Although there are many ways to encrypt your communications, and plenty of storage services that offer HIPAA compliance, most of them come with a price: lack of convenience, and clunkiness. That is probably why a lot of us just end up stashing things in Dropbox. It’s easy and there are apps for any device you might have. On your home computer, you can just drag and drop into Dropbox and it lives forever in the cloud. However, Dropbox certainly isn’t the most secure solution, and is not HIPAA compliant.

Sookasa works with Dropbox and gives you an encrypted (and, if you pay for it, HIPAA- and FERPA-compliant) storage folder. Putting files in Sookasa is as easy as putting them in your Dropbox; it is that ease of use that often gets us to be more aggressive about securing data. There are no extra steps and you do not need to be some sort of Internet-ninja wizard to use the product.

HIPAA, of course, governs the security of health data. Briefly, if you are looking for a HIPAA-compliant data storage service, you need to make sure it can do three things:

  1. The company must be able to sign a Business Associate Agreement (BAA). That BAA is a contract between you, an entity covered by HIPAA, and a business associate (in this case, Sookasa) that will have access to the health information of an individual. That agreement has to memorialize the data protections that are in place.
  2. A HIPAA-compliant provider should also be able to provide you with the results of a third-party audit confirming their HIPAA security compliance.
  3. Finally, a HIPAA-compliant provider should also be able to provide a full HIPAA audit trail that includes all the times a file was accessed or shared and by whom. Sookasa provides this and also adds device protection (where the data on each PC or mobile device is encrypted and can be wiped remotely) and allows you to define a “white list” of employees that are the only individuals allowed to access certain data. Integrating all of this into Dropbox might make it easier for a small- to medium-sized team of lawyers manage secure data without bringing in IT professionals.

There have been ways to store encrypted files within Dropbox for quite some time. Viivo, notably, does a great job creating encrypted folders within Dropbox. If you just want encryption, noncommercial use of Sookasa is free (though you will obviously still need a Dropbox account, paid or otherwise). The paid version of Sookasa is $10 a month (or $100 a year) per user, and Sookasa also offers free mobile apps for iOS and Android. The paid version is what gets you the features that Sookasa hopes makes them stand out: HIPAA and FERPA compliance.1

Sookasa also appears to be the first method that Dropbox has integrated into Dropbox for Business, which handles file sharing for a whole team. Sookasa’s partnership allows you to easily plug your whole office into the higher-security solution Sookasa offers without a clunky person-by-person setup and individually encrypting each laptop or mobile device. It also lets you easily remove someone from the team and deny Dropbox/Sookasa access when a project is finished or when someone is let go.

There are no size restrictions on how much you store in the Sookasa folder, so in theory you can encrypt everything in your Dropbox. According to Sookasa, most people do not end up doing so, but instead use Sookasa to segregate confidential business data within Dropbox. (Your cat pictures are probably just fine in your regular Dropbox in other words.)

If you share data with clients regularly, Sookasa offers a secure upload feature. This allows you to exchange documents with a client via a secure portal rather than using email — which we know is much less secure than we would like it to be. That method, however, does require your client to have a Sookasa account, although they can just use the free noncommercial version. If you would like to share something with a client without asking them to sign up for the service, you can share a link the same way you would in Dropbox, but it won’t retain the same level of security.

If you are a solo or small firm that needs to easily manage secure healthcare data while being on the go, Sookasa may be a great solution for your practice.


  1. The Family Education Rights and Privacy Act governs student personal data (like grades) and forbids disclosure to an unauthorized party. Schools (or other entities that hold student data) can be held liable for a data breach in the event that data is disclosed. Functionally, if a provider is HIPAA-compliant, they will be FERPA-compliant by default as that standard is lower.