New Feature — Secure Messaging

Secure Patient-Provider Messaging for Vestibular Rehabilitation

Communicate directly with your therapist or patients through a HIPAA-compliant messaging channel built into the rehabilitation workflow. No phone tag, no compliance risk, no separate app.

Get Started Free For Therapists
HIPAA Compliant
AES-256 Encrypted
RTM Billing Integration

Why Current Patient Communication Falls Short

Phone Tag

Missed calls, voicemails, and delayed responses. Patients wait days for a simple answer.

Patient Portals

Clunky interfaces, low adoption, and a separate login patients never remember.

Text & Email

Not HIPAA compliant. Legal liability. No audit trail. Every message is a compliance risk.

EyeRehab messaging solves all three — secure, asynchronous, and built into the app your patients already use.

Messaging Built Into the Rehabilitation Workflow

Not a bolted-on chat tool. Messaging that understands vestibular rehabilitation.

Per-Patient Toggle

Enable messaging for individual patients. You control who can message you.

Bidirectional Chat

Either party can start a conversation. Patients ask questions; therapists provide guidance.

Push Notifications

Instant alerts when a new message arrives. Never miss an important patient question.

Read Receipts

Know when your message has been seen. No more wondering if the patient got your instructions.

Mute & Snooze

Control your availability. Mute notifications for 1 hour, 8 hours, 24 hours, or indefinitely.

Automatic RTM Logging

Professional messages auto-log time toward RTM CPT 98980/98981. Revenue generated while you communicate.

Dr. Sarah Chen, PT
Vestibular Specialist

Hi Dr. Chen, I felt more dizzy than usual after my VOR-X1 exercises today. Is that normal?

10:32 AM

That can happen when your brain is adapting. How long did the dizziness last after you stopped?

10:45 AM

About 15 minutes. Should I lower the speed setting?

10:48 AM
End-to-end encrypted · HIPAA compliant

Stay Connected With Your Therapist

No more waiting until your next appointment to ask a question.

Ask Questions Between Visits

Wondering if your symptoms are normal? Ask your therapist directly without scheduling a call.

Share How Exercises Are Going

Let your therapist know which exercises are helping and which trigger symptoms.

Get Encouragement and Guidance

Recovery is hard. A quick message of encouragement from your therapist can make a real difference.

Messaging is available in the same app you use for your daily exercises. When your therapist enables messaging, a chat icon appears on your dashboard. Tap it, type your message, and your therapist is notified instantly.

Better Patient Engagement, Built-In RTM Billing

Communicate with patients while generating revenue.

Per-Patient Control

Toggle messaging on or off for each connected patient. You decide who can reach you.

Auto RTM Logging

Each message auto-logs 1 minute toward RTM CPT 98980/98981, capped at 20 minutes daily per patient.

Mute & Snooze

Manage your availability without disabling messaging. Patients can still send messages — you review when ready.

HIPAA Compliant

AES-256-GCM encryption at rest, HTTPS in transit, HIPAA audit logging, 7-year data retention.

Each professional message auto-logs 1 minute toward RTM CPT 98980/98981. For an active patient, messaging alone can contribute meaningfully to your monthly RTM time.

Learn more about RTM billing

Three Steps to Secure Patient Messaging

1

Enable

Toggle messaging for each patient in the pro portal. You control who can message you.

2

Chat

Patient and therapist exchange messages securely through the app. Push notifications keep both parties informed.

3

Bill

Professional time is auto-logged toward RTM codes. No manual time tracking required.

HIPAA-Compliant by Design

AES-256-GCM Encryption at Rest

Every message is encrypted in the database using AES-256-GCM. Even if the database were breached, messages remain unreadable.

HTTPS/TLS in Transit

All messages travel over encrypted HTTPS connections. No plaintext communication at any point.

HIPAA Audit Logging

Every message send, read, and access event is logged with timestamps and user IDs. 7-year retention per HIPAA requirements.

Two-Party Access Control

Only the patient and their connected therapist can see messages. No admin backdoor, no shared inboxes.

EyeRehab implements technical safeguards per 45 CFR 164.312, including access controls, audit controls, integrity controls, and transmission security.

How Messaging Compares to Traditional Communication

MethodHIPAA CompliantAsyncRTM BillablePatient AdoptionAudit Trail
Phone Calls Manual Low
Email / SMS High
Patient Portals Low
EyeRehab Messaging Auto High

What Is Patient-Provider Messaging in Rehabilitation?

Definition

Patient-provider messaging is a HIPAA-compliant asynchronous communication channel between healthcare patients and their treating clinicians, integrated directly into the care delivery platform. Unlike consumer messaging apps (SMS, WhatsApp, iMessage) or email, clinical messaging systems encrypt messages at rest and in transit, maintain access controls limiting visibility to the two parties in the conversation, and log all communication events in HIPAA-compliant audit trails. In rehabilitation settings, this communication channel supports ongoing care coordination between therapy visits without requiring synchronous phone or video calls.

