HIPAA Capability & Security

Illinois REDCap is among the systems and services that meet requirements established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by offering a variety of security measures, such as customizable user rights, activity logging, data history, and single-click removal of identifiers at export. It is an ideal system for collecting Protected Health Information (PHI) and other high risk or sensitive data, such as financial information or criminal activity.

User Requirements

Illinois REDCap is HIPAA capable. Part of being HIPAA compliant requires that users conduct certain practices, such as limiting access to and restricting export of high-risk data. As such, part of what makes Illinois REDCap HIPAA compliant is the appropriate data collection and management practices of Illinois REDCap users, even those not collecting high risk data.

Protecting High Risk Data

When completing the REDCap user agreement, you will be asked to verify that you have read and agree to abide by the terms outlined in Protecting High Risk Data. Completing the REDCap user agreement is the first step in accessing Illinois REDCap.

HIPAA Training

All Illinois REDCap users must complete annual HIPAA training and abide by the Protecting High Risk Data document no matter the classification of their project data.

HIPAA training is administered by the U of I System. Training is coordinated so that most people are only required to complete HIPAA training once per year. However, some users may be required to complete HIPAA training more than once in a year if their access requirements change. Failure to complete the annual training may result in a suspension of Illinois REDCap access until training is completed.

Accessing HIPAA Training

  1. Complete the Illinois REDCap User Request Form. If you belong to a HIPAA-covered component (e.g., School of Social Work) and/or have already completed U of I System HIPAA training, you will have the option to upload your HIPAA training completion certificate.
  2. Look for an email from the REDCap administrative team within an hour of submitting the Illinois REDCap User Request Form.
  3. Follow the email instructions and link to access and complete the U of I System HIPAA training (approx. 1.5 hours)
  4. Save and email your HIPAA training completion certificate to redcap-admin@illinois.edu.

Upon receipt of your HIPAA training completion certificate, the IHSI REDCap team will grant you Illinois REDCap access (may take up to two business days). You may then complete the remaining steps in accessing Illinois REDCap.

HIPAA Health Insurance Portability & Accountability Act