Security Information

While the REDCap environment controls implemented by ITCS keep your research and data safe, we ask that all users take an active role to ensure we continue to maintain our high level of security.

HIPAA Compliance and PHI

The HIPAA Security Rule defines the standards, which require covered entities to implement basic safeguards to protect electronic protected health information (EPHI), which is individually identifiable health information in the electronic form. Privacy depends upon security measures: no security, no privacy.

HIPAA also mandates that covered entities must maintain reasonable and appropriate administrative, physical, and technical safeguards to protect patients' electronic protected health information. This information may be in any electronic format that is stored or transmitted from devices such as desktop or laptop computers, networked systems, disks, CD-ROMs, hand-held device (PDAs), and other clinical-related devices.

Always think about the security of your data-only export when necessary. Take precaution when exporting data and only export data if you need to run reports or analysis outside REDCap. Limit user privileges to allow export rights only to those who really need them. Note: REDCap is a web-based system. Once data is downloaded from REDCap to a device (ex: computer, laptop, mobile device), the user is responsible for that data. If the data being downloaded is protected health information (PHI), the user must be trained and knowledgeable as to which devices are secure and in compliance with ECU's standards (ex: HIPAA) for securing PHI.

Use the REDCap Send-It feature to send data-Send-It is a secure data transfer application that allows you to upload a file (up to 32MB in size) and then allow multiple recipients to download the file in a secure manner. Each recipient will receive an email containing a unique download URL, along with a second follow-up email with the password (for greater security) for downloading the file. The file will be stored securely and then later removed from the server after the specified expiration date. Send-It is the perfect solution for anyone wanting to send files that are too large for email attachments or that contain sensitive data.

At ECU, we are committed to protecting our patients' privacy and maintaining our organization's security of information. We continue to comply with the HIPAA rule and maintain the confidentiality, security, and integrity of our patients' health information. Note: If you have a question about HIPAA or wish to report a privacy concern, please call: 744-5200 or email:

HIPAA Identifiers

  1. Names
  2. All geographic subdivisions smaller than state, including street address, city, county, precinct, Zip Code, and their equivalent geographic codes, except for the initial three digits of a ZIP Code if, according to the current publicly available data from the Bureau of the Census:
    1. The geographic unit formed by combining all ZIP Codes with the same three initial digits contains more than 20,000 people.
    2. The initial three digits of a ZIP Code for all such geographic units containing 20,000 or fewer people are changed to 000.
  3. All elements (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 and older.
  4. Telephone numbers
  5. Facsimile numbers
  6. Electronic mail addresses
  7. Social Security numbers (not allowed in REDCap)
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/License numbers
  12. Vehicle identifier and serial numbers, including license plates
  13. Device Identifiers and serial numbers
  14. Web Universal Resource Locators (URLs)
  15. Internet Protocol (IP) address numbers
  16. Biometric Identifiers, including finger and voiceprints
  17. Full-face photographic images and any comparable images
  18. Any other unique identifying number, characteristic, or code that could identify the individual

Source: U.S. Department of Health and Human Services National Institutes of Health (2017). Retrieved from

Mark the Identifiers in REDCap:

When you are creating project fields in your data collection instrument, remember the 18 HIPAA Identifiers. If your field label uses identifying information, make sure you choose YES next to Identifier. This will be important when you are ready to export your data. All fields tagged as identifiers will be marked in red.

REDCap User Rights Information

Please Note: REDCap is a web-based system. Once data is downloaded from REDCap to a device (computer, laptop, mobile device), the user is responsible for that data. If the downloaded data is protected health information (PHI), the user must be trained and knowledgeable as to which devices are secure and in compliance with ECU's standards (like HIPAA) for securing PHI.

User Right Access Notes Potential to Access Protected Health Info (PHI)?
Data Entry Rights Grants user one of these rights to the project's data collection instruments:
  • No Access
  • Read Only
  • View & Edit
  • Edit Survey Responses
WARNING: The data entry rights pertain only to a user's ability to view or edit data on the web page. It has NO effect on data exports. YES. If access to a form with PHI is Read Only or View & Edit, user will be able to view PHI.
Expiration Date Automatically terminates a user's project access on a specific date.    

Highest Level Privileges:

User Right Access Notes Potential to Access Protected Health Info (PHI)?
Project Design and Setup Access to add, update or delete any forms within the project. Also allows user to enable and disable project features and modules. This should be allocated only to trained study members and should be limited to a very few number of users per study.
User Rights Access to change the rights and privileges of all project users, including themselves. WARNING: Granting User Rights privileges gives the user the ability to control other users' project access. This user should be very trusted and knowledgeable about the project and REDCap. Giving user rights to team members should be a carefully thought-out decision. The consequences of poor user rights assignments could be damaging to both the security and integrity of your project. For instance, giving record deletion or project design rights to an unqualified person could result in data loss or database integrity issues. YES. User can change own User Rights and grant access to any module where PHI can be viewed or downloaded to a device.
Data Access Groups Access to create and add users to data access groups.