Why Asynchronous Communication Matters in Vestibular Rehab

Vestibular rehabilitation patients perform daily exercises at home and experience symptom fluctuations that do not align with weekly appointment schedules. A patient experiencing increased dizziness after an exercise session needs guidance before their next visit — not in three days. Asynchronous messaging allows patients to send questions when symptoms arise and therapists to respond during designated clinical time, without the scheduling overhead of phone calls or the compliance risk of text messages. Research on patient engagement in chronic conditions shows that accessible communication channels improve treatment adherence and patient satisfaction.

HIPAA Requirements for Clinical Messaging

The HIPAA Security Rule (45 CFR 164.312) requires technical safeguards for electronic protected health information (ePHI). For messaging systems, this includes: encryption of data at rest (EyeRehab uses AES-256-GCM), encryption in transit (HTTPS/TLS), access controls (two-party visibility only), audit controls (timestamped logs of all access events), and integrity controls (tamper detection). Standard SMS and email do not meet these requirements because messages pass through unencrypted third-party servers and may be stored on carrier systems indefinitely. Patient portals typically meet HIPAA requirements but suffer from low patient adoption due to separate login credentials and clunky interfaces.

How Messaging Integrates With RTM Billing

Remote Therapeutic Monitoring (RTM) CPT codes 98980 and 98981 allow rehabilitation professionals to bill for time spent reviewing patient data and managing treatment remotely. When a therapist sends a message through EyeRehab, the system automatically logs 1 minute of professional time toward RTM treatment management, capped at 20 minutes per day per patient. This auto-logging contributes to the monthly time thresholds required for billing: CPT 98980 requires 20 or more minutes per calendar month, while CPT 98981 covers each additional 20-minute block. Note that CMS requires at least one real-time interactive communication (phone or video call) per month — asynchronous messaging alone does not satisfy this requirement but contributes meaningfully to the time component.

Best Practices for Therapists Using Messaging

Set expectations during patient onboarding: messaging is for brief clinical questions and progress updates, not emergencies. Use the mute/snooze feature to batch message responses during designated administrative time rather than responding in real time throughout the day. Enable messaging selectively — start with your most engaged patients and expand as you establish workflow patterns. Review the auto-logged RTM time weekly to ensure you are capturing all billable activity. Remember that messaging is a supplement to, not a replacement for, regular therapy sessions and the required monthly interactive communication.

Frequently Asked Questions About Patient-Provider Messaging

Common questions about secure messaging in EyeRehab

Is patient-provider messaging HIPAA compliant?
Yes. EyeRehab uses AES-256-GCM encryption for all messages at rest, HTTPS/TLS for messages in transit, and maintains HIPAA-compliant audit logs of all communications. Messages are stored in an encrypted database with access limited to the two parties in the conversation. Data retention follows the 7-year HIPAA minimum.
How does messaging affect RTM billing?
When a therapist sends a message through EyeRehab, the time is automatically logged toward Remote Therapeutic Monitoring (RTM) CPT code billing. Each message auto-logs 1 minute of professional time, capped at 20 minutes per day per patient. This time counts toward CPT 98980 (first 20 minutes of treatment management) and 98981 (additional 20-minute blocks). Note that CMS requires at least one real-time interactive communication (phone or video call) per month — asynchronous messaging alone does not satisfy this requirement.
Can I enable messaging for specific patients only?
Yes. Messaging is controlled per patient from the professional portal. You toggle messaging on or off for each connected patient individually. This gives you full control over which patients can message you, and you can disable it at any time.
Can I mute notifications from specific patients?
Yes. You can mute notifications from any patient for 1 hour, 8 hours, 24 hours, or indefinitely. Muting stops push notifications but the patient can still send messages — you simply review them when convenient. The patient is not notified that you have muted their notifications.
What happens to messages if a patient disconnects?
If a patient pauses or disconnects data sharing, existing messages remain in the database per HIPAA retention requirements but no new messages can be sent. Both parties can still view the conversation history for clinical reference. If the patient reconnects, messaging resumes where it left off.
Is there a limit to how many messages patients can send?
There is no hard message limit. However, professionals can mute notifications from any patient to manage their availability. We recommend setting clear communication expectations with patients during onboarding — for example, that messaging is for brief questions and updates, not emergency communication.
How is patient-provider messaging different from texting or email?
Standard SMS and email are not HIPAA compliant — messages pass through unencrypted third-party servers and can be stored on carrier systems indefinitely. EyeRehab messaging is end-to-end within the platform: messages are encrypted at rest (AES-256-GCM), transmitted over HTTPS, logged in HIPAA-compliant audit trails, and subject to data retention policies. Your compliance risk is eliminated.
Do patients need to pay for messaging?
Messaging is available to all patients who are connected to a professional through EyeRehab. The professional enables messaging per patient — there is no additional charge for patients. Professionals need an active EyeRehab subscription to access the pro portal where messaging is managed.

Get Started With Secure Messaging

Start Messaging Your Therapist

Download the app and connect with your therapist.

Start Communicating Securely With Your Patients

HIPAA-compliant messaging built into the vestibular rehabilitation workflow. No separate app, no compliance risk.

Get Started View Pricing
HIPAA Compliant
AES-256 Encrypted
RTM Auto-Logging