Securing Protected Health Information (PHI) and Sensitive Data Collection
CB2 provides a secure application of REDCap and has all the necessary physical and operational securities in place to meet or exceed Federal and State security and privacy regulation for data transmission and storage. However, REDCap is web-based application and the projects are managed by YOU the project user. This means your project data can be accessed by users for which YOU grant and restrict access. Your project will be accessed via the internet which means it can be accessed from anywhere, including outside the UA network.
These steps will allow YOU to collect PHI and sensitive data securely:
1. NEVER share your REDCap Username and password.
REDCap users MUST NOT share or reveal their authentication methods to others. Sharing usernames and passwords means the authorized user assumes responsibility for actions that another party takes within REDCap. Providing IDs or passwords to unauthorized individuals is a BREACH OF CONFIDENTIALITY and is grounds for disciplinary action.
2. Access REDCap ONLY:
- on a secure network (ex: UA intranet, password protected wifi)
- from a UA workstation or encrypted, UA-approved mobile device (laptop, iPad)
3.Grant access ONLY to staff, researchers, and external collaborators:
- who are trained in protecting PHI
- who will access REDCap on secured networks and devices that comply with UA standards
4. Flag PHI and Sensitive Data fields as "Identifiers = Yes"
Run the "Check for Identifiers" module to review all your project variables
5. Group all contact information required to engage the participant on a separate Data Collection Instrument
Restrict access to this instrument in the User Rights > Data Entry Rights
Grant "NONE" access to ALL users except those users who need this information to follow-up with the participant
6. Grant "NONE" or "De-Identified" Export Access to project users.
Ensure that PHI sensitive data DOES NOT leave the secured REDCap database and is "accidentally" downloaded to a non-secured device