| Scope | CU Anschutz REDCap instance |
| Last modified | June 5, 2026 |
The REDCap license is granted to our institution under the agreement that it is used for non-commercial research purposes. Non-commercial research purposes are defined in the agreement with the verbiage below.
1.6 “Non-Commercial Research Purposes” means for internal research, internal operations and internal educational purposes only, which research, operational or educational uses are to be conducted by Licensee in a manner consistent with its tax-exempt status and may include research funded by commercial (for profit) organizations, but shall not include use of the Software as the basis for providing a contract or other services to any entity.
Therefore, projects on the University of Colorado Anschutz (CU Anschutz) instance of REDCap are never permitted to be used for commercial purposes.1
Under this agreement, CU Anschutz REDCap is not permitted to host projects on behalf of organizations or institutions outside of the Colorado Clinical and Translational Sciences Institute (CCTSI) affiliates other than for the purposes of research collaborations with CCTSI affiliates.1
CU Anschutz REDCap projects are never permitted to be used for direct patient care workflows.2 CU Anschutz REDCap should be a secondary consumer of data that only affects patient care through scientific advancement and discovery but should not be part of any specific patient diagnostic or care workflow.
Projects on the CU Anschutz instance of REDCap are never permitted to be for personal use.1,2 Personal use includes leveraging REDCap for any strictly personal or external project that does not directly relate to responsibilities associated with CCTSI affiliate institutions or their research. Leveraging CU Anschutz REDCap for personal use would be a misuse of company resources, including the hardware and staff support required to support the instance, and a violation of the agreement with Vanderbilt University Medical Center (VUMC).
Below is a list of use cases for the CU Anschutz instance of REDCap that are generally accepted under the assumption that the other requirements described in this policy have been met.
| PROJECT TYPE | DEFINITION |
| IRB/COMIRB reviewed research protocol | A research study that has been formally reviewed and approved (or exempted) by an Institutional Review Board (IRB), such as COMIRB. |
| Quality improvement or patient safety project | A project intended to improve local processes, workflows, care quality, or safety, rather than to generate generalizable research findings. |
| Operational support project | A project that supports day‑to‑day institutional operations, systems, or administrative functions. |
| Educational project or student research project | A project conducted primarily for training or educational purposes. Includes non-research test or demo projects created solely to better understand REDCap functionality, features, or administrative/research workflows. |
| Community engagement project | A project conducted in partnership with a community group, organization, or population, often emphasizing collaboration or outreach. |
| CCTSI core project | A project intended to support operational, mentorship, or research activities for the CCTSI. |
| Compass project | A non-IRB project in support of Health Data Compass (HDC) activities. |
In summary, acceptable use of the CU Anschutz instance of REDCap must meet the following requirements:
- The project is directly related to work at one of the CCTSI affiliate institutions (list found here).1
- The purpose of the project shall not be for commercial purposes.1
- The project shall not be used to provide REDCap hosting services to external organizations, except where the project purpose is directly related to an active research collaboration with a CCTSI affiliate institution.1
- The project shall not be used for direct patient care workflows.2
- The project shall not be leveraged for personal use.1,2
Outside of the requirements outlined above, additional considerations apply to ensure feasibility and long-term success of a project. REDCap is designed to support research data collection and management; however, it is not intended to function as a high-volume data repository or file storage platform. Projects that involve exceptionally large datasets or extensive file uploads (e.g., imaging, large documents, or media) may exceed the intended use and technical capabilities of the system. Such projects may be deemed unsuitable for REDCap and may require alternative solutions.
If there is uncertainty regarding whether a project is appropriate for CU Anschutz REDCap, users must consult with the REDCap support team prior to project creation or data collection by submitting a ticket in the Help Center. Projects will be assessed on a case-by-case basis to determine compliance with system policy and overall feasibility, including additional project-specific factors that may not be explicitly addressed in this policy. If REDCap administrators determine that the project is not appropriate for CU Anschutz REDCap, they may assist in evaluating project requirements to offer recommendations, such as a more suitable data collection or file storage platform.
The policy above is intended only as a description of the project types which qualify as acceptable uses of the CU Anschutz REDCap application and may therefore be accepted by the REDCap administrators. It is the responsibility of the project owner and/or associated team members to ensure that their intended use meets any additional criteria required by other departments for access to organizational resources. Questions regarding IRB review, data ownership, data use agreements, and/or other research-related cross-institutional agreements should be directed to the Colorado Multiple Institutional Review Board (COMIRB), the relevant CCTSI affiliate review board, or any other governing regulatory bodies overseeing the study.
Violations & Consequences
Upon violation of this policy, the individual who created the project is considered the responsible party. If the REDCap support team finds that a user is in violation of this policy, they will receive the following consequences.
- First offense: On the first violation, the user will receive a warning and the REDCap support team will make a good faith attempt to resolve non-compliance with the user. If non-compliance cannot be addressed, or is not addressed in a timely manner, the project will be scheduled for deletion. Once the project is scheduled for deletion, the user will be given 1 business day to download the necessary data to continue their project on a more appropriate platform. The user will be required to sign an agreement confirming that they have read this policy and will not violate it in the future.
- In the event that the user responsible for creation of the project is no longer an active user, no specific user will receive an offense, but all active users on the relevant project will be contacted regarding non-compliance. This outreach will begin the steps outlined above.
- Second offense: On a second offense, the REDCap support team will take immediate action to suspend the user for 30 days, revoke access to the project which is in violation of acceptable use, and the project will be scheduled for deletion. The REDCap support team will use discretion in determining whether providing a minimal backup of the data is appropriate. The REDCap support team will schedule a brief meeting with the user to address any misunderstanding of the policy and to advise them of the consequences if they commit additional violations. Following this meeting, the user will be required to sign an agreement confirming that they have read this policy and will not violate it in the future. Notification of the violation will be provided to appropriate CU Anschutz leadership, as determined by the nature and context of the offense.
- Third offense: Any subsequent violation will result in permanent suspension of the user's account unless otherwise instructed by CU Anschutz leadership. Notification of the violation will be provided to appropriate CU Anschutz leadership, as determined by the nature and context of the offense.
This policy described above is a combination of requirements per the license agreement with VUMC in addition to policies established internally for our institution.
1Requirements per the Vanderbilt University Medical Center (VUMC) license agreement
2Requirements per internal policy
The CU Anschutz CCTSI Director of Research Informatics has approved this policy. A signed version of this document is kept on record with the REDCap administrators.
|
Relevant resources: |