Security, privacy, and compliance
Sigmund is built by clinicians and deployed in an actual psychiatric practice. The bar we hold for handling protected health information is the same bar we hold for our own clinic's chart room. This page lays out, in plain language, how Sigmund treats patient data.
Most clinicians and IT directors ask the same four questions first. Will you sign a Business Associate Agreement? Yes. Is PHI encrypted in transit and at rest? Yes. Is our patient data used to train models? No. Do you have a written incident response plan? Yes. The rest of this page expands on each and names what is in place today. This work happens under the umbrella of the Sultan Lab for Mental Health Informatics at Columbia University Irving Medical Center.
Start with the obvious: everything Sigmund touches is HIPAA-compliant — every server, every environment. But compliance is the floor, not the ceiling. The dominant breach surface in any compliant system is data in motion: every time PHI crosses from one environment into another — even between two HIPAA-compliant environments under signed BAAs — that boundary is the risk. Sigmund is built to remove it. Sigmund runs inside your institution's own environment, minimizes how often and how much data moves, and de-identifies whatever must move — so identifiable PHI never has to cross into a new system at all. That is a stronger privacy posture than any scribe that ships patient data out to a vendor cloud.
Sigmund operates as a Business Associate to HIPAA-covered entities. A Business Associate Agreement is available to every customer that handles PHI, and we sign one before any production data flows into the system. The BAA defines the permitted uses and disclosures of PHI, the required safeguards, the audit and reporting obligations, and the procedures for termination and return or destruction of data.
Inside Sigmund, access to PHI follows the HIPAA minimum-necessary principle. Customer data is logically segmented per covered entity, so one clinic's records are never accessible to another customer. Access to production systems is restricted to a narrow set of authorized personnel, and every read or write to PHI is recorded in tamper-evident audit logs that are retained for compliance review. In the event of a suspected breach, Sigmund follows the notification timing required by the HIPAA Breach Notification Rule.
To request a BAA, contact us via the waitlist and note "BAA request" in the Additional info field.
All network traffic to and from Sigmund is encrypted in transit using TLS 1.2 or higher, with modern cipher suites. PHI at rest is encrypted using AES-256. No PHI is stored unencrypted at any layer of the stack — application database, object storage, backups, and log stores all sit behind encryption at rest. Encryption keys are managed through a dedicated key management service rather than embedded in application code, with separation of duties between the engineers who operate the application and the personnel authorized to manage key material.
This commitment is short on purpose. Customer PHI is not used to train Sigmund's models. Customer PHI is not used to fine-tune Sigmund's models. Customer PHI is not used to evaluate Sigmund's models in any way that would persist patient-identifiable content beyond the customer's own environment.
Sigmund's inference is local. Every model — including the reasoning models — runs on Sigmund-controlled infrastructure, and PHI is never sent to a third-party LLM or external AI service. There is no OpenAI in the loop, no frontier-model API call, no de-identified egress to an outside model. Your patients' data does not leave for any model, for any reason. This design protects patient privacy and removes the surface where large corporate AI vendors could hold leverage over a clinic's data.
Sigmund uses a small number of third-party services to operate. These typically include a cloud hosting provider, error monitoring, transactional email, and product analytics. Model inference is performed locally and is not outsourced to any third-party LLM provider. Each subprocessor that processes PHI is bound by a Business Associate Agreement before any PHI is shared with them.
A current subprocessor list — naming each vendor and the category of data they process — is available on request and is provided to customers as part of the BAA package. Sigmund commits to notifying customers in advance of material changes to the subprocessor list, so a covered entity always has visibility into who is processing its data.
Internal access to systems that process PHI is granted on a need-to-know basis and is revoked when no longer required. Engineer access to production environments is limited to a small set of authorized personnel and is logged at the request level, so every action against patient data has an audit trail.
Customer-facing accounts use industry-standard authentication, with password complexity requirements, multi-factor authentication, and protection against credential stuffing. SSO / SAML is available for enterprise customers, so practices can attach Sigmund to their existing identity provider and inherit central provisioning and deprovisioning. Sessions have inactivity timeouts and automatic logout, so an unattended workstation does not become an open door to the chart. Role-based permissions inside each customer tenant let practice administrators control which clinicians and staff can view which records.
Sigmund runs inside the covered entity's own HIPAA-compliant environment — on the institution's own infrastructure, where the data already lives. It runs today inside Integrative Psychiatry Manhattan, and is built to deploy inside academic health systems of the Columbia University Irving Medical Center / NewYork-Presbyterian class. Identifiable PHI never has to leave that environment. Where an institution opts into de-identified-only egress, that de-identified data and any application data reside entirely within US regions — compute, storage, and backups all sit inside the United States, and data does not transit non-US regions in the normal course of operation.
Retention follows customer-configured policies. The default is aligned with the medical-record retention windows that covered entities are already required to maintain under HIPAA and state law. Customers may shorten retention by policy, request a bulk export of their data, or request deletion at any time during the contract term or upon termination, in the manner specified in the BAA.
Sigmund maintains a written incident response plan that defines how suspected security or privacy events are detected, escalated, investigated, contained, and communicated. A suspected breach triggers an investigation within 24 hours of detection, with a designated incident lead and a written record of the timeline, scope, and remediation steps.
Where an investigation determines that a reportable breach of unsecured PHI has occurred, affected customers are notified within the 60-day window required by the HIPAA Breach Notification Rule, and faster when the facts are clear sooner. The standing point of contact for security and privacy questions is the founder, reachable through the waitlist contact form (note "Security" in Additional info).
Sigmund is investigational. He is decision support — he assists, and he does not replace, the clinician's judgment. Sigmund is not currently a regulated medical device under FDA's framework. Decisions about diagnosis, prescribing, treatment selection, and risk management remain with the licensed clinician who signs the note. The signature line stays empty until the clinician completes it. Validation and prospective evaluation are ongoing through the Sultan Lab and partner sites including New York State Psychiatric Institute and Integrative Psychiatry Manhattan.
If you have discovered a vulnerability in Sigmund, or have a privacy concern about how data is handled, submit through the waitlist contact form with "Vulnerability report" in the Additional info field. Include a brief description of the issue and, where applicable, steps to reproduce. Sigmund commits to acknowledging every good-faith report within two business days.
This page reflects how Sigmund handles customer data today and will be expanded as the product matures — including independent attestations and additional controls as they come online. For the people behind the work and how to reach us, see the founder note or join the waitlist.
Built at
