Explore UAB

Colleges & Schools

Department of Medicine Heersink School of Medicine

REDCap FAQ

  • Is REDCap secure?
    Yes, REDCap itself is an NIH funded project and was originally developed by an Informatics team at Vanderbilt. It was designed with security in mind and can be used to collect and store the most sensitive data (HIPAA, FISMA, 21 CFR part 11). REDCap is now part of a worldwide highly active consortium. As of April 2021, REDCap is used by 1.7M users in over 5,021 institutions in over 141 countries. Close to 14,000 research papers utilizing REDCap have been published. Read the Technical Guidance produced by Vanderbilt REDCap team. Please note that no software itself is compliant rather the infrastructure onto which REDCap is installed must be evaluated for compliance. DOM IT has created a secure and compliant infrastructure to ensure that our REDCap instance is authorized by NIH, FDA, or even EU (for GDPR). Our system has been extensively validated by external third-party auditors and was approved (ATO) by NIH and FDA. While we have not validated against GDPR guidelines, we are confident that our system is ready for GDPR data and should be able to address any specific questions the governing body or the regulatory agency might have.

  • What has DOM IT done to protect data?
    DOM IT has done due diligence to have a trustworthy operation. Our whole infrastructure and operation have gone through multiple level of validation. Here is the historical timeline:
    2014: Purchased and configured a brand new VMware virtualized infrastructure. The entire design was modelled and conceived to host sensitive data.
    2015: Followed NIST 800-53 as a guideline, designed a layered security approach, adopted all applicable security controls, performed a risk assessment, and created required documentations including a roadmap for controls that we could not adopt immediately but added compensating controls. A secondary data center was built for replication.
    2015: UAB IT did a SANS Top 20 assessment and later a comprehensive assessment.
    2015: Authorization to Operate (ATO) was granted by UAB VP/Research and VP/IT
    2015: NIH/NIHLBI gave us an ATO - the first for a REDCap instance at UAB.
    2016: Annual Deliverables were submitted to NIH. NIH had no concerns about our operation but had very minor suggestions. DOM IT fulfilled and submitted those to NIH.
    2016: DOM IT presented at the REDCap Annual Conference. "Building A Trustworthy REDCap Infrastructure" was highly scored and won the 3rd place. Our work and methodology became a template for many reputable universities.
    2016-2017: HSIS, in conjunction with an external auditor, tw-Security, performed a comprehensive 360-degree assessment on DOM IT - from desktop to server room, from individual application to custom applications.
    2017: UAB IT performed another comprehensive risk assessment and found us to be compliant with all applicable policies and regulations.
    2018: The documents were reviewed by UAB Executives. ATO was once again given by VP/IT and VP/Research.
    2018: Annual Deliverables were submitted to NIH and NIH provided an ATO
    2019: UA System Internal Audit performed a risk assessment, based on 800-171 per NIH's new guidance, and found no issues with our operation.
    2019: UAB VP/Research gave us their ATO once again.
    2019: DOM IT engaged with a third-party auditor, JAF Consulting, to assess the e-Consent module, per FDA regulation, CFR21 part 11. 
    2019: The positive findings were submitted to FDA for their approval and authorization.
    2019 - Ongoing: DOM IT collaborated with UAB IT for penetration testing of systems to identify and correct vulnerabilities. Our system withstood active testing and the minor issues were resolved immediately. 
    2022: Verification of majority security controls to ensure they are properly in-place and working as expected.
    2023:     Assessment (NIST 800-171) by UA System Internal Audit. Positive and Satisfactory report.
    2023: Permanent ATO by UAB VP of Research and VP of IT.

  • Is there a charge for DOM REDCap service?
    Yes. DOM IT is a self-funded Service Center and technological solution partner. We depend on revenues from services like this to cover for our operation, salary, infrastructure, upgrades, and other expenses. However, as one of the most cost-effective providers, these charges are very minimal. For all projects, mandatory annual hosting fee applies. For projects that DOM IT team builds/designs, consulting fees also apply. Please read our REDCap Service Level Agreement (SLA) (v8.1 - 02/09/21) for detailed cost structure. Contact DOM IT REDCap (redcap@uab.edu) team for a cost estimate spreadsheet.

