IRB Comes First!

  • Protecting PHI in REDCap is part of the larger picture of protecting sensitive participant information

  • The IRB’s job is to protect patients and their information

  • Adhering to your IRB protocol is first and foremost for protecting your patient’s data

  • All, some, or none of the material here maybe relevant to your particular project

  • When in doubt, please always refer your IRB and IRB protocol to ensure you are properly protecting sensitive patient information

Traditional Research Protections for PHI

  • PHI Protection: Collect only PHI that is necessary and separate PHI from study data and responses (de-identify)

  • Traditionally this could be accomplished in a number of ways

    • Physical file location for sensitive PHI separate from digital files of study data.

      • Locked cabinet in locked office with limited researcher access

    • Password protected separate excel document of PHI information on locked server, with limited user access

  • While necessary, this could have been cumbersome to maintain patient information in more than one location.

REDCap has created tools to allow you to digitally separate PHI from patient responses with in a project. There are steps necessary to protect patient data in this way.

2 Ways PHI Needs To Be Protected In REDCap

  • Protection from access outside REDCap (Exporting)

    • Limiting who can export what identifying information

  • Protection from access inside REDCap

    • Limit who can seeing PHI linked to responses and health information

      • IMPORTANT: Patient data shows up in logging information as well

image1.PNGimage2.PNG

Protecting PHI From Being Exported

  • PHI must be marked as an identifier

  • This must be done for each variable that would be considered PHI.

  • Remember dates are PHI

    • However we usually need dates for analysis (more later)

    • Validate dates as dates

image3.PNG

Separate PHI Variables Into Their Own Form(s)

  • Separate PHI into its own form so it can be given special access

  • Other demographics that are not PHI will likely need to be put in their own form

image4.PNG

Decide Upon and Assign User rights

  • Decide who on your team can have access to PHI (according to IRB protocol)

  • One person will need to have full access to PHI

    • This role is often the PI

  • Restrict user access to PHI in the User Rights Application

    • Can be done individually for each user or with Roles

Full Access

PI usually or clinical coordinator

image5.PNG

PHI Restricted Access

  • No access to the PHI form

  • Remove access to:

    • Project Design and Setup

    • User Rights

    • Data Access Groups

    • Add edit Reports

    • Stats and Charts

    • Logging

  • Works best after development is completely finished

image6.PNG

PHI Restricted Access

  • Data exports two options of de-identified data

    • De-Identified removes:

      • All tagged ID fields

      • All free-form text fields

      • All dates

        • Unless date shifted (more later)

    • Remove all tagged ID fields

      • Removes only tagged ID fields

      • Leave free-form text fields

      • Option to export as date shifted but not forced to

image7.PNG
image8.PNG

image9.PNG

What Is Date Shifting?

  • Because dates are PHI and we often need dates for analysis, date shifting de-identifies your dates.

  • Date shifting will not affect the actual saved dates in the project.

  • Shifts the dates in their resulting format when performing a data export in REDCap

  • Shifted amount (offset) will always be the same for each record when performing a data export.

  • The dates are shifted back in time up to 364 days

image10.PNG

Export Options

  • Full Access options

    • Can remove dates

    • Can shift them

    • Can choose neither

    • Can remove tagged ID fields or no or not

    • Can has the record ID or not

image10.PNG

Export Options

  • De-identified options

    • Must remove dates or Shift dates

    • Must remove unvalidated text fields

    • Must remove Notes/Essay box fields

    • Must remove all tagged identifier fields

image11.PNG