Initial Considerations
The concept of data security and compliance is a combination of hardware and software, as well as user processes and procedures. This article is meant to help University of Utah researchers understand how REDCap is configured to support their studies in a protected environment.
CCTS REDCap is operated in a HIPAA compliant environment.
The University of Utah REDCap instance is supported and maintained by the Center for Clinical and Translational Science (CCTS) in the Center for High Performance Computing Protected Environment. The system is HIPAA compliant and deployed in the University of Utah Downtown Data Center where physical and network access is tightly controlled 24/7/365. Data is backed up nightly. Additionally, user and role-based permissions provide granular management of access to data records and functions. Reporting and audit controls follow HIPAA standard best practices.
...
Controls haveĀ NOT been certified by a third party as 21 CFR Part 11 compliant.
| Info |
|---|
The REDCap platform is 21 CFR Part 11 capable and parts of your study implementation may meet controls requested by a sponsor but the overall infrastructure is not 21 CFR Part 11 validated as of May 2021. An effort is underway to gather requirements to meet this need but no implementation date has been identified as of this writing. The FDA has issued guidelines to provide recommendations to clinical investigators and others involved in the capture, review, and retention of electronic source data in FDA-regulated clinical investigations. The guidelines are intended to assist in ensuring the reliability, quality, integrity, and traceability of data from electronic source to electronic regulatory submission. |
...