Dear community,
I can see, KoboToolbox is not HIPAA compliant as such, however, KoBo uses Amazon Web Services, and when reading the article here on KoBo about HIPAA, they link to Amazon, and on that page on Amazon, it says Amazon Web Services is HIPAA compliant. So I am confused. Can you help me?
Best
Stina
Welcome to the community, @stinagopen! Maybe these post discussed previously should answer your query:
And this one too…
Thanks @Kal_Lam but I dont really get the info I need from these previous answers. I dont understand, why you say Amazon Web Service is not HIPAA compliant, when their website says they are. If you click the link, Kobotoolbox is pointing to on the website (HIPAA Compliance — KoBoToolbox documentation) there is another link to Amazone Web Service (HIPAA Compliance - Amazon Web Services (AWS)) it says in this link, that Amazon Web Service is HIPAA compliant. That is why I fail to understand, why Kobotoolbox is not, since I assume, you are using them for the hosting or? We need to use some kind of set up where we are HIPAA compliant for doing a survey and collecting data, And we are eager to see, how we can use Kobotoolbox and still be compliant - so how is that done?
Hi @stinagopen, HIPAA compliance requires more than just the server to fulfill requirements, it extends to how the server stores and transfers different kinds of data, what kinds of logs need to be kept at what level, etc. Beyond technical requirements of the server and software there are also legal agreements, insurance requirements, and specific business rules that have to be put in place and monitored to ensure compliance.
The old text about AWS’s HIPAA compliance were confusing; thanks for pointing it out. The support article has been updated.
Please get in touch directly if you want to discuss how to help you get HIPAA support for your work when using KoBoToolbox. 
@tinok thanks for your reply, very helpful. I will be getting in touch directly as suggested to get help on how to get HIPAA support for our work using KoBoToolbox.
