Operations
Team Messaging & Reminders
Team Messaging & Reminders is Coralia's communication module for ABA (Applied Behavior Analysis) agencies: encrypted internal chat with an auto-assembling care-team thread for each client, audience-enforced announcements, and a 75-event notification dispatcher that reaches staff in-app and by email, alongside browser push for chat and WhatsApp reminders — with external payloads kept free of protected health information (PHI).
The problem in real agencies
An ABA agency's day runs on fast handoffs between people who are rarely in the same building: an RBT (registered behavior technician) in a client's home, a BCBA (Board Certified Behavior Analyst) covering supervision across sites, a billing coordinator chasing a corrected note before a claim files. Without a sanctioned channel, that traffic moves to personal text threads and consumer group chats — where client names, schedules, and session details travel outside any encryption policy, any audit trail, and the agency's tenant boundary.
The reminder problem is just as concrete. Authorizations expire, staff credentials lapse, session notes sit unsigned, payers deny claims — each on its own clock, each in a different report someone has to remember to open. And when software does notify, it usually notifies about everything at once: a badge frozen at 99+ trains staff to ignore it, and the one item that matters this morning — an expiring background check, a denial with an appeal window — drowns in automated noise.
Off-platform nudges carry the same trap. A text saying a client's Tuesday session moved reaches the RBT instantly — and puts protected health information (PHI) on a consumer messaging app with no delivery log. Agencies need reminders that reach staff on their phones without carrying client information, plus a record of whether each one actually arrived.
How it works in Coralia
- 1
Encrypted staff chat, scoped to your agency
Staff send one-to-one direct messages to any teammate — a pair of users always resolves to exactly one conversation, and the recipient must be staff in the same agency, enforced server-side. Named group chats are created with up to 50 invited teammates at a time, and more can be added later; any member can rename the group or add people, only the creator can remove someone, and anyone can leave. Message bodies (up to 5,000 characters) and attachment filenames are stored encrypted with AES-256-GCM (Advanced Encryption Standard in Galois/Counter Mode), and attachments stream only through a proxy that checks conversation membership — raw storage URLs never reach the browser.
- 2
One care-team thread per client, assembled from case assignments
Every client gets one care-team thread that assembles itself: each staff member with an active case assignment, plus named supervisors, is seeded as a participant when the thread is created and re-synced every time it opens — a newly assigned RBT joins automatically, with no one maintaining a member list by hand. Opening the thread requires the clients-view permission plus access to that specific client. Pasted links to clients, assessments, progress reports, and staff profiles render as context cards, with client and staff names resolved only after a tenant and access check.
- 3
Realtime that carries no content
The realtime relay carries only content-free signals — that something changed in a given conversation, plus ephemeral typing and presence cues; message bodies are always fetched from Coralia's own API under the user's authenticated session. If the relay is unconfigured or unavailable, conversations still refresh within about 10 seconds by polling. Chat shows read receipts ('Seen' in direct messages, 'Seen by N' in groups), typing indicators, online presence, and last-seen timestamps. Browser push notifications name the sender and say 'Sent you a message' — never message text, client names, or filenames.
- 4
Announcements with server-enforced audiences
Staff with the announcements permission post to the whole agency, to specific roles, or to specific people, at four priority levels: info, warning, urgent, celebration. Visibility is enforced on the server — role-targeted posts match the viewer's role category, and client-linked posts are visible only to staff with an active case assignment to that client. The personal badge counts only what is directed at you; agency-wide automated output from monitoring and the Coralia Brain lands in a separate agency-updates lane, grouped into plain-language topics like staff credentials, authorizations, and unsigned session notes.
- 5
One dispatcher behind every reminder
Every system reminder flows through a single dispatcher with a catalog of 75 event types across seven categories: billing, clinical, compliance, operations, people, system, tasks. Each event declares a severity, a default audience, and a message template — about half also declare a deduplication window; unknown events are refused. The dispatcher rate-limits each user (default 40 deliveries per hour), suppresses duplicates, and honors per-user quiet hours (default 9:00 PM to 8:00 AM, timezone-aware) — non-critical email holds while the silent in-app badge still updates, and critical events always deliver. Emails stay deliberately generic: a category and a sign-in link, never event content.
