REsearch Data CAPture
rED Cap is a GXP validated web-based product developed by Biostat International, Inc. for managing multi-site clinical research studies securely and safely over the Internet.
Makes sure that all communications between our clients and our server are encrypted using strong 128-bit SSL certificate. No account information, documents or data are transmitted over the Internet without our string 128-bit SSL encryption
- Facilitates secure protocol configuration, study events and visit management, design of electronic Case Report Forms (e-CRFs), annotated e-CRFs, subject profiles.
- Provides tools for dynamic and interactive entry validation, dynamic data flow controls based on entered data and automatic calculated fields.
- Has sophisticated and dynamic flags and status icons that makes it simple and intuitive to use and manage.
- Provides tools for queries and query resolutions, data query management tracking, convenient and centralized query workflow via the Query Station.
- Provides tools for double data entry for paper CRFs, blinded third-party entry, and management of unscheduled visits for observational studies.
- Provides tools for data transfer from other DBMS for retrospective research and data rescue.
- Provides controlled eCRF for customized PHI entry without risk of inadvertent export.
- Report Station for viewing in HTML or EXCEL of dynamic standard and customized reports.
- Facilitates secure document exchanges, user and user role management and dynamic reporting using standard web browsers.
- Provides tools to manage product inventory and project management data from study sites with ability to interact with eCRF for validation of entries.
- Export study definition and/or study data into ODM XML format or Excel data sets; import of external data into eCRF.
- Recent Web Browser: (on Chrome 10+, IE7+, Firefox 3+, Safari 5
- Works on PC, MAC, IPAD and mobile technologies.
HIPAA Privacy & Security Best Practices
In rED Cap all privacy and security provisions of the HIPAA guidelines are carefully addressed. These provisions are implemented in the system using a number of key technologies and best practices:
- Secure Login: The application uses the industry standard to authenticate the identity of users that log into the system.
- The application fully supports configurable password aging. It supports hacking detection by disabling the access for a configurable amount of time after a series of consecutive failed logins.
- Encrypted Passwords: The application uses the industry standard SHA1 hash to protect user passwords. Each user is assigned a unique activation code and a user must explicitly activate the account and set the password.
- Secure Connection: Using HTTPS and SSL in the server with a strong 128-bit SSL certificate.
- All database updates and changes are logged using an application-level logging API.
- Security Roles & Permissions: A permission system is implemented at both the server level (protecting the application) and at the application level (protecting specific functions), regulating access to only the authorized users and roles.
- Secure Firewall: The application is deployed with placement of the database server behind the firewall on the network to protect access from the outside.
- Confidentiality Agreements: All BSI developers and employees are required to sign a confidentiality agreement, acknowledging they understand and continue to follow all company security policies.
- Audit trails: The system captures and logs all activities and events. It has about 130 events that it tracks. All activities are logged in the database for easy audit, analysis and report.
- Tracking document uploads and downloads: The system captures, stores and allows reporting of all uploads and downloads. User name, user’s browser, user’s Internet IP, date and time, exact action taken. All is available for auditing.