Initial Considerations
The concept of data security and compliance is a combination of hardware and software, as well as user processes and procedures. This article is meant to help University of Utah researchers understand how REDCap is configured to support their studies in a protected environment.
CTSI REDCap is operated in a HIPAA compliant environment.
The University of Utah REDCap instance is supported and maintained by the Center for Clinical and Translational Science Institute (CCTSCTSI) in the Center for High Performance Computing Protected Environment. The system is HIPAA compliant and deployed in the University of Utah Downtown Data Center where physical and network access is tightly controlled 24/7/365. Data is backed up nightly. Additionally, user and role-based permissions provide granular management of access to data records and functions. Reporting and audit controls follow HIPAA standard best practices.
CCTS REDCap is operated in a HIPAA compliant environment, however the controls haveĀ NOT been certified by a third party as 21 CFR Part 11 compliant.
...
.
Background information regarding 21 CFR Part 11 controls
...