  • I am submitting a grant proposal and need an estimated cost of database support to include in the proposal. How can I get an estimate?
    We can help. Please contact Nazmul Islam (nislam@uab.edu) at DOM IT for cost estimation. Please be sure to consult with Nazmul or DOM IT before including IT related costs in the proposal in order to avoid cost discrepancies.

  • Do you provide a boilerplate information for my IRB or grant proposal?
    Yes, you will find helpful information here: REDCap Text for UAB IRB. If you need a more customized version, please contact DOM IT REDCap team (redcap@uab.edu). 

  • I need a Letter of Support (LOS) to submit to my funding agency. Can you help?
    Absolutely! Here is a template: DOM REDCap LOS. Please feel free to edit/include your research specific section and email to DOM IT (redcap@uab.edu or nislam@uab.edu) for official signed letterhead version.

  • Do I need IRB approval for my project?
    If your research study involves human subjects, you must have IRB approval before collecting real patient/subject data. While you can still request for a project or even start building the REDCap database, under no circumstances, will the database be put into production or allowed to collect/enter real (patient/study subject) data until you have proper IRB approval. Email redcap@uab.edu the final copy of IRB approval/amendment letters.

  • What are the terms and conditions to host a REDCap project with DOM IT?
    Please read our REDCap Service Level Agreement (SLA) (v8.1 - 02/09/21) carefully. It has very important information on various topics. Please pay attention to our cost structure.

  • How do I request for a new REDCap project with DOM IT?
    Fill out the REDCap Project Request Form. We will review and get back to you on an initial meeting.

  • I am a first time REDCap user. How do I log in?
    Because of security and compliance, each user must be explicitly authorized to login to our REDCap system. Have your PI email redcap@uab.edu with the BlazerID (UAB users) or E-mail Address (non-UAB user). Once you are whitelisted, you can follow the instructions in this tutorial, First Time DOM IT REDCap Access, to login to our REDCap system.

  • How do I request user access?
    Email redcap@uab.edu with the information below. Please note that PI approval will be needed for all access rights.
    UAB Users: Provide BlazerIDs and level of access
    non-UAB Users: Official Email address, Full name, Organization Name, PI's BlazerID, and Project Name and Link.

  • Do you offer any training on REDCap?
    Yes, but watch these REDCap short and helpful videos first. If you still need training, request for formal training here. Refer to our SLA for training cost.

  • How do I cite REDCap for my publication?
    If you publish any work for which REDCap was used, you must cite in study manuscripts REDCap as the data collection and management. This is per our agreement with Vanderbilt (REDCap Owner). We recommend the following boilerplate language:

    "Study data were collected and managed using REDCap electronic data capture tools hosted at UAB Department of Medicine IT (DOM IT).1,2 REDCap (Research Electronic Data Capture) is a secure, web-based software platform designed to support data capture for research studies, providing 1) an intuitive interface for validated data capture; 2) audit trails for tracking data manipulation and export procedures; 3) automated export procedures for seamless data downloads to common statistical packages; and 4) procedures for data integration and interoperability with external sources.

    1PA Harris, R Taylor, R Thielke, J Payne, N Gonzalez, JG. Conde, Research electronic data capture (REDCap) – A metadata-driven methodology and workflow process for providing translational research informatics support, J Biomed Inform. 2009 Apr;42(2):377-81.

    2PA Harris, R Taylor, BL Minor, V Elliott, M Fernandez, L O’Neal, L McLeod, G Delacqua, F Delacqua, J Kirby, SN Duda, REDCap Consortium, The REDCap consortium: Building an international community of software partners, J Biomed Inform. 2019 May 9 [doi: 10.1016/j.jbi.2019.103208]

    Link to articles:
    http://www.sciencedirect.com/science/article/pii/S1532046408001226
    https://www.sciencedirect.com/science/article/pii/S1532046419301261"