Do not assign yourself to a data access group; you will limit your ability to access all project data and to add other users to data access groups. 
For multi-site studies this allows the ability to place barriers between sites' data (i.e. group A cannot see, export, or edit group B's data).  

Privileges for data exports (including PDFs and API exports), reports and stats:

User Right Access Notes Potential to Access Protected Health Info (PHI)?
Data Exports Grants No Access, De-Identified Only, Remove All Tagged Identifier Fields and Full Data Set Access to export all or selected data fields to Microsoft Excel, SAS, SPSS, R and Stata.

Default Access: De-Identified; De-identified access shifts all dates even if they are not marked as identifiers.

Non-validated text fields and note fields (free text) are also automatically removed from export.

Remove all tagged Identifier fields ONLY removes fields marked as identifiers and does NOT automatically remove non-validated text fields or field notes and does NOT date shift. In reports and in the API data exports, any fields that have been tagged as
WARNING: The de-identified and remove all tagged identifier field options are contingent upon correctly flagging identifiers in each field.

It is advised to mark all PHI fields as identifiers and restrict export access to de-identified.
YES. PHI can be exported and downloaded to a device.

Exporting data is NOT linked to data entry rights. User with full export rights can export ALL data from all data collection instruments.

Please see Data Exports, Reports, and Stats FAQ for additional info.
Add/Edit Reports Access to build reports within the project. If user does not have access to a data collection instrument that the report is pulling data from, those fields will not appear in the report. For complex querying of data, best results are acquired by exporting data to a statistical package. YES. Depending on Data Entry Rights, PHI can be viewed.
Stats and Charts Access to view simple statistics on each field in the project in real time. If user does not have access to a data collection instrument, that instrument will not be listed on the page. Outliers can be identified. When clicked, navigates to the record, form and field with the outlier data. YES. Depending on Data Entry Rights, PHI can be viewed.

Other Privileges:

User Right Access Notes Potential to Access Protected Health Info (PHI)?
Manage Survey Participants Access to manage the public survey URLs, participant contact lists, and survey invitation log. YES. Email addresses (PHI) may be listed for the participant contact lists and invitation logs. Emails can be downloaded to a device.
Calendar Access to track study progress and update calendar events, such as mark milestones, enter ad hoc meetings. In combination with the scheduling module the calendar tool can be used to add, view and update project records which are due for manipulation. YES. PHI can be entered and viewed in the "notes" field. Data entered can be printed to PDF and downloaded to a device.
Data Import Tool Access to download and modify import templates for uploading data directly into the project bypassing data entry forms. WARNING: This gives the user the capability to overwrite existing data. Blank cells in the data import spreadsheet do not overwrite fields with data.  
Data Comparison Tool Access to see two selected records side by side for comparison. Extremely helpful when using double data entry. YES. PHI can be viewed.Data can be printed and downloaded to a device. ALL data discrepancies for all fields in project are displayed and can be downloaded to user with access to this module - NOT linked to Data Entry Rights or Data Export Tool Rights.
Logging Grants user access to view log of all occurrences of data exports, design changes, record creation, updating & deletion, user creation, record locking, and page views. This is the audit trail for the project. Useful for audit capability. YES. ALL data entered, modified and changed is listed in module, can be viewed and downloaded to a device.
File Repository Access to upload, view, and retrieve project files and documents (ex: protocols, instructions, announcements). In addition, it stores all data and syntax files when data is exported using the Data Export Tool. WARNING: While users with restricted data export rights will not be able to access saved identified exports, they will be able to view any other sensitive information stored in the file repository such as photos or scanned documents. Limit this privilege to those who should have access to PHI. YES. Depending on Data Export Tool rights, PHI can be downloaded to a device.
Data Quality Access to find data discrepancies or errors in project data by allowing user to create & edit rules; and execute data quality rules. If user does not have access to a data collection instrument that the query is referencing, access will be denied for query results. YES. Depending on Data Entry Rights, PHI can be viewed.
API Access to the API interface that allows external applications to connect to REDCap remotely, and is used for programmatically retrieving or modifying data or settings within REDCap, such as performing automated data imports/exports from a specified project. Reminder: While REDCap itself has many security layers to ensure the highest level of security and data integrity, it is your responsibility to ensure that you are using the most secure methods and best practices when using the REDCap API. This is especially important if you are moving sensitive data into or out of REDCap. YES. Depending on the Data Import/Export rights the user will be able to view PHI being imported or exported.

