REQUEST A DEMO
Visiting from Canada? Please click here for more information
800.448.6975
REQUEST A DEMO
SOC 2 Type II Certified Healthcare Software - A-LIGN Drummond Certified ONC Health IT EHR Drummond Certified EPCS Prescriber 2025 Surescripts Certified ePrescribing Network

Security & Compliance

Sigmund Software is committed to the highest standards of security, privacy, and interoperability in behavioral health technology. Aura EHR is built on a foundation of trust, with independently verified certifications and compliance programs that meet the rigorous requirements of healthcare organizations nationwide. Sigmund Software is SOC 2 Type II Compliant, Drummond ONC Health IT certified, Surescripts certified, and maintains HIPAA-compliant infrastructure for behavioral health organizations.

Our Certifications & Compliance Programs

  • SOC 2 Type II Compliant — Independent security audit verification
  • Drummond ONC Health IT Certification — Certified EHR technology
  • Surescripts Certified — Electronic prescribing network participant
  • ONC Certified Electronic Health Record Technology (CEHRT)
  • HIPAA Compliant Infrastructure — Administrative, technical, and physical safeguards

SOC 2 Type II Compliant

Sigmund Software has successfully completed a SOC 2 Type II audit conducted by an independent third-party auditor. This certification verifies the effectiveness of our controls over an extended observation period, covering:
  • Security — Protection against unauthorized access to systems and data
  • Availability — Systems are operational and accessible as committed
  • Confidentiality — Information designated as confidential is protected
  • Processing Integrity — System processing is complete, valid, accurate, and timely
  • HIPAA Compliance – Verifies we follow HIPAA practices
SOC 2 Type II is the gold standard for SaaS security assurance. Unlike Type I (point-in-time), Type II evaluates controls over a sustained period, demonstrating ongoing operational effectiveness.

Drummond ONC Health IT Certification

Aura EHR is certified by Drummond Group, an Authorized Testing and Certification Body (ATCB) recognized by the Office of the National Coordinator for Health Information Technology (ONC). This certification confirms that Aura EHR meets federal standards for:
  • Clinical quality measures and reporting
  • Interoperability and data exchange
  • Privacy and security requirements
  • Patient engagement capabilities
Drummond certification is required for EHR systems participating in CMS quality programs and ensures compliance with the 21st Century Cures Act interoperability requirements.

Surescripts Certification

Sigmund Software is a certified Surescripts network participant, enabling secure and compliant electronic prescribing through Aura EHR. Surescripts certification ensures:
  • Secure electronic transmission of prescriptions (NewRx)
  • Medication history retrieval for clinical decision support
  • Prescription benefit and formulary checking
  • EPCS (Electronic Prescribing for Controlled Substances) compliance
As a certified Surescripts participant, Sigmund Software connects providers to the nation’s largest e-prescribing network, covering virtually all pharmacies in the United States.

ONC Certified EHR Technology (CEHRT)

Aura EHR holds ONC Certification as a Complete EHR, meeting the criteria established by the Office of the National Coordinator for Health IT. CEHRT designation confirms compliance with:
  • Meaningful Use / Promoting Interoperability program requirements
  • Clinical decision support standards
  • Certified health data exchange formats (C-CDA, FHIR)
  • Patient access and data portability requirements
View our certification on the ONC Certified Health IT Product List (CHPL): CHPL Listing #11796

HIPAA Compliance

Sigmund Software maintains comprehensive HIPAA compliance across all operations. Our HIPAA program includes:
  • Administrative Safeguards — Workforce training, access management policies, incident response procedures
  • Technical Safeguards — Encryption at rest and in transit, access controls, audit logging, automatic session management
  • Physical Safeguards — Managed hosting in SOC-certified data centers with physical access controls
  • Business Associate Agreements — BAAs with all subcontractors and service providers handling PHI
Sigmund’s continuous HIPAA compliance is verified as part of its comprehensive SOC 2 Type II audits

Infrastructure & Hosting Security

Aura EHR is hosted on enterprise-grade managed infrastructure powered by Switch — The AI, Cloud & Enterprise Data Center Experts:
  • Switch data centers with SOC-certified, redundant power, cooling, and connectivity
  • 24/7 infrastructure monitoring and incident response
  • Regular vulnerability scanning and penetration testing
  • Encrypted backups with tested disaster recovery procedures
  • Role-based access controls and multi-factor authentication

AI Security & Privacy

Sigmund Software integrates AI capabilities into Aura EHR with strict privacy and security controls:
  • No patient data is used to train AI models
  • All AI processing uses HIPAA-compliant, BAA-covered infrastructure
  • AI-generated content is clearly identified and subject to clinical review
  • Organizations maintain full control over AI feature enablement

Questions About Our Security & Compliance?

Healthcare organizations evaluating Aura EHR can request our SOC 2 Type II report, certification documentation, or schedule a security review with our team. Contact Us to learn more about our security and compliance programs.