Secure, compliant, and built for Clinical Research.
Studytrax is designed from the ground up to protect sensitive clinical and research data, combining enterprise-grade infrastructure, rigorous security controls, and compliance with key regulatory standards.
Hosted in the cloud and available when you need it, Studytrax delivers the security, reliability, and peace of mind required for modern clinical research.
Standards and compliance you can trust
Studytrax aligns with widely recognized security and regulatory frameworks:
HIPAA compliant
Business Associate Agreement (BAA) in place with required administrative, physical, and technical safeguards
21 CFR Part 11 ready
Supports electronic records and signatures with validated controls and audit trails
ISO 27001–aligned posture
Security program continuously monitored through Vanta
Encryption standards
AES-256 encryption for data at rest and backups; TLS 1.2+ for data in transit
Built-in software security controls
Security is embedded directly into the platform:
- SSL-enforced access across all sessions
- Strong authentication and password protection (salted and hashed)
- Account lockout after failed login attempts
- Automatic session timeouts for inactivity
- Role-based access controls (RBAC)
- Comprehensive user activity auditing and audit trails
These controls ensure that only authorized users access the right data, and every action is tracked.
Operational and process controls
Security extends beyond software into organizational practices:
- Documented security policies and procedures
- Security awareness training for all personnel
- Role-based access and strong authentication across systems handling PHI
- Continuous risk assessment and risk management processes
- Incident detection, reporting, and response workflows
- Data redundancy, backup, and disaster recovery planning
- Ongoing third-party evaluation of the security program
Enterprise-grade hosting and infrastructure
Studytrax runs in a secure, enterprise-class environment with layered protection:
- Multi-tier architecture with web and database servers separated
- Firewalls ensure the database is never publicly accessible
- Intrusion detection and continuous log monitoring
- Fully encrypted database storage on RAID-configured systems
- Physically secure data centers with strict access controls
Resilience and backup:
- Automated backups every 15 minutes
- AES-256 encrypted backups stored in geographically separate locations
- Secure transfer over encrypted connections
- Physical destruction of retired or failed drives by the hosting provider
Regulatory-ready by design
Studytrax is purpose-built for clinical research environments:
- Operates under a Business Associate Agreement (BAA)
- Implements HIPAA-required safeguards across all layers
- Supports 21 CFR Part 11 requirements, including:
- Secure, computer-generated audit trails
- Role-based access and system validation controls
- Unique, non-transferable electronic signatures linked to records
This ensures your study is aligned with regulatory expectations from day one.
Secure participant payments
Participant compensation is handled securely and transparently:
- Gift card fulfillment uses one-time tokens over encrypted connections (TLS 1.2+)
- No protected health information is shared with third-party reward providers
- Participant balances are stored securely within Studytrax, not external wallets
- Full payment audit trails support financial tracking and 1099 reporting
Security you can rely on
From infrastructure to application controls to operational processes, Studytrax is designed to protect your data, support compliance, and meet the demands of clinical research at every stage.
