How Can We Help?
- Review and confirm all PHI fields in your REDCap project has been marked as identifier prior to requesting project to be moved to production status (This step is necessary in order to be able to export de-identified data from REDCap)
- Always download de-identified data from REDCap using the de-identification options unless identified data is necessary
- It is the Investigator’s responsibility to ensure their REDCap project users have been added to their IRB’s study team member list
- It is the Investigator’s responsibility to ensure data sharing with outside collaborators is approved by the IRB prior to sharing
- It is the Investigator’s responsibility to confirm there is a HIPAA Associate Agreement or B
- UAMS BOX is the approved channel to share identified or de-identified data
- While email is discouraged to be used for sending identified or de-identified data, if data must be sent by email, “#secure” must be used to start the subject line so that it is encrypted and the recipient email must not be a personal email address(e.g. gmail.com, yahoo.com)
- If identified data must be downloaded and stored outside of departmental file servers, a computer with an encrypted hard drive or an encrypted USB drive that is compliant with UAMS security standards must be used
