What Is REDCap?

REDCap (Research Electronic Data Capture) is a secure, web-based application system developed by researchers for researchers. It is a powerful tool for building and managing online surveys and databases to support online or offline data capture. It provides a high degree of customizability, unlimited survey functionality, a sophisticated export module, advanced user right control, and supports HIPAA compliance.

REDCap has many features, including:

  • Easy Online or offline project design
    • Easy-to-build projects without advanced programming knowledge using the Online Designer or offline using a “data dictionary” template in Microsoft Excel that can be uploaded later into REDCap.
  • Multiple data collection methods
    • Collect anonymous or identified data via online surveys, direct data entry, or generate a PDF version for printing in order to collect responses offline. REDCap also offers MyCap and REDCap Mobile App.
  • Secure and web-based
    • Input data or build an online survey or database from anywhere in the world over a secure web connection with authentication and data logging.
  • Multi-site access
    • REDCap databases/surveys can be used by researchers from multiple sites and institutions.
  • Fully customizable
    • You are in total control of shaping your database or survey. REDCap offers extensive question types including: matrix questions, rating scales, textboxes, radio buttons, drop-downs, and file uploads.
  • Audit trails
    • For tracking data manipulation and user activity.
  • Automated export procedures
    • For seamless data downloads to Excel, PDF, and common statistical packages (SPSS, SAS, Stata, R).
  • Many advanced features
    • Such as branching logic, file uploading, calculated fields, built-in project calendar, scheduling module, and ad hoc reporting tools.
  • Regulatory compliance
    • REDCap is a HIPAA-capable system approved by UCH IT Security. However, system-level requirements are only half of the equation; there are things that you must do as the owner of the REDCap project. Fortunately, REDCap includes useful tools and features that can be used to help manage and protect your data.
  • Secure and Convenient Messaging
    • Convenient web authentication using UConn Health’s domain account system to send messages and surveys invitations directly to participants via REDCap.
  • Multiple-Language Management
    • REDCap gives you the ability to translate any kind of text found within REDCap (navigational buttons, REDCap instructional text, fields and options, emails, etc.).
  • Many advanced features
    • Such as branching logic, file uploading, and calculated fields.
  • And so much more…

*Your study materials dictate what and how data can be collected and how that data will be stored – this includes the usage of REDCap. Please refer to your approved study plan to determine if and how your project can utilize REDCap – this information can be found in the protocol, consent forms, IRB application, Data Security Assessment, HIPAA authorization/waiver, etc. ALL project fields and forms/instruments should match what has been approved.

**REDCap should ONLY be used for active data collection and project data should be routinely exported. For more information: Managing Your Data. Once active data collection has ended, the project and its data need to be removed from the system. Therefore, you must have an external storage plan in place, which should be part of your IRB-approved plan.

 

HIPAA, Security, and Data Collection

UCH REDCap is a HIPAA-capable web platform in that to be HIPAA-compliant it requires that users conduct certain practices, such as limiting access to and restricting export of high-risk data. As such, part of what makes UCH REDCap HIPAA-compliant is the appropriate data collection and management practices of UCH REDCap users – even those not collecting high-risk data. Therefore, all UCH REDCap users must complete the appropriate institutional and federal regulatory requirements per IRB of record (i.e., CITI Courses, HIPAA training, etc): UConn, UCH, or external equivalent. All users must also abide by Protecting High Risk Data no matter the classification of their project data. Please note, UCH REDCap is NOT a 21 CFR Part 11-compliant system and should not be used for studies reporting to the FDA (i.e., IND, IDE, abbreviated IDE, etc).

The REDCap platform is hosted on premise at UConn Health and managed by Academic IT Services and the Clinical Research Center. All REDCap data is stored on servers at UConn Health. It is secured using the technical controls stipulated by HIPAA. These controls include (but not limited to): protection behind the firewall in the IT data center with controlled physical access, servers kept up to date with operating system and application patches and upgrades, role-based access to projects, data encrypted while in transmission, daily backup, and regular audits of system events and logs. Remote access from outside the UConn Health network is provided securely over an encrypted web connection.

All projects must meet eligibility requirements. The project’s study materials dictate what data can be collected and how that data will be stored – this includes the usage of REDCap. Please refer to your approved study plan to determine if and how your project can utilize REDCap and what data can be collected and stored – this information can be found in the protocol, consent forms, IRB application, HIPAA authorization/waiver, etc. If your IRB-approved data collection and storage plan indicates that identifiers will be kept separate from the data collected (i.e. will not be stored with study data), then identifiers should not be collected/stored in the same project along with the study data. If the collection and storage of identifiers are necessary for your project, then make sure that it is part of your IRB-approved plan. It is the responsibility of the PI (as well as the study team) to ensure the collection and storage of identifiers, this includes signed consent documents, and is consistent with the confidentiality plans described to the IRB in the application, protocol, consent, etc. Changes to the data collected and how it is stored are to be approved by the IRB before implementation. If the IRB determined the research was Exempt, the PI should consult the IRB before making changes to ensure those changes do not invalidate the exemption.

Contact Us

If you have any questions, please do not hesitate to reach out to us: redcap@uchc.edu.