Research Tools: Security and Privacy

Last updated 12/19/2022

Consider Security and Privacy When Choosing Research Tools

Tufts Technology Support (TTS) strives to support researchers in choosing tools and data handling processes that will meet both the researcher’s desired work processes and the various in-scope security and privacy requirements.  These requirements may arise from funding or data contracts, from regulations that cover specific types of data (e.g., HIPAA, GDPRs (EEA and UK Data Privacy), state privacy laws, other regulations that protect personally identifiable information, etc.), and general security and privacy best practices.

The information on this webpage supports researchers by providing both a list of tools and services TTS has reviewed for use in research studies and the information needed to easily request a review of a tool or service. Ideally, researchers are encouraged to use already vetted tools and services.

We use the word “tool” on this page in a general way. IT tools include apps, software and services.

Important Disclaimers and Requirements:

  • This document is a work-in-progress. Over time, the Office of Information Security and Research Technology in TTS will continue to update this page.
  • Just because a tool or service is listed does not mean that TTS provides technical support or advice on how to use the tool or service.
  • Institutional Review Boards (IRBs) are required to consider privacy and confidentiality protections when they review studies, even if the study is determined to be exempt. Many of our reviews have been for researchers doing human subject research.
  • If your research does not involve personal information, it is still very important that you consider carefully what IT tools to use. Choosing tools that have been vetted for security will help protect your study’s data.

List of Reviewed Tools and Services

TTS has reviewed the following list of tools and services for use in research studies.

See and download the full table of tools and services

Please read all the notes before the table and in the table carefully as:

  • Not every tool or service that is listed is approved for all types of data.
  • Several tools and services require that you follow specific practices.
  • There may be additional funding, contract and other considerations. It is important that you review your funding documentation and other requirements for any limitations on how your research team works with data.

Request a Review

The process to request a review of tools and data handling includes two components:

  1. Email the Office of Information Security to request a review of tools and data handling.
  2. Provide the information below about your research by including it in your email (in step 1) or by completing this Qualtrics survey

 

  • How best to contact you
  • A brief description of your research
  • What types of data you will be handling
  • The data subjects
  • A description of your research data handling processes
  • The IT tools your research will you using
  • For the tool you would like reviewed
    • The vendor website and the name and version of the specific tool
    • Why you selected the particular tool
  • A copy of your research protocol, if drafted
  • Where your study is in the research proposal timeline, including whether a submission has been or will be made to an IRB
  • Any data handling requirements from funders
  • Any additional information you care to share.

Security reviews are done for tools and services when a third party is processing the data, including tools and services that store data in the cloud or vendors that provide software as a service. 

If the software you plan to use will be downloaded on a Tufts device and the data will not be transferred outside of Tufts, then a security review will not be required if your use of the software will meet the specific requirements to be “solely locally installed laptop/desktop third-party software.” These requirements include several limitations, such as the number of users. See the Table for the requirements. In any event, a review of the study's data handling practices and procedures may still be appropriate. 

Other Sources of Tools and Services at Tufts

In addition to the Tools & Services List, Tufts University offers a wide range of technology available to researchers on the following websites.

Other Resources for How to Work with your Research Data Securely

Special Note for Researchers whose Study will include Data from the European Economic Area (EEA), the United Kingdom (UK) or China

Researchers engaged in human subject research that involves any of the countries in the EEA or the UK are asked to review the information at: GDPR and Research.

For human subject research in China, contact OIS-SecurityReviews@tufts.edu for a review of your study in the context of the PRC’s data security and privacy laws and regulations, as well as whether particular tools may be used for the data.

 

Contact

If you have feedback or questions about research tools, please contact the Research Technology team. If you have questions about the privacy and security guidelines, please contact the Office of Information Security.