Settings Pertaining to Project Records:

User Right Access Notes Potential to Access Protected Health Info (PHI)?
Create Records Access to add records and data to database. Basic tool and need of data entry personnel.
Rename Records Access to change key ID of record WARNING: Should only be given to trained staff - can cause problems in data integrity.  
Delete Records Access to remove an entire record. WARNING: Records deleted are records lost. Few, if any, team members should have this right.  

Settings Pertaining to Record Locking and E-Signatures

User Right Access Notes Potential to Access Protected Health Info (PHI)?
Record Locking Customization Access to customize record locking text. Will only be applicable to users with Lock/Unlock rights. Sometimes used for regulatory projects to provide meaning to the locking action.
Lock/Unlock Records Access to lock/unlock a record from editing. Users without this right will not be able to edit a locked record. User will need Read Only or View & Edit to lock/unlock a data collection instrument. A good tool for a staff member who has verified the integrity of a record to ensure that the data will not be manipulated further. Works best if few team members have this right. YES. Depending on Data Entry Rights, PHI can be viewed.
Lock/Unlock Records with E-Signature Authority Once a data collection instrument has been locked for a given record in the project, a person with e-signature privileges may then apply an e-signature to that form, if they wish. The e-signature option appears as a check box that says, " E-signature
" (appears just above the Save buttons and immediately below the Locked
check box)

Although locking a record prevents its data from being modified, the e-signature goes a step further, and serves as the equivalent of a handwritten signature. If a record has been e-signed, then it denotes that its data has been both locked (to prevent further changes) and authorized (i.e. by a user with e-signature privileges).
It is also important to note that anyone with locking privileges (even if lacking e-signature authority) will negate the e-signature on a form when unlocking the record, after which data changes can be made to the record. The e-signature can be re-applied after such data changes. For any given record, an e-signature can be saved and negated on a form an unlimited number of times. When saving an e-signature, a user will be asked to enter their username and password for verification. If the username/password verification fails three times in a row, the user will be automatically logged out of REDCap YES. Depending on Data Entry Rights, PHI can be viewed.
Allow Locking on All Forms All forms for a given record can be locked at once.   YES. Depending on Data Entry Rights, PHI can be viewed.

The User Access Dashboard is a reporting tool designed to assist in the management of users granted access to one or more REDCap projects. If you can view this dashboard, you have User Access Dashboard rights to at least one project.

It is recommended you access the User Access Dashboard monthly to review users who have access to any projects. This list can be filtered by project status or project purpose.

If a user no longer requires access to a project, you should

  1. Expire the user’s access by defaulting to yesterday’s date, or
  2. Click the radio button beside a name to delete the user from the project.

Click the button at the bottom of the page to implement changes, which take effect immediately.

Access updates may still be done within individual projects, but the User Access Dashboard tool streamlines the process.

Suggested REDCap Access by Project Role

Also see role descriptions and user rights information

Project Role Principal Investigator Administrator Project Coordinator Data Coordinator Statistician Project Staff Read Only Data Entry
Calendar X X X     X    
Data Export/No Access             X X
Data Export/De-Identified         X X    
Data Export/Remove all tagged Identifier fields         X X    
Data Export/Full Data Set X X X X        
Data Import Tool X X X X   X    
Data Comparison Tool X X X X        
Logging X X X X        
File Repository X X X     X    
User Rights X X X          
Data Access Group Name (if applicable) X X X          
Stats & Charts X X X X X X X  
Data Quality/Create & Edit Rules X X X X X      
Data Quality/Execute Rules X X X X X      
Add/Edit Reports X X X X   X X X
Project Design and Setup X X X          
Record Locking Customization X X X          
API/Export X X X          
API/Import X X X          
Lock-Unlock Records/Disabled         X X X X
Lock-Unlock Records/Locking-Unlocking X X X          
Lock-Unlock Records/Lock-Unlock with E-sign                
Allow locking of all forms at once for a given record X X X          
Data Entry Rights/No Access                
Data Entry Rights/Read Only         X   X  
Data Entry Rights/View & Edit X X X X   X   X
Create Records X X X X   X   X
Rename Records X X X X        
Delete Records X X X X        
Edit Survey Responses X X X X        
Manage Survey Participants (for surveys only) X X X          

Once a project is completed:

  1. Once your project is complete, it should be archived to your departmental Piratedrive.
  2. Contact your departmental Piratedrive administrator to create a project folder with the appropriate rights for your REDCap project.
  3. Export all data from REDCap to your project folder in Piratedrive.
  4. Verify the data has been copied to the Piratedrive project folder.
  5. Delete the project from REDCap and make sure you delete any copies you may have exported to your device (computer, tablet, etc.).
  6. Contact the Office of Institutional Integrity at to update your HIPAA system.