Last updated 7/21/2020
Consider Security and Privacy When Choosing Research Tools
Tufts Technology Support (TTS) strives to support researchers in choosing tools and data handling processes that will meet both the researcher’s desired work processes and the various in-scope security and privacy requirements. These requirements may arise from funding or data contracts, from regulations that cover specific types of data (e.g., HIPAA, GDPR (EU Data Privacy), state privacy laws, other regulations that protect personally identifiable information, etc.), and general security and privacy best practices.
The information on this webpage supports researchers by providing both a list of tools and services TTS has reviewed for use in research studies and the information needed to easily request a review of a tool or service. Ideally, researchers are encouraged to use already vetted tools and services.
Important Disclaimers and Requirements:
- This document is a work-in-progress. Over time, the Office of Information Security and Research Technologies in TTS will continue to update this page.
- Just because a tool or service is listed does not mean that TTS provides technical support or advice on how to use the tool or service.
- Institutional Review Boards (IRBs) are required to consider privacy and confidentiality protections when they review studies, even if the study is determined to be exempt. Many of our reviews have been for researchers doing human subject research.
- If your research does not involve personal information, it is still very important that you consider carefully what IT tools to use. Choosing tools that have been vetted for security will help protect your study’s data.
List of Reviewed Tools and Services
TTS has reviewed the following list of tools and services for use in research studies.
Please read the notes in the table carefully as:
- Not every tool or service that is listed is approved for all types of data.
- Several tools and services require that you follow specific practices.
- There may be additional funding and contract considerations. It is important that you review your funding documentation for any limitations on how your research works with data.
Request a Review
The process to request a review of tools and data handling includes two components:
- Email the Information Security Team to request a review of tools and data handling.
- Provide the information below about your research by including it in your email (in step 1) or by completing this Qualtrics survey.
- How best to contact you
- A brief description of your research
- What types of data you will be handling
- The data subjects
- A description of your research data handling processes
- The IT tools your research will you using
- For the tool you would like reviewed
- The tool name and website
- Why you selected the particular tool
- A copy of your research protocol, if drafted
- Where your study is in the research proposal timeline, including whether a submission has been or will be made to an IRB
- Any data handling requirements from funders
- Any additional information you care to share.
Security reviews are done for tools and services when a third party is processing the data, including tools and services that store data in the cloud or vendors that provide software as a service. If the software you are using will be downloaded on a Tufts device and the data will not be transferred outside of Tufts, then a security review of the software's vendor will not be required. However, a review of the study's data handling practices and procedures may still be appropriate.
Other Sources of Tools and Services at Tufts
In addition to the Tools & Services List, Tufts University offers a wide range of technology available to researchers on the following websites.
- Data Management Plan - Office of the Vice Provost for Research (OVPR)
- TTS Research Technology
- Tufts Data Lab
- Research Technologies Bioinformatics
- Digital Humanities
- Data Storage for Research
- High Performance Computing
- AccessTufts Software and Apps. Select Research in search filter.
- Research Technology Consulting Services
Other Resources for How to Work with your Research Data Securely
- IT Policies & Guidelines
- Data Security & Privacy
- Securing Your Research and Data
- Securing Devices
- Information Security Consulting Advice
- Health Sciences IRB Confidentiality and Data Security Guidelines for Electronic Research Data
- Working Remotely
- Security Practices for Tufts Restricted Data, which includes human subject research data subject to the Common Rule and all other data that is subject to any regulatory requirements:
- An online learning module on basic security practices: Stepping up your Game – 10 Key Strategies for Protecting Tufts Most Sensitive Information, available in the Tufts Learning Center
- Restricted Data Handling Guidelines
- Quick Guide
Special Note for Researchers whose Study will include Data from the European Economic Area (EEA)
Researchers engaged in human subject research that involves any of the countries in the EEA are asked to review the information at: GDPR and Research.