Hi @laurenms,
KoBo use Amazon Web Services, which by itself is not HIPAA compliant. However, you could contract a hosting company specialized in HIPAA and run KoBoToolbox on their servers. We know that using this level of security is very important to some users, but at the moment we don’t have plans (yet) to move to this level of security, which comes with a very substantial cost increase. To learn more about hosting on AWS while being HIPAA and HITECH compliant, see http://aws.amazon.com/compliance/#hipaa
We are currently putting together a HIPAA compliance help article to make this more clear.
