Research Tools: Security and Privacy

Last updated 7/21/2020

Consider Security and Privacy When Choosing Research Tools

Tufts Technology Support (TTS) strives to support researchers in choosing tools and data handling processes that will meet both the researcher’s desired work processes and the various in-scope security and privacy requirements.  These requirements may arise from funding or data contracts, from regulations that cover specific types of data (e.g., HIPAA, GDPR (EU Data Privacy), state privacy laws, other regulations that protect personally identifiable information, etc.), and general security and privacy best practices.

The information on this webpage supports researchers by providing both a list of tools and services TTS has reviewed for use in research studies and the information needed to easily request a review of a tool or service. Ideally, researchers are encouraged to use already vetted tools and services.

Important Disclaimers and Requirements:

  • This document is a work-in-progress. Over time, the Office of Information Security and Research Technologies in TTS will continue to update this page.
  • Just because a tool or service is listed does not mean that TTS provides technical support or advice on how to use the tool or service.
  • Institutional Review Boards (IRBs) are required to consider privacy and confidentiality protections when they review studies, even if the study is determined to be exempt. Many of our reviews have been for researchers doing human subject research.
  • If your research does not involve personal information, it is still very important that you consider carefully what IT tools to use. Choosing tools that have been vetted for security will help protect your study’s data.

List of Reviewed Tools and Services

TTS has reviewed the following list of tools and services for use in research studies.

See and download the full table of tools and services. 

Please read the notes in the table carefully as:

  • Not every tool or service that is listed is approved for all types of data.
  • Several tools and services require that you follow specific practices.
  • There may be additional funding and contract considerations. It is important that you review your funding documentation for any limitations on how your research works with data.

Request a Review

The process to request a review of tools and data handling includes two components:

  1. Email the Information Security Team to request a review of tools and data handling.
  2. Provide the information below about your research by including it in your email (in step 1) or by completing this Qualtrics survey
    • How best to contact you
    • A brief description of your research
    • What types of data you will be handling
    • The data subjects
    • A description of your research data handling processes
    • The IT tools your research will you using
    • For the tool you would like reviewed
      • The tool name and website
      • Why you selected the particular tool
    • A copy of your research protocol, if drafted
    • Where your study is in the research proposal timeline, including whether a submission has been or will be made to an IRB
    • Any data handling requirements from funders
    • Any additional information you care to share.

Security reviews are done for tools and services when a third party is processing the data, including tools and services that store data in the cloud or vendors that provide software as a service. If the software you are using will be downloaded on a Tufts device and the data will not be transferred outside of Tufts, then a security review of the software's vendor will not be required. However, a review of the study's data handling practices and procedures may still be appropriate. 

Other Sources of Tools and Services at Tufts

In addition to the Tools & Services List, Tufts University offers a wide range of technology available to researchers on the following websites.

Other Resources for How to Work with your Research Data Securely

Special Note for Researchers whose Study will include Data from the European Economic Area (EEA)

Researchers engaged in human subject research that involves any of the countries in the EEA are asked to review the information at: GDPR and Research.

Contact

If you have feedback or questions about research tools, please contact the Research Technology team. If you have questions about the privacy and security guidelines, please contact the Information Security team.

Did you find what you were looking for on this webpage?