymentYes - broker runs anywhereYes - connector runs inside perimeter

The most important row in the table above, is the connection state. MQTT gives you binary state - either it is connected or not. Lightstreamer gives you explicit, granular state: i.e. streaming at full quality, degraded to HTTP streaming, degraded to polling, offline. For a care team relying on that connection for clinical decisions, the difference between "I know I'm in a degraded state" and "I don't know if this data is stale" is an important patient safety consideration. Unreliable Alarm systems (Alarm Fatigue) is a documented contributor to adverse patient events[8] and a Joint Commission National Patient Safety Goal[9]. This makes connection state transparency a very critical clinical requirement, not just a nice-to-have capabiltiy.

On-Prem Deployment and HIPAA Compliance

In healthcare, HIPAA compliance is an important architecture consideration, that must be addressed. The Privacy Rule and Security Rule establish requirements for how protected health information is stored, transmitted, and accessed.[7] For real-time streaming specifically, the question is: does patient vital signs data leave the hospital network perimeter, and if so, under what conditions?

Cloud-based streaming solutions route data through external infrastructure by definition. For many hospital system procurement teams, this is a may be a non-starter, regardless of the vendor's compliance certifications - the data residency requirement is absolute. Patient vitals do not leave the building.

HOSPITAL NETWORK PERIMETER - PHI stays here
MQTT Broker
Mosquitto / HiveMQ
Lightstreamer Server
MQTT Connector installed
Medical Devices
IoT sensors & monitors
EHR / Clinical Systems
Epic, Oracle Health, etc.
↓ Encrypted outbound only - no PHI in payload
CARE TEAM CLIENTS (any network):Web browseriOS appAndroid appNurse station display

All PHI processing happens inside the hospital perimeter. Lightstreamer transmits only the data the care team needs to see - never raw patient records. HIPAA-compliant by architecture, not by policy alone.

Lightstreamer's on-premise deployment model satisfies this requirement through correct architecture. The server runs inside the hospital network. The MQTT broker runs inside the hospital network. The connector runs inside the hospital network. The only outbound traffic is the encrypted, minimal delta payloads to the care team's client devices - and those payloads contain only the specific vital sign values (delta only) the care team member is authorised to see, not raw patient records.

Technical note
The on-prem deployment also resolves a second procurement concern: audit trails. HIPAA requires audit controls, specifically records of who accessed what patient data and when.[7] A Lightstreamer deployment inside the hospital perimeter can be integrated with the hospital's existing audit logging infrastructure directly, without routing access logs through a third-party cloud provider.

What "Simple to Add" Actually Means

Part 1 promised the bridge is simpler than it sounds. Here's what that means in practice for an engineering team with an existing MQTT-based RPM platform.

Your existing device firmware doesn't change. Devices continue publishing to MQTT topics exactly as they do today. The Lightstreamer MQTT Connector is a subscriber to your existing broker - it doesn't require any changes to the device layer or the topic structure.

Your MQTT broker doesn't change. Whether you're running Mosquitto, HiveMQ, AWS IoT Core, or Azure IoT Hub, the connector integrates as a standard MQTT subscriber. Broker migration and topic restructuring is not required.

Your EHR integration doesn't change. The Lightstreamer layer handles only the last-mile delivery from broker to dashboard. Your upstream data pipeline, your EHR data model, your clinical decision support rules - none of these are touched.

What changes is the client layer. The care team's dashboard replaces its current data source - whether that's polling, direct MQTT-over-WebSocket, or a bespoke bridge - with the Lightstreamer client SDK. For web dashboards, this is a JavaScript SDK. For iOS and Android apps, native SDKs are available. The SDK abstracts all transport negotiation; the application layer simply subscribes to items and receives updates.

Technical note
Lightstreamer provides SDKs for JavaScript, iOS (Swift/Objective-C), Android, .NET, Java, Python, and several other platforms. The subscription model is declarative: the client specifies which items and fields it wants, and the server handles delivery optimization automatically. A care team dashboard subscribing to 12 patients' vital signs in 6 fields each requires the same client-side code regardless of whether those patients are generating 10 updates per second or 100.
Now that we understand the simplicity and elegance of the architecture and the value it adds, we need to make a decision.

We have seen the failure modes in last mile data streaming and we have seen the fix. The decision process and criteria are different for leadership teams within their own context: some high level questions would be - given our team size, our current stack, our compliance requirements, and our timeline - is building this ourselves the right call, or should we leverage Lightstreamer?

Part 3 provides the DP5 framework that will facilitate making that decision. Built specifically for healthcare technology leadership teams, it considers the important criteria, such as, HIPAA compliance, on-prem deployment, and clinical latency requirements as inputs. Watch out for Part 3, where we dive into the details of the DP5 Build vs Buy framework for healthcare IT. The healthcare version of this decision framework addresses constraints that don't exist in other domains, and might be used for other technology decisions as well.

References
  1. HiveMQ. "MQTT Essentials Part 1: Introducing MQTT." HiveMQ Blog. www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt/
  2. Amazon Web Services. "What is MQTT?" AWS Documentation. aws.amazon.com/what-is/mqtt/
  3. Nginx. "WebSocket proxying." Nginx Documentation. nginx.org/en/docs/http/websocket.html
  4. Adobe. "Troubleshooting WebSocket: Missing upgrade headers." Adobe Enterprise Knowledge Base. helpx.adobe.com/enterprise/kb/troubleshooting-websocket-missing-upgrade-headers.html
  5. Vranas KC et al. "Early Warning Scores to Support Continuous Wireless Vital Sign Monitoring for Complication Prediction in Patients on Surgical Wards." JMIR Perioperative Medicine, 2023. periop.jmir.org/2023/1/e44483
  6. Ramaiah Memorial Hospital / JMIR. "Effectiveness of Remote Patient Monitoring Equipped With an Early Warning System in Tertiary Care Hospital Wards." Journal of Medical Internet Research, 2025. www.jmir.org/2025/1/e56463
  7. U.S. Department of Health & Human Services. "Summary of the HIPAA Security Rule." HHS.gov. www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
  8. Sendelbach S. "Alarm fatigue: a patient safety concern." PubMed / Critical Care Nurse, 2013. pubmed.ncbi.nlm.nih.gov/24153215/
  9. AHRQ PSNet. "Alert Fatigue." Patient Safety Network. psnet.ahrq.gov/primer/alert-fatigue
  10. Lightstreamer. "Lightstreamer: Real-Time Messaging Server." Lightstreamer.com. lightstreamer.com/products/lightstreamer/
Want to see this architecture applied to your RPM platform?

DP5 offers a free architecture consultation for digital health engineering teams.

Schedule Call for Free Consultation →
Healthcare Series - All Parts
01
02
MQTT, Hospital Networks, and the Last-Mile Problem← you are here
May 12, 2026
03
Build vs. Buy for Health IT: An Engineer's Framework
Jun 10, 2026 · soon
← Part 01
The Real-Time Clinical Data Gap
Part 03 → Publishing Jun 10
Build vs. Buy for Health IT: An Engineer's Framework
Coming soon