REDCap is a secure web application for building and managing online data collections and surveys and is commonly used worldwide. The tool was developed and is maintained by Vanderbilt University.

Most academic and research institutions offer REDCap as a support service based on a cost recovery model or free of charge depending on the institution and the intended usage.
The Centre for Advanced Computing (CAC) at Queen’s University hosts many REDCap instances for the different faculties and departments. The hosting and consultation services are free for all Queen’s University affiliated researchers, but this is subject to change. Development support is also available but offered at cost.

If you are a primary investigator, contact your department to see if there is already a dedicated instance available. If not, then you can submit a CAC Intake Form to request a new instance.
If you are a research associate or a student, contact your primary investigator to request an account.
Once an instance has been provisioned and a user account has been created, you can access REDCap through a web browser using the URL and user login provided to you through the signup email notification.
For grant applications and research publications, make sure to cite REDCap. You can contact the CAC for more information about proper citation.

CAC Intake Form

Most REDCap features are available through a user interface, so programming skills are not necessary for basic tasks.

Yes, REDCap supports longitudinal studies, which allow you to collect data from the same participants over time. The tool also supports multi-site studies through data access groups (DAGs) to restrict data access across sites.

Yes, REDCap provides various options to export your data in formats compatible with statistical analysis software like Excel, SPSS, and R.

Yes, REDCap supports collaborative research efforts by allowing multiple users to access, enter, and manage data while maintaining appropriate access restrictions.

Yes, there are mobile apps available for both iOS and Android devices to allow users to complete surveys and forms offline. Users can also complete surveys and forms online through a web browser with a link.

You can store PHI in REDCap if you follow HIPAA regulations and implement the necessary safeguards to ensure the privacy and security of the data. REDCap can be configured to be HIPAA-compliant, but it requires careful setup and adherence to Health Canada guidelines to ensure the security and privacy of protected health information (PHI). Achieving HIPAA compliance is a complex process and involves more than just the tool itself. It involves a combination of technical measures, administrative practices, and staff training to ensure the security and privacy of PHI. You can consult with your institution's compliance experts for more information.

• Data in transit is always encrypted.
  • Clients use HTTPS to interact with the tool through the web browser and have to authenticate via the web application’s login mechanism. TLS is used to handle HTTPS encryption. The website’s SSL certificate uses Enhanced Validation, which is approved by Queen’s University and signed by Entrust.
  • CAC administrators use SSH for server configuration. Access is only allowed on-site to keep traffic within the secure CAC data center only and authentication is conducted via local system accounts. SSH also provides encryption for data in transit.
• For greater security, the REDCap web application runs on a separate host from the database with a firewall enabling communication between web server and the database. The firewall ensures that all traffic is blocked except the ports necessary for users to access the website and CAC administrators to access the servers. A TSM backup client is installed and uses TLS to send backup data encrypted to the backup server.
• This setup, as a whole, complies with the best practices in the industry.

REDCap emphasizes data security and offers user access control, in-transit data encryption, and audits to ensure the confidentiality of your data. It also supports at-rest data encryption, but administrators have to configure this based on user requirements.