REDCap account holders are required:
- To disclose, receive, transmit, maintain or create data consistent with the electronic data collection policies of BILH and the requisite data use agreement.
- To collect such data pursuant to the Privacy Regulations and the Security Regulations under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations and guidance, all as amended from time to time (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009, and its implementing regulations and guidance issued by the Secretary, all as amended from time to time (“HITECH Act”); and the Massachusetts Privacy Act; and to abide by all guidelines provided by the IRB and BILH Information Systems, especially IS-04 (System Access, User and Application IDs).
- To store data for a single project and to not mix data from various projects so that access to the data can be successfully tracked and analyzed.
- To disclose personal information or private health information (PHI) only to those individuals who have a need to know such information in performance of their work and who have been trained according to the guidelines set for by BILH or as otherwise required by law.
- To comply with all applicable requirements under the Massachusetts Data Breach Notification Law set forth at M.G.L. Ch. 93H and the regulations promulgated thereunder, including without limitation 201 CMR 17 et seq., as the same may be amended from time to time and to report to BIDMC Office of Business Conduct any use or disclosure of the data not provided for by this Agreement of which it becomes aware, including without limitation, any disclosure of PHI to an unauthorized subcontractor, within two (2) days of its discovery.