November 30, 2021
Can we grant external users access to our REDCap projects?
Yes, external users, users without an Active Directory account, can be granted access.
Granting Accounts for Research Protocols: External access will only be granted to researchers, their staff listed as part of the study team on the research protocol approved by the IRB covering the Mass General Brigham institution, and study sponsors as required under a sponsored research project (ex., during a site visit or audit).
Mass General Brigham faculty requesting access for external users (ex: study coordinators, project managers, sponsors) must be a PI or Co-PI on the approved protocol listed in Insight.
Granting Accounts for for Non-Research Projects (ex: QI): Under limited circumstances, an EDC System Administrator may approve access for an External User not listed on an IRB approved protocol if alternate training, compliance methods and controls are identified and implemented which provide adequate protection to confidential data consistent with all applicable legal requirements. Senior Administrators can request these accounts by providing a business justification and, where PHI is being collected or accessed, supporting documentation of the protections in place (training, user rights assignments) to ensure confidentiality and security of the data.
EDC User Agreement Process
1) To request a new external user, Researchers access the new Request Form.
2) For single user requests, the external user name and email is entered into the form.
- For multiple user requests, the requester will upload the excel file. A REDCap Admin will import that file to create individual records.
3) An automated invitation is emailed to each external user to review their information and electronically sign the External User Agreement.
4) The Email Notification Plugin is use to notify firstname.lastname@example.org / REDCap Admin and the requester when an external user signs an agreement.
5) A REDCap Admin will review the request and create External REDCap User Accounts. This may take 2-5 business days.
6) The Email Notification Plugin will alert the requester and the PI that a new user account has been created. The email will include the username. The requester can then add the username to their projects and assign user rights.
The PI does not need to sign each agreement individually and instead are notified when access is granted. The PI can respond to the email to deny access as needed or ask questions about the access.