Access Controls
REDCap is a web application for building and managing online surveys and databases. REDCap has the functionality to ensure that users (applicable to both University of Manchester and non-University of Manchester staff) have access only to data and information that they are supposed to have. It is the responsibility of the users to ensure that this functionality is used to protect the research data and to adhere to good/best clinical practice.
In order to do this we have pulled together some information on how users can use the access control functionality within REDCap for their projects. If you are unsure about how to protect access to your data, particularly if the data is highly restricted or your research is a multicentre trial, please make sure you seek advice from the following departments/people:
To ensure that REDCap Users have access only to data that they are supposed to have access to, user privileges are used. Each user has their own account and the user account will only have access to the REDCap projects that they themselves have created other projects which other users have granted them access to.
User privileges exist at the project level and can be modified within any given project, by a member of the research team with the proper privileges accessing the project user rights page. Another feature which exists in REDCap is called data access groups (DAGs). This feature can be used to help segregate users and the data they enter by placing users into DAGs. This feature is entirely optional but it is especially recommended in certain situations, such as for multi institutional projects where the data entered by one institution should not be accessible or viewable by other institutions with access to that same project.
- It is the responsibility of the principal investigator, or somebody delegated by the principal investigator to manage and maintain these access levels.
- It is the responsibility of research IT to perform an annual audit to ensure the functionality provided in REDCap is being used by our staff to protect our data and our research participants.
- The recommended way in which researchers can record and monitor these access controls is via a delegation of duties log.
- Researchers can use this template or they can incorporate delegated REDCap duties into their existing delegation of duties log.
If the term delegation of duties log is a new term for your research team you can read more information about Good Clinical Practice, and find more information about delegation logs from IRAS including the IRAS template for a delegation log.