About rED Cap

REsearch Data CAPture

Adaptable Affordable

 rED Cap is a GXP validated web-based product developed by Biostat International, Inc. for managing multi-site clinical research studies securely and safely over the Internet.

reddot  Compliant with  21CFR Part 11

reddot  Supports HIPAA guidelines

reddot  It is designed as a standard-based, extensible platform. In particular, it is ODM v1.2.1 and ODM v1.3.1 compliant Clinical Data Warehouse.

reddot  Makes sure that all communications between our clients and our server are encrypted using strong 128-bit SSL certificate. No account information, documents or data are transmitted over the Internet without our string 128-bit SSL encryption

reddot  Has advanced web-based user profile and dynamic user permission management facilities. The server is protected by an enterprise network security firewall.


  • Facilitates secure protocol configuration, study events and visit management, design of electronic Case Report Forms (e-CRFs), annotated e-CRFs, subject profiles.
  • Provides tools for dynamic and interactive entry validation, dynamic data flow controls based on entered data and automatic calculated fields.
  • Has sophisticated and dynamic flags and status icons that makes it simple and intuitive to use and manage.
  • Provides tools for queries and query resolutions, data query management tracking, convenient and centralized query workflow via the Query Station.
  • Provides tools for double data entry for paper CRFs, blinded third-party entry, and management of unscheduled visits for observational studies.
  • Provides tools for data transfer from other DBMS for retrospective research and data rescue.
  • Provides controlled eCRF for customized PHI entry without risk of inadvertent export.
  • Report Station for viewing in HTML or EXCEL of dynamic standard and customized reports.
  • Facilitates secure document exchanges, user and user role management and dynamic reporting using standard web browsers.
  • Provides tools to manage product inventory and project management data from study sites with ability to interact with eCRF for validation of entries.
  • Export study definition and/or study data into ODM XML format or Excel data sets; import of external data into eCRF.

User Requirements:

  • Recent Web Browser: (on Chrome 10+, IE7+, Firefox 3+, Safari 5
  • Works on PC, MAC, IPAD and mobile technologies.

HIPAA Privacy & Security Best Practices

In rED Cap  all privacy and security provisions of the HIPAA guidelines are carefully addressed. These provisions are implemented in the system using a number of key technologies and best practices:

reddot  Authentication: Assurance of identity of person or originator of data.

  • Secure Login: The application uses the industry standard to authenticate the identity of users that log into the system.
  • The application fully supports configurable password aging. It supports hacking detection by disabling the access for a configurable amount of time after a series of consecutive failed logins.
  • Encrypted Passwords: The application uses the industry standard SHA1 hash to protect user passwords. Each user is assigned a unique activation code and a user must explicitly activate the account and set the password.
  • Secure Connection: Using HTTPS and SSL in the server with a strong 128-bit SSL certificate.

reddot  Integrity: Verify integrity and prevent unauthorized modification of data and documents.

  • All database updates and changes are logged using an application-level logging API.

reddot  Authorization: Ensure users have the permissions to perform certain actions.

  • Security Roles & Permissions: A permission system is implemented at both the server level (protecting the application) and at the application level (protecting specific functions), regulating access to only the authorized users and roles.

reddot  Availability: Ensure information is available to authorized parties.

  • Secure Firewall: The application is deployed with placement of the database server behind the firewall on the network to protect access from the outside.

reddot  Confidentiality: Protect data and documents from unauthorized disclosure.

  • Confidentiality Agreements: All BSI developers and employees are required to sign a confidentiality agreement, acknowledging they understand and continue to follow all company security policies.

reddot  Auditing: Track who, when, where, what and how accesses and updates to data and documents are made. Audit trails are stored in our secure database server.

  • Audit trails: The system captures and logs all activities and events. It has about 130 events that it tracks. All activities are logged in the database for easy audit, analysis and report.
  • Tracking document uploads and downloads: The system captures, stores and allows reporting of all uploads and downloads. User name, user’s browser, user’s Internet IP, date and time, exact action taken. All is available for auditing.