Addressing Privacy and Security Concerns of Apps in the Lab

November 08, 2023

Address Privacy and Security Concerns of Apps in the Lab

As hands-free lab note-capturing technology becomes more prevalent, it is crucial to address the privacy and security concerns associated with voice recognition and mobile or wearable devices. Although hands-free technology offers convenience and efficiency, it also raises concerns about data privacy and security. In this blog post, you’ll read about the different data privacy and security concerns you may face and how LabTwin, the leading voice-powered digital lab assistant, has addressed them.

Protecting Sensitive Data in the Lab

Protecting patient data is at the forefront of most life sciences research. Measures for protection have evolved along with technology, from double-blinded study files stored in locked filing cabinets, through today where those double-blinded studies are digitized and maintained in a laboratory information management system (LIMS) or laboratory information system (LIS). 

Clinical trials of today often collect patient data through the use of wearable technology or voice recognition, which carry specific risks to ensuring patient data security. 

To address the rising concerns about data security, LabTwin uses various measures to protect the sensitive data collected through hands-free lab note taking, including encryption, user authentication, and data access controls.

There are numerous international standards for data security including those of the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), that are considered the international gold standards for information security. LabTwin has obtained the ISO/IEC 27001:2017 and ISO/IEC 27017:2015 certifications, recognizing LabTwin’s compliance with these standards. ISO/IEC 27001 is a set of more than 100 requirements for Information Security Management Systems (ISMS) developed by ISO and IEC, encompassing data security and data processes, risk management, and appropriate user training. As an extension to ISO/IEC 27001, ISO/IEC 27017 includes standards for information security in cloud-based systems.

Data Security

To ensure adherence with the ISO/IEC standards and with the United States Code of Federal Regulations (CFR) 21 Part 11, LabTwin uses the proven and well-tested cloud-based infrastructure of Amazon Web Services (AWS). AWS security is itself verified by compliance certifications, including ISO/IEC 27001 and AWS-independent third-party system and organizational controls (SOC) reports 1, 2, and 3. This means that all data sent over the Internet to LabTwin servers and between services is encrypted over transport layer security/secure sockets locator (TLS/SSL) connections. It will be very difficult for any bad actor to penetrate these layers of security.

Mobile Security

The device level encryption offered by Apple or Android operating systems secures the data stored on the device, combined with a mobile device management (MDM) system to control the device itself. This creates a secure and controlled environment for the LabTwin app. LabTwin can also provide an extra level of security by deploying a User Management System for an added fee.

Ensuring Compliance with Data Privacy Regulations

Data privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR) and the United States Health Insurance Portability and Accountability Act (HIPAA), govern the treatment of patient data during hands-free lab note taking. LabTwin ensures compliance with its built-in access controls and the security measures described previously, while maximizing the benefits of the technology. The aspect of LabTwin that receives the most attention with respect to data privacy assurance is the AI-powered voice recognition software in the mobile app. 

White paper: LabTwin AI Use Case Catalog

Voice Recognition and Data Privacy

LabTwin’s voice recognition technology works by drawing on its large data set of scientific terminology to capture the technician’s words accurately. The storage of voice data carries specific risks in the era of deep fakes. An individual’s voice is almost as unique as their fingerprints and if voice recordings fall into the wrong hands, a person’s identity could easily be stolen. It’s critical to take appropriate steps, such as documented adherence to the applicable regulations, to protect user privacy and intellectual property when using hands-free devices. 

Balancing Convenience with Security

We humans are starting to grapple with the trade-offs between convenience and security. For example, using an E-ZPass for toll collection or a transit pass means that the transportation authorities can gather data about your movements, but these have become accepted privacy intrusions for the convenience (and price discount) received in return. The convenience of secure hands-free devices in the lab is also becoming recognized, and that convenience is increasingly supported by legislation to protect user privacy and ensure that hands-free devices can be deployed safely in research settings.  

Webinar Recording Request LabTwin

Use LabTwin With Confidence

Researchers shouldn’t need to sacrifice convenience in the name of security. With LabTwin, you can enjoy the accessibility of voice-powered data capture while being assured that patient data and your research findings are stored securely.

 Reach out if you’d like to learn more about LabTwin and its built-in data privacy and security features.