Last updated 12/19/2022
Consider Security and Privacy When Choosing Research Tools
Tufts Technology Support (TTS) strives to support researchers in choosing tools and data handling processes that will meet both the researcher’s desired work processes and the various in-scope security and privacy requirements. These requirements may arise from funding or data contracts, from regulations that cover specific types of data (e.g., HIPAA, GDPRs (EEA and UK Data Privacy), state privacy laws, other regulations that protect personally identifiable information, etc.), and general security and privacy best practices.
The information on this webpage supports researchers by providing both a list of tools and services TTS has reviewed for use in research studies and the information needed to easily request a review of a tool or service. Ideally, researchers are encouraged to use already vetted tools and services.
We use the word “tool” on this page in a general way. IT tools include apps, software and services.
Important Disclaimers and Requirements:
- This document is a work-in-progress. Over time, the Office of Information Security and Research Technology in TTS will continue to update this page.
- Just because a tool or service is listed does not mean that TTS provides technical support or advice on how to use the tool or service.
- Institutional Review Boards (IRBs) are required to consider privacy and confidentiality protections when they review studies, even if the study is determined to be exempt. Many of our reviews have been for researchers doing human subject research.
- If your research does not involve personal information, it is still very important that you consider carefully what IT tools to use. Choosing tools that have been vetted for security will help protect your study’s data.
List of Reviewed Tools and Services
TTS has reviewed the following list of tools and services for use in research studies.
See and download the full table of tools and services.
Please read all the notes before the table and in the table carefully as:
- Not every tool or service that is listed is approved for all types of data.
- Several tools and services require that you follow specific practices.
- There may be additional funding, contract and other considerations. It is important that you review your funding documentation and other requirements for any limitations on how your research team works with data.
Request a Review
The process to request a review of tools and data handling includes two components:
- Email the Office of Information Security to request a review of tools and data handling.
- Provide the information below about your research by including it in your email (in step 1) or by completing this Qualtrics survey.
- How best to contact you
- A brief description of your research
- What types of data you will be handling
- The data subjects
- A description of your research data handling processes
- The IT tools your research will you using
- For the tool you would like reviewed
- The vendor website and the name and version of the specific tool
- Why you selected the particular tool
- A copy of your research protocol, if drafted
- Where your study is in the research proposal timeline, including whether a submission has been or will be made to an IRB
- Any data handling requirements from funders
- Any additional information you care to share.
Security reviews are done for tools and services when a third party is processing the data, including tools and services that store data in the cloud or vendors that provide software as a service.
If the software you plan to use will be downloaded on a Tufts device and the data will not be transferred outside of Tufts, then a security review will not be required if your use of the software will meet the specific requirements to be “solely locally installed laptop/desktop third-party software.” These requirements include several limitations, such as the number of users. See the Table for the requirements. In any event, a review of the study's data handling practices and procedures may still be appropriate.
Other Sources of Tools and Services at Tufts
In addition to the Tools & Services List, Tufts University offers a wide range of technology available to researchers on the following websites.
- Data Management Plan - Office of the Vice Provost for Research (OVPR)
- TTS Research Technology
- Data Labs
- Data Management
- Data Science
- Digital Humanities
- High Performance Computing
- Geographic Information Systems (GIS)
- Data Storage for Research
- Software and Applications (Select Research in search filter)
Other Resources for How to Work with your Research Data Securely
- IT Policies & Guidelines
- Data Security & Privacy
- Securing Your Research and Data
- Securing Devices
- Information Security Consulting Advice
- Health Sciences IRB Confidentiality and Data Security Guidelines for Electronic Research Data
- Working Remotely including TTS Guidelines for Securely Working with Technology Especially When Working Remotely or Using a Personal Device
- Security Practices for Tufts Restricted Data, which includes human subject research data subject to the Common Rule and all other data that is subject to any regulatory requirements:
- An online learning module on basic security practices: Stepping up your Game – 10 Key Strategies for Protecting Tufts Most Sensitive Information, available in the Tufts Learning Center
- Restricted Data Handling Guidelines
- Quick Guide
Special Note for Researchers whose Study will include Data from the European Economic Area (EEA), the United Kingdom (UK) or China
Researchers engaged in human subject research that involves any of the countries in the EEA or the UK are asked to review the information at: GDPR and Research.
For human subject research in China, contact OIS-SecurityReviews@tufts.edu for a review of your study in the context of the PRC’s data security and privacy laws and regulations, as well as whether particular tools may be used for the data.
If you have feedback or questions about research tools, please contact the Research Technology team. If you have questions about the privacy and security guidelines, please contact the Office of Information Security.