Hexagon Aura Reality AG is committed to protecting patient data and supporting our healthcare partners with a secure, compliant platform.

The Aura 3D Imaging application stores digital images within electronic records that typically include PHI (such as patient names and identifiable facial images). Under the HIPAA Privacy Rule, healthcare clinics must ensure that staff access, use, and disclose PHI only to the minimum necessary extent required for their responsibilities. Clinics are also expected to put measures in place to prevent any incidental disclosure of PHI to individuals who do not have a legitimate need to access it.

Hexagon Aura Reality AG complies with the safeguards required under the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules. These include strong encryption, role-based access controls, audit logging, and documented incident response procedures.

When providing technical support for the imaging application, Aura Reality technicians may require access to your image database. In accordance with the HIPAA Privacy Rule, a signed Business Associate Agreement (BAA) must be in place before such access is granted. Hexagon Aura Reality AG can provide a contract template upon request. All Aura Reality staff are trained in HIPAA requirements and follow strict “minimum necessary” access principles when handling customer data.

Hexagon Aura Reality AG provides a secure, trusted environment for managing PHI while enabling seamless clinical workflows.

Hexagon | Aura Reality AG, 19 February 2026