The public KoboToolbox servers were not designed with the specific
requirements of HIPAA in mind and, as such, carry no guarantee of HIPAA
compliance. HIPAA rules cover how servers store and transfer different kinds of
data, what kinds of logs need to be kept at what level, as well as legal
agreements, insurance requirements, and specific business rules that have to be
put in place and monitored to ensure compliance.
We do not yet have plans to redesign the infrastructure of these public
instances in accordance with the specific security protocols of HIPAA. Anyone
willing to operate
their own, private instance of KoboToolbox could do so
in a HIPAA compliant way, for example by contracting with a hosting company that
specializes in HIPAA compliance.
Was this article useful?
Did you find what you were looking for? Was the information clear? Was anything missing? Share your feedback to help us improve this article!