REDCap Storage Best Practices
REDCap Storage Best Practices for Backups
Backing Up REDCap Projects
You do not need to actively back up your REDCap project: The REDCap project instance is backed up regularly to support complete application recovery (all projects and project data) to its most current backup state. This will be used only in extreme cases, such as catastrophic system failure or irreparable database corruption affecting the entire system.
REDCap Administrators cannot undo individual project or data changes made to a project (or to project data) by a research team. Therefore, REDCap project users are responsible for managing and maintaining their own REDCap projects and each project’s accompanying data. See the following section, “Project Data Backups.” If a study team modifies or deletes data in a REDCap project, REDCap Administrators cannot restore that project to a point in time before the modification and/or deletion occurred.
The REDCap team uses UTORBackup services to back up the all the contents of the REDCap server as follows:
- Daily – incremental backup
- Monthly – full backup
There is a daily backup report.
Backing Up Your REDCap Project Data
The REDCap project user is responsible for understanding and adhering to policies and procedures for proper data handling, when exporting and/or storing project data.
Recommendation: Use REDCap’s Data Export Tool regularly to export your project before making major changes to it or to project data. While REDCap Administrators will confirm before approving changes to the study structure (for example, if there is an identified risk of label mismatch or data loss), perform certain actions with care, for example, such as a bulk data import.
When you use the Data Export Tool to export data, REDCap stores all data and syntax files.
Operational data protocol
REDCap Storage Practices
Storing Personally Identifiable Information in REDCap Projects
- Do not store direct identifiers in REDCap unless required for data matching purposes.
- Store only the minimum number of identifiers required in REDCap.
- In the project’s ethics application document the storage of identifiers in the project database. For projects that do not require REB (Research Ethics Board) approval, a Privacy Impact Assessment is required if the project collects identifiable healthcare information.
- Allocate a unique identifier for participant data. This identifier should not exist in any other system.
- In REDCap’s Online Designer, flag any personally identifiable information that is stored in REDCap.
- During the export process, remove or otherwise de-identify flagged identifiers in REDCap.
- If necessary, and depending on project needs, place identifiers on separate forms from less sensitive data. This enables configuring user rights so that only certain users can access the identifiers.
- Remove identifiers from the database when data matching and cleaning are complete. Identifiers are not required for analysis.
Storing Data Calculations in REDCap
When committing changes, REDCap forms with saved calculated field values do not automatically recalculate.
- Derive and confirm values in analysis.
- Re-save all forms with values to update stored values.
Modifying the Date Format of Stored Date Fields
You can change the date format of a field in a REDCap project without compromising the stored data. After modifying the format of the existing date fields, dates stored in the project are displayed in the new date format when viewed in the REDCap survey or form.
Storing Project Files in REDCap
You can use REDCap’s File Repository to store and retrieve project files and documents, such as protocols, instructions, and announcements.
Storing Project Data on the REDCap Mobile App
The REDCap mobile app stores data locally to facilitate data capture for a project when internet access is not available or reliable.
- To temporarily prevent access to the REDCap project data stored in the app, you can remotely lock out the user’s “REDCap Mobile App” user privileges on the User Rights page in the project.
Recommendation: Do this to temporarily secure the data in the app without deleting it.
- To permanently delete all data stored in the app, revoke or delete the user’s API token for the project.
Recommendation: Do this if the phone where the app is installed is either lost or stolen.
Additional Resources of Storage Best Practices for REDCap Users
Refer to the University of Toronto Resources on Storage Best Practices for Researchers for non-REDCap-specific best practices related to data storage covering such topics as:
- Data storage options
- Data security
- Data management plans
- Acquiring funding for research