Privacy Please - PPS Impact Magazine

Sookasa—finally, a way to make Dropbox HIPAA-compliant.

By Brent Applebaum, PT

Dropbox has made it possible to share patient information securely with my staff of physical therapists and my home care agency clients. However, it was not compliant with Health Insurance Portability and Accountability Act (HIPAA) rules, which put me at risk for a HIPAA violation. I found a solution that solves that problem. One of my longstanding challenges as the owner of a physical therapy center is how difficult it is to quickly and easily share patient files with clients and contractors in a secure way.

At my practice, nine physical therapists provide care to hundreds of patients for the 30 home health care agencies. Every time one of the physical therapists conducts a home visit, I need to provide a report back to the home health agency (HHA). However, because these reports contain patient data, I have to transmit them in a way that is compliant with HIPAA.

Each of these agencies has its own electronic medical records (EMR) system, making it nearly impossible to try to interact with all 30. My only other option, for a period, was to fax the records to each agency, which was time-consuming and expensive. I quickly realized that a cloud-based file-sharing service, such as Dropbox, could solve my problems, allowing my contractors to instantly share files from their personal devices with the home health care agencies.

After some research, I discovered Sookasa (www.Sookasa.com), a software product specifically designed to make Dropbox HIPAA-compliant, whether we are sharing or storing patient records. Now, after four months using Sookasa, I have transformed the way we share patient files at my practice.

Sookasa works by encrypting Dropbox files even after they have been shared and downloaded onto a new device. When one of my physical therapists submits a report to a home health care agency, only authorized users can open that report. Without Sookasa, if any of our physical therapists would have accidentally lost or misplaced their mobile device, it would have been a HIPAA breach. With Sookasa, this is no longer a concern.

Sookasa audits files, allowing me to see who has viewed or made changes to any of the reports. The product also allows me to control access to the files, so if a physical therapist leaves my practice, I can remotely revoke access to the patient files stored on their device.

One thing I like about Sookasa is how easy it is to use. When one of my physical therapists completes a home visit, the patient notes are instantly synchronized with both my practice and the relevant home health care agency. There is no new system to learn, and Ido not have to bring in technical support to make sure it works. I also like that Sookasa can be used with any mobile device so my physical therapists can work on their own laptops or tablets, and I do not need to provide each of them with an expensive device.

The sole drawback to Sookasa is that it only works with Dropbox, so you cannot use it to encrypt files with a different file-sharing service.

Brent S. Applebaum, PT, is a PPS member and the founder of the Bexley Physical Therapy Center in Columbus, Ohio. He can be reached at Brent@bexleyphysicaltherapy.com.