Initial Considerations
The concept of data security and compliance is a combination of hardware and software, as well as user processes and procedures. The FDA has issued guidelines to provide recommendations to clinical investigators and others involved in the capture, review, and retention of electronic source data in FDA-regulated clinical investigations. The guidelines are intended to assist in ensuring the reliability, quality, integrity, and traceability of data from electronic source to electronic regulatory submission. This article is meant to help University of Utah researchers understand how REDCap is configured to support their studies in a protected and compliant environment.
The University of Utah REDCap instance is supported and maintained by the Center for Clinical and Translational Science (CCTS) in the Center for High Performance Computing Protected Environment. The system is HIPAA compliant and deployed in the University of Utah Downtown Data Center where physical and network access is tightly controlled 24/7/365. Data is backed up nightly. Additionally, user and role-based permissions provide granular management of access to data records and functions. Reporting and audit controls follow HIPAA standard best practices.
CCTS REDCap is operated in a HIPAA compliant environment, however the controls haveĀ NOT been certified by a third party as 21 CFR Part 11 compliant.
...