REDCap - Research Electronic Data Capture

All users requesting new Virginia Tech REDCap accounts and projects must agree to the terms of the Virginia Tech REDCap user agreement. Electronic signatures (via DocuSign) will be initiated once access is requested.   

Responsibilities

Research Team Members (Principal Investigators, Investigators and Student Researchers) Responsibilities

Responsibilities associated with the conduct of human subjects research are detailed in the Virginia Tech Human Research Protection Program (HRPP) Standard Operating Procedure (SOP) HRPP-002.1 Researcher and Investigator Responsibilities. Additional responsibilities while using REDCap include the following:

• Individual researchers must complete security awareness training prior to being granted access to REDCap. This training must be updated every two years.
• Researchers must ensure that any export or sharing of human subject data from REDCap is conducted and implemented according to the IRB-approved study protocol.
• In accordance with the Virginia Tech Dealing with Data Exposures, anyone who has reason to suspect a potential data exposure should promptly report it to the appropriate Dean, Director, or Department Head.
• Individuals who become aware of an IT security incident must alert the IT Security Office by following instructions at this link: Report to IT Security Office. Remember, when in doubt, report it.
• Researchers must protect their username and system from unauthorized use and comply with the Virginia Tech Acceptable Use of Information Systems Policy.

Principal Investigator Responsibilities

The responsibilities held by principal investigators associated with the conduct of human subjects research is detailed in (SOP) HRPP-002.1 Researcher and Investigator Responsibilities. Additional principal investigator responsibilities while using REDCap include the following:

• Ensure that all members of the research team accessing participant data in REDCap have been added to the project personnel section in the Human Research Protection Program (HRPP) Institutional Review Board (IRB) Protocol Management System.
• Remove team members from the personnel section in the HRPP Protocol Management System and notify the REDCap User Support team when an individual’s access to data in REDCap requires termination.
• Designate the level of access (roles) within each project to research team members according to the principle of least privilege. This designation is documented via ServiceNow requests as detailed in the REDCap user guide. Note: that assigning the project owner role to a team member delegates/allows the individual to designate levels of access on behalf of the principal investigator. A project owner has unlimited access to the data and the ability to grant unlimited access to others. If a principal investigator wishes to be the sole person designating access to project data in REDCap, they must be the sole Project Owner.
• Ensure that the approved protocol on file with Virginia Tech HRPP IRB contains accurate details regarding any planned export of data from REDCap.
• Obtain IRB approval (or determination from HRPP that the project does not meet the definition of human subject research) prior to collecting data in REDCap’s production mode.

Sanctions

Disciplinary procedures for those who fail to comply with security policies shall be in accordance with the Virginia Tech Faculty Handbook, the Virginia Tech Management Best Practice and the University Student Code of Conduct.

Faculty: Willful or negligent security violations are considered violations of professional ethics. Disciplinary actions include imposition of a graduated level of sanctions, including a severe sanction or dismissal for cause.

Staff: Willful or negligent security violations are considered Group 2 or Group 3 violations of the Standards of Conduct. Disciplinary actions are graduated and can include issuance of a Written Notice. The issuance of a Written Notice might also include suspension, transfer, demotion with a disciplinary salary action, or termination.

Wage Students: Graduate and undergraduate students who are student wage employees are considered “staff” and subject to compliance with the Standards of Conduct in the Virginia Department of Human Resources Management Policies disciplinary procedures.

Non-wage Students: For undergraduate and graduate students who are not wage employees, security violations are “university violations,” subject to disciplinary procedures of the University Student Conduct System. Disciplinary actions for infractions, noncompliance, or violations include actions that are graduated and include formal warning, restitution, probation, denial of privileges or associations, deferred sanctions, suspension from Virginia Tech, and dismissal.

Monitoring/Termination

I acknowledge my access to, and use of, REDCap will be monitored. I understand that my access privileges are subject to periodic review, revision, and, if appropriate, renewal or termination. I understand that my access to projects in REDCap is contingent on my Security Awareness Training being current and documented project IRB approval when applicable.

Click here to read and sign your user agreement