- 6
WhatsApp nudges without client information
Administrators with the settings-edit permission send WhatsApp messages as pre-approved templates — including a session reminder and a timesheet reminder — or as free text. Templates carry no client information; they direct the recipient to open Coralia for the details. Every message is logged and tracked through five delivery statuses (pending, sent, delivered, read, failed) and updated by a signature-verified webhook.
The specifics
Message bodies up to 5,000 characters and attachment filenames are stored encrypted with AES-256-GCM; attachments stream only through a membership-checked proxy.
Group chats are created with up to 50 invited members at a time (plus more in later batches); any member can rename the group or add people, only the creator can remove a member.
Each message supports quote-replies, up to 50 @mentions, up to 10 file attachments, sender-only editing with an 'edited' stamp, and a 36-emoji reaction palette.
The notification catalog defines 75 event types across 7 categories, each with a declared severity, default audience, and message template; time-sensitive events also declare a deduplication window.
Per-user notification delivery is rate-limited to 40 per hour by default, with duplicate events suppressed inside each event's deduplication window.
Quiet hours default to 9:00 PM–8:00 AM in the user's timezone; non-critical email holds, the silent in-app badge still updates, and critical events always deliver.
In-app notifications expire automatically by priority: informational items after 48 hours, warnings after 7 days, urgent items after 14 days.
WhatsApp messages carry 5 tracked delivery statuses — pending, sent, delivered, read, failed — updated by a signature-verified webhook.
The agency-updates lane groups automated alerts into 18 plain-language topics, including staff credentials, authorizations, billing and claims, and unsigned session notes.
If the realtime relay is unavailable, conversations still refresh within about 10 seconds through a polling fallback.
Integrations
WhatsApp Business Cloud API — pre-approved templates and free text, with per-message delivery tracking via a signature-verified webhook · Web Push browser notifications — payloads name the sender only, never message content or client names · Email — deliberately generic notification bodies with a sign-in link; event content is never rendered into an email
Access control
Posting announcements requires the announcements-create permission, and sending WhatsApp messages requires settings-edit. Chat itself is membership-gated rather than permission-gated — any authenticated staff member can message teammates, but reading a conversation requires being a participant (checked on the server on every read and send), and opening a client's care-team thread additionally requires the clients-view permission plus access to that specific client.
Frequently asked questions
Is Coralia's team chat built for HIPAA compliance?
It is designed so protected health information (PHI) stays inside the authenticated app. Message bodies and attachment filenames are encrypted at rest with AES-256-GCM, realtime signals carry no content, browser push payloads never include message text or client names, and attachments are served only through a proxy that verifies conversation membership. Every conversation is scoped to a single agency tenant.
How does Coralia keep the notification badge meaningful?
Two lanes. The personal badge counts only items aimed at you — announcements to your role or to you by name, plus posts a person addresses to the whole agency. Agency-wide automated output from monitoring jobs lands in a separate agency-updates lane, grouped into 18 plain-language topics such as authorizations, billing and claims, and unsigned session notes. Underneath, the dispatcher deduplicates repeat events, rate-limits each user to 40 deliveries per hour by default, and holds non-critical email during quiet hours.
Can Coralia send session or timesheet reminders over WhatsApp?
Administrators with the settings-edit permission can send pre-approved WhatsApp templates, including a session reminder and a timesheet reminder. Templates carry no client information — they prompt the recipient to open Coralia for details. Each message is logged with delivery tracking through five statuses (pending, sent, delivered, read, failed), updated by a signature-verified webhook from the WhatsApp Business platform.
Who can read staff conversations?
Only participants — membership is checked on the server on every read and send. Separately, exactly one owner account can be designated, configured at the deployment level rather than through any role or permission, with read-only oversight access to staff conversations; every such access is written to the audit log, anyone else receives a not-found response, and the capability is off entirely when no account is designated.
What happens when an RBT is newly assigned to a client?
The client's care-team thread re-syncs its membership every time it opens, so a staff member with a new active case assignment joins automatically — no one maintains the member list by hand. Opening the thread still requires the clients-view permission plus access to that specific client, so staff without access to that client cannot browse into it.