Research data management and security

What type of data can I store in REDCap?

REDCap has been approved to by the Information Governance Office to store data classified as ‘highly restricted’. For more information on the term ‘highly restricted’ please see the Information security classification and secure information handling SOP.

However, it is still recommended that you do not store any identifying information alongside the clinical data you collect and that you keep your research data linked anonymised. For more support, please see the information governance pages.

Capturing sensitive data in REDCap

At present the University of Manchester REDCap Service is not suitable for collecting personal/sensitive data which contains identifiable information. It is worth questioning what data needs to be collected and why? e.g. is it necessary to collect the full date of birth or would year of birth suffice?

If there is a justifiable reasons for acquiring personal/sensitive data with identifiable information can it be separated from the actual research data collected using REDCap using anonymisation/pseudo-anonymisation methods.

How secure is REDCap?

The REDCap server has been pen-tested twice by an external security company. Any vulnerabilities identified were then fixed. The University of Manchester’s IT Security team have also undertaken multiple vulnerability scans of the REDCap server.