Sookasa Provides HIPAA-Compliant, Encrypted Cloud Storage


4-Step Computer Security Upgrade

Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.

Although there are many ways to encrypt your communications, and plenty of storage services that offer HIPAA compliance, most of them come with a price: lack of convenience, and clunkiness. That is probably why a lot of us just end up stashing things in Dropbox. It’s easy and there are apps for any device you might have. On your home computer, you can just drag and drop into Dropbox and it lives forever in the cloud. However, Dropbox certainly isn’t the most secure solution, and is not HIPAA compliant.

Sookasa works with Dropbox and gives you an encrypted (and, if you pay for it, HIPAA- and FERPA-compliant) storage folder. Putting files in Sookasa is as easy as putting them in your Dropbox; it is that ease of use that often gets us to be more aggressive about securing data. There are no extra steps and you do not need to be some sort of Internet-ninja wizard to use the product.

HIPAA, of course, governs the security of health data. Briefly, if you are looking for a HIPAA-compliant data storage service, you need to make sure it can do three things:

  1. The company must be able to sign a Business Associate Agreement (BAA). That BAA is a contract between you, an entity covered by HIPAA, and a business associate (in this case, Sookasa) that will have access to the health information of an individual. That agreement has to memorialize the data protections that are in place.
  2. A HIPAA-compliant provider should also be able to provide you with the results of a third-party audit confirming their HIPAA security compliance.
  3. Finally, a HIPAA-compliant provider should also be able to provide a full HIPAA audit trail that includes all the times a file was accessed or shared and by whom. Sookasa provides this and also adds device protection (where the data on each PC or mobile device is encrypted and can be wiped remotely) and allows you to define a “white list” of employees that are the only individuals allowed to access certain data. Integrating all of this into Dropbox might make it easier for a small- to medium-sized team of lawyers manage secure data without bringing in IT professionals.

There have been ways to store encrypted files within Dropbox for quite some time. Viivo, notably, does a great job creating encrypted folders within Dropbox. If you just want encryption, noncommercial use of Sookasa is free (though you will obviously still need a Dropbox account, paid or otherwise). The paid version of Sookasa is $10 a month (or $100 a year) per user, and Sookasa also offers free mobile apps for iOS and Android. The paid version is what gets you the features that Sookasa hopes makes them stand out: HIPAA and FERPA compliance.1

Sookasa also appears to be the first method that Dropbox has integrated into Dropbox for Business, which handles file sharing for a whole team. Sookasa’s partnership allows you to easily plug your whole office into the higher-security solution Sookasa offers without a clunky person-by-person setup and individually encrypting each laptop or mobile device. It also lets you easily remove someone from the team and deny Dropbox/Sookasa access when a project is finished or when someone is let go.

There are no size restrictions on how much you store in the Sookasa folder, so in theory you can encrypt everything in your Dropbox. According to Sookasa, most people do not end up doing so, but instead use Sookasa to segregate confidential business data within Dropbox. (Your cat pictures are probably just fine in your regular Dropbox in other words.)

If you share data with clients regularly, Sookasa offers a secure upload feature. This allows you to exchange documents with a client via a secure portal rather than using email — which we know is much less secure than we would like it to be. That method, however, does require your client to have a Sookasa account, although they can just use the free noncommercial version. If you would like to share something with a client without asking them to sign up for the service, you can share a link the same way you would in Dropbox, but it won’t retain the same level of security.

If you are a solo or small firm that needs to easily manage secure healthcare data while being on the go, Sookasa may be a great solution for your practice.

  1. The Family Education Rights and Privacy Act governs student personal data (like grades) and forbids disclosure to an unauthorized party. Schools (or other entities that hold student data) can be held liable for a data breach in the event that data is disclosed. Functionally, if a provider is HIPAA-compliant, they will be FERPA-compliant by default as that standard is lower. 


Get Lawyerist in Your Inbox, Daily

Current Articles
Current Lab Discussions
  • Robert Stillman

    I definitely don’t think using Dropbox for HIPAA Compliance. We use Logicworks HIPAA compliant cloud storage. Logicworks is not only reliable and secure but will meet your HIPAA compliance needs. You can check them out at

  • I’ve been using Viivo for a while to encrypt files within Dropbox. It’s simple and works great. After reading your review, I figured I would give Sookasa a try. I have a complaint. When you sign up for Sookasa, it adds a Files Delivered to Sam folder that you cannot remove (it is recreated if you try to delete it). So whether you use it or not (and I will never use it because nobody will ever send me files through Sookasa), you have to see it. It’s like Windows software that’s always dropping icons on the desktop whether you want it or not. Or apps connected to Dropbox that use their own sync folder without letting you choose where it goes (looking at you, TextExpander).

    It’s a small annoyance, but it was enough for me to contact Sookasa support to deactivate my account (another annoyance: let me delete — not deactivate — my account myself instead of making me contact support) roughly 2 minutes after setting up my Sookasa account. I’m perfectly happy with Viivo, and I’ll stick with it.

  • Chelsea

    Hi Sam, We put the folder there to avoid confusion—many of our users do receive files directly from clients and patients who don’t have Sookasa or Dropbox. Viivo doesn’t offer this feature. We appreciate your feedback about having the ability to delete the folder. Viivo also doesn’t encrypt on devices, which poses a potential security concern for our customers who have deep security or compliance needs. Please let us know if you have additional feedback:

  • Ani


    I cannot warn users more strongly away from Sookasa. Based on this Lawyerist article, I installed their program a month ago. Prior to then, I had been using Dropbox (with Carbonite providing extra back-up) for years with absolutely no incident. I’ve never had a computer crash, or lost a file through tech complications, in my life. Literally.

    Since installing Sookasa, I have had hundreds if not thousands of files go inexplicably missing. Obviously deleted, somehow, and not by me, as the deletions happened at a time when I didn’t have access to my computer and was disconnected from all tech on vacation. I have lost dozens of hours trying to work with Celia Wong of Sookasa’s team to restore my lost files, to no avail. Their engineering team has never been able to figure out how or why my files went missing.

    Now that I’m trying to get all of my files out of Sookasa, to protect them, and following by the letter the instructions Celia gave me, my files are toggling between encrypted and unencrypted and are literally unusable. I’m waiting for Celia’s call as I type this. Complete nightmare.

    • Ani

      I just want to add to the above that Celia Wong made a HUGE EFFORT to help me, so this is no criticism of her. She was super fast to reply to me and always responsive and courteous. The software was just a complete and irreparable disaster-nightmare.