The code block below illustrates how one might use # and // as comments in your logic and calculations.

This value you provided is not a number. Please try again.

This value you provided is not an integer. Please try again.

The value entered is not a valid Vanderbilt Medical Record Number (i.e. 4- to 9-digit number, excluding leading zeros). Please try again.

The value you provided must be within the suggested range

The value you provided is outside the suggested range

This value is admissible, but you may wish to double check it.

The value entered must be a time value in the following format HH:MM within the range 00:00-23:59 (e.g., 04:32 or 23:19).

This field must be a 5 or 9 digit U.S. ZIP Code (like 94043). Please re-enter it now.

This field must be a 10 digit U.S. phone number (like 415 555 1212). Please re-enter it now.

This field must be a valid email address (like joe@user.com). Please re-enter it now.

The value you provided could not be validated because it does not follow the expected format. Please try again.

Required format:

P7Jgw9eKJ2BPp6LLLxT3r5xkVNotmZJIpVFPj

REDCap Mobile App -- API Token Pre-Approval Request

The REDCap Mobile app for iOS and Android can be used for data entry when one does not have access to reliable Internet connectivity.

The REDCap Mobile app uses one or more IU REDCap API tokens, 32-character hex strings, to authenticate to IU REDCap on behalf of a user. Each API token is specific to one person's privileges in a single IU REDCap project. If an API token is lost or stolen, then IU REDCap becomes vulnerable.

The purpose of the REDCap Mobile App -- API Token Request process is to reduce the risk of an IU REDCap API token becoming lost or stolen, as well as to reduce the risk of data on a mobile device being lost or stolen.

Please provide the information below and attest to the safety measures you are required to take to protect IU REDCap, your device, and your data.

By submitting this pre-approval request you are taking responsibility for the security of every device that uses any API tokens that are later approved.

If you would like to just test how the mobile app works, please send email to redcap@iu.edu instead of filling out this form.

First Name

* must provide value

Last Name

* must provide value

Street, City, State, Zip

Expand

Phone number

* must provide value

E-mail

* must provide value

Department

* must provide value

If you are not the principal investigator (PI) for this project, please provide the name, phone number, and email address of the PI.

Expand

What type of devices will you use?

* must provide value

Android

iOS

Approximately how many devices will you use?

* must provide value

Who will be responsible for maintaining the devices?

Please provide name, email, and phone number.

IU REDCap administrators will not be able to configure and maintain mobile devices. Typically departmental IT staff will maintain mobile devices.

* must provide value

Expand

Please provide a short description of the work that will be supported.

Please include how the mobile app will be used.

* must provide value

Expand

Why is the mobile app necessary or desired compared to using a web browser on a mobile device?

* must provide value

Lack of reliable Internet access

Want to save money on cell-based Internet access

Prefer mobile app interface

Other

PLEASE NOTE: You can use IU REDCap on smart phones and tablets without having to use the mobile app.

The IU REDCap mobile browser interface is easier to use and has more functionality than the REDCap mobile app.

Other reasons to use the mobile app for this work

Expand

What IU REDCap project (or projects) will be accessed by the mobile devices?

Please provide the project id(s) of the project(s). You can find the project id for a project by navigating to that project and looking in the URL for 'pid=NNNN', where NNNN would be the project id.

* must provide value

Expand

Will the device(s) store critical data, such as protected health information?

Critical data is defined as: "Inappropriate handling of this data could result in criminal or civil penalties, identity theft, personal financial loss, invasion of privacy, and/or unauthorized access to this type of information by an individual or many individuals."

* must provide value

Yes No

reset

Although each person using the mobile app will need to request their own API token, this pre-approval only needs to be requested once for each project (or set of related projects).

Please list about how many people will be requesting tokens for this project and, where possible, the names of the people who will be requesting tokens.

Expand

Each user of the mobile app will use their own API token to access IU REDCap.

Users will not share accounts in the mobile app and/or share the password for their mobile app account.

* must provide value

Yes No

reset

The API tokens used by the mobile app to authenticate to IU REDCap will not be shared with anyone nor stored anywhere besides in IU REDCap and in the mobile app.

* must provide value

Yes No

reset

The QR code used by the mobile app to transfer the API token from IU REDCap to the mobile app will not be copied or shared in any way, except by the QR reader in the mobile app.

* must provide value

Yes No

reset

When asking participants to self-enter data, the Lock-out feature of the REDCap mobile app will be used so that participants can not see other data.

* must provide value

Yes No

reset

Each user of the mobile app will be trained to protect their API token, to protect their QR code, to use only their own app account, to use the Lock-out feature when allowing patients to self enter data, and to follow any further institutional and/or department guidelines on protecting the security and privacy of data on mobile devices

* must provide value

Yes No

reset

The maintainers of the devices have read and will abide by Indiana University's Mobile Devices policy IT-12.1 (Mobile Device Security Standard) and any departmental mobile device policies relevant to the department sponsoring the use of the mobile devices.

The Indiana University Knowledge Base document How can I protect data on my mobile device? provides guidance on securing mobile devices.

The Indiana University Knowledge Base provides specific guidelines for Apple/iOS devices and Android devices.

* must provide value

Yes No

reset

The maintainers of the devices have read and will abide by any departmental policies related to mobile devices.

* must provide value

Yes No

reset

In accordance with IT-12.1 guidelines for devices storing critical data, devices will be protected with whole-device encryption.

* must provide value

Yes No

reset

In accordance with IT-12.1 guidelines for devices storing critical data, backups are not allowed to cloud services, such as iCloud, so backups will be turned off or directed at institutional services.

* must provide value

Yes No

reset

All security incidents involving the mobile device will be communicated to the IU REDCap administrators (redcap@iu.edu) and to Indiana University incident response (it-incident@iu.edu).

This includes compromised, unsecured, lost and/or stolen devices, API tokens, and QR codes.

* must provide value

Yes No

reset

Problems with devices will be escalated to departmental IT providers. Problems with the REDCap Mobile app will be escalated to the IU REDCap administrators (redcap@iu.edu).

* must provide value

Yes No

reset

All users will have met their specific research affiliate/institution mandated HIPAA training and research training before using the app.

* must provide value

Yes No

reset

When a user stops being associated with a project or when a device is disposed of in any way (sold, given, returned, exchanged), all REDCap data will be cleared from the device and the user's API token will be deleted from the IU REDCap project.

If a device has failed such that the REDCap app can no longer be opened in order to dispose of data, the device will be remotely wiped, if possible, or the device will be destroyed, using institutional services for device destruction, if available.

If destroying a device would void a desired warranty, the manufacturer of the device will be contacted to request that the device is destroyed after being returned or exchanged.

* must provide value

Yes No

reset

Which IT person or department have you conferred with to make sure that the devices that will host the API token(s) will follow all relevant policies?

* must provide value

You have selected an option that triggers this survey to end right now.

To save your responses and end the survey, click the 'End Survey' button below. If you have selected the wrong option by accident and/or wish to return to the survey, click the 'Return and Edit Response' button.