REDCap users must adhere to all policies and procedures set forth in the BILH Organizational Policies, Procedures, Guidelines & Directives (PPGD). This includes, but is not limited to, policies supporting the proper use and safeguarding of PHI, Code of Conduct, IS account security reminders, and password management guidelines, as well as state and federal mandates such as the Massachusetts Privacy Act and the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").
In addition, there are two sets of guidelines that might impact a smaller subset of data collection efforts utilizing REDCap:
21 Part 11 is the common name for the FDA regulations regarding electronic records and signatures. Compliance is required for FDA-regulated research. FDA-regulated research includes not only all study data that will be submitted to the FDA (such as drug and device approval trials), but also may include studies that do not anticipate submitting data to the FDA but are using an FDA regulated device. If there are no immediate plans to submit study data to the FDA, but study data may be used as supporting evidence in a future FDA submission, then the data collection effort should also be 21 Part 11 compliant.
GDPR, or the General Data Protection Regulation, are laws regarding data protection and privacy adopted by both the European Union (EU) and the United Kingdom (UK). It requires consent to ask questions on protected categories of data, and outlines a "right to erasure".
Please see the articles posted at left for additional information.