Boilerplate Language
The following Security Description can be incorporated into your data storage and protection plan.
This includes:
The following Security Description can be incorporated into your data storage and protection plan.
Data for this study will be collected, recorded and stored using REDCap (Research Electronic Data Capture). REDCap is a secure, web application designed to support data capture for research studies. It includes features for HIPAA compliance including real-time data entry validation (e.g. for data types and range checks), a full audit trail, user-based privileges, de-identified data export mechanism to statistical packages (SPSS, SAS, Stata and R), and encryption. Access to study data in REDCap will be restricted to the members of the study team with password-protected authentication.
The REDCap database and web server are housed on secure platforms behind the institutional firewall. REDCap meets the security standards for use with high risk data as set forth by the Yale Information Security Office.
REDCap (Research Electronic Data Capture) is a secure, HIPAA-compliant system originally developed at Vanderbilt (www.project-redcap.org) with collaboration from a consortium of worldwide institutional partners including Yale University and Yale New Haven Health (YNHH).
It has the following data security and protection features:
All Yale/YNHH servers meets the requirements for storage of ePHI.
The HIPAA Security Rule establishes the standards to protect electronic personal health information (ePHI) that is created, received, used, or maintained by a covered entity. Contact the HIPAA Privacy Office for more information about the requirements for HIPAA compliance.
The 21 CFR Part 11 Validated REDCap server at Yale New Haven Health can be used to store and process data that is subject to FDA regulations.
To obtain access, submit a request through Data System Triage.
REDCap is 21 CFR Part 11 ready. This means that REDCap meets the technical software specifications that are described in the regulations. However, in order to be fully compliant, the entire environment, i.e. the people, procedures, and documentation, must also follow the requirements found under Part 11 regulations. This includes validation procedures, documented standard operation procedures and processes from the REDCap support team AND the study team.
The University Servers (REDCap I and REDCap II) can be used to store and process data that is subject to GDPR. To obtain access, submit a request through Data System Triage.
The General Data Protection Regulation (GDPR) is a European law that established protections for privacy and security of personal data .
Note: In order to be fully compliant, you (the Principal Investigator) and your institution (Yale University) must implement safeguards that comply with GDPR. The University Privacy Office is available for assistance.
REDCap systems are managed to meet the security requirements for collecting high risk data as set forth by the Yale Information Security Office.