REDCap User Process
Overview of Process
When a database is nearing production, your DMCC Project Manager (PM) will reach out to gather all the study team members who will need access to your database. For efficiency, usually the DMCC PM works directly with the Consortia PM to collect users from every site using the User Log Template (requires RDCRN credentials). See below for visual of how this process typically works.
Expectations of Study Team and Principal Investigator (PI)
The PI is ultimately responsible for all study conduct, including delegating study tasks and roles as well as that study staff are appropriately trained. See below for PI expectations:
IRB approval obtained - the protocol is IRB approved by the single IRB and local IRBs/Ethics Boards (for international sites) before study procedures, such as data collection/entry take place. This includes updating legacy protocols with DMCC transition language before new data is entered in the database.
REDCap users trained - Users must be appropriately trained on the protocol. Anyone who will access the database needs to be trained on the protocol specific REDCap database before being given access by the DMCC. These trainings are posted on the RDCRN Members Page; your DMCC Project Manager or Consortium Project Manager will assist in providing instruction regarding these trainings.
REDCap users on Delegation of Authority Log - Users must be delegated tasks appropriately for their role (i.e. data entry for those who will need access to modify data in the database) and this must be reflected on the Delegation of Authority Log in the regulatory binder.
Special considerations for “Broad Users” -
“Broad Access” means access to REDCap data across multiple sites in addition to one’s home site’s data; typical roles for this access type include: Consortium Project Manager, Statistician, Data Analyst. When requesting this type of access for yourself or another study team member, please keep in mind:
The consent and protocol must be written in such a way that permits the sharing of PHI with collaborators across sites (if PHI is entered into REDCap database)
The appropriate legal documentation (e.g. DUA, DHA) should be in place between the DMCC and the individual sites
The user receiving broad access is listed on the protocol Delegation of Authority Log and has been delegated this type of role/access (e.g. statistician/data analyst)
Study personnel who have write/edit access for site-level data for all sites participating in a study must have the authorization from the protocol PIs at each site to have write/edit access to their site-level data. To ensure that this authorization is in place, the protocol must include a statement specifying the role(s) of the individual with such access. The specific individual(s) fulfilling that role must be included on the Delegation of Authority log at the site where the individual(s) requiring write/edit access are based.
The provision of broad access to this user must comply with your consortium’s data sharing processes/policies (e.g. executive committee approval was obtained/documented by consortium administrative core, DUAs within the consortium)
Subsequent users (i.e. users added after initial user gathering process at database launch) – The Consortium/Site PI or Consortium PM may request that users be added after the initial user list is obtained. It understood by the DMCC that the above expectations were considered by the consortium study team when adding subsequent users.
Explanation of User Log and Standard User Roles
Link to REDCap user list template (requires RDCRN credentials).
Site Information Workbook:
IRB Approval - The DMCC wants to ensure that the protocol and ICF are approved by the single IRB/each non-relying site’s IRB before allowing the any users at that site to enter new data. Please document all sites on this workbook and note whether or not the site has received IRB approval. Users will not be granted access to the database prior to IRB approval.
Note: If the spreadsheet is filled out for testing purposes, prior to sites being IRB approved, users will be granted access to a “Tester” group in REDCap. Once testing is complete, the database will be wiped of test data. At that time, testers will not be granted access to enter real data until the respective IRB has approved the study.
REDCap Users Workbook:
Listed below are the standard user roles in which a study team member can have in a REDCap project. Select the appropriate role for each person on the spreadsheet:
Clinical Research Coordinator – enters/modifies data, can export data, create reports, and resolves queries for their site only
Project Manager – someone who may need access to all sites’ data (potentially via export) and may or may not be entering data (explain in ‘Notes Column’ on User Log spreadsheet)
Investigator – read only access, can export data, create reports, for their site only
Read Only – read only access to their site only
Statistician – read only to all sites, report/export rights
Other – any other type of user not listed above. Please specify if the user needs the following abilities in the ‘Notes Column’ on the User Log spreadsheet:
edit/modify data (all forms, or specific forms only; if specific forms, state which forms)
export data
create reports
access all sites' data (default is that user can only access their own site’s data)
User Removal Process
The Consortium PM (CPM) should communicate with the DMCC PM or Data Manager (DM) anytime a user should no longer have access to a study database (i.e. user no longer works on a particular protocol, or has left the site). For security and compliance purposes, the DMCC PM will work with the CPM to review database access for active databases every six months – by the end of the month in January and July. If users should have access revoked, DM will “suspend” the user, so they can no longer access the database but a record of their previous access will be maintained.