Human Subject Research Data Privacy and Security

Tozny co-authors Human Factor and Ergonomics Society (HFES) Paper: Development of Human-Out-of-the-Loop Participant Recruitment, Data Collection, Data Handling, and Participant Management System

As smartphones and wearable devices become ubiquitous, analysts in the field of human subject research (HSR) are chomping at the bit to access and analyze large datasets of continuously collected sensor data from human subjects. Study data collection and the datasets themselves pose significant privacy and data security issues as this data is often highly identifiable even when best practices are applied to remove Personally Identifying Information (PII).

Tozny teamed up with Charles River Analytics, the University of Washington, and Kryptowire on the HIPPOCRATIC project to collect such HSR data under a four-year DARPA contract awarded in 2018.

The team developed a system that enables continuous collection of this sensor data during human subject research studies while ensuring privacy. The system provides secure, fully human-out-of-the-loop participant recruitment, screening, onboarding, data collection on smartphones, data transmission to the cloud, data security in the cloud, and data access by analysis and modeling teams.

Tozny leveraged its end-to-end encryption and encrypted data storage solution, TozStore, to architect, deploy, and manage the data encryption, transmission, and storage as well as secure authorized access to the collected data. Using end-to-end encryption, the data is encrypted for its entire life cycle until accessed by authorized researchers.

As discussed in the paper, a human-out-of-the-loop approach was used so that subject PII is never human accessible. This includes the implementation of anonymous workflows for registration, incentives payments, and participant support all based on Tozny’s end-to-end encryption technology.

HFES figure Figure 1: Process diagram and data flow for participant recruitment, enrollment, data acquisition, communication with participants, and secure payment processing

About Tozny

Tozny provides secure identity management and data privacy solutions to address commercial, government, and academic requirements. Contact us if you want to learn more about Tozny’s identity management (TozID) and end-to-end encryption (TozStore) products and services.