Encryption of a table in Redcap
197 views
Skip to first unread message
Seydou GORO
Oct 5, 2023, 11:47:08 AM10/5/23
to redcap open
Hello,
Thank you for accepting me in this group.
I'd like to know if it's possible to encrypt data in Redcap.
The regulations in my country (France) are very strict about this.
We have data in our various tables. There's a table where we have data on first and last names. And another table where we have information on the social security number. But all these tables must be encrypted. But later we'll need to link these tables to other tables. Is Redcap able to do this?
I'd like to know if it's possible to encrypt data in Redcap.
The regulations in my country (France) are very strict about this.
We have data in our various tables. There's a table where we have data on first and last names. And another table where we have information on the social security number. But all these tables must be encrypted. But later we'll need to link these tables to other tables. Is Redcap able to do this?
Roberto Ferreira
Oct 5, 2023, 11:58:13 AM10/5/23
to Seydou GORO, redcap open
Hi my friend,
Yes, it is possible, you can use an Action TAG to mask your data while it is inserted into REDCap, which is @PASSWORDMASK.
And when exporting the data, you can do the same if you mark the variables as "Identifier".
And when exporting the data, you can do the same if you mark the variables as "Identifier".
Best regards
Roberto
--
You received this message because you are subscribed to the Google Groups "redcap open" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redcap_open...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/redcap_open/12668efa-b1e2-49aa-a7cc-8da7d598a348n%40googlegroups.com.
Seydou GORO
Nov 10, 2023, 10:09:34 AM11/10/23
to redcap open, Roberto Ferreira
Hello Roberto,
I would like to thank you sincerely for your help, which has not been in vain. However, the French data regulation authority considers the data masking method via the action tag @PASSWORDMASK option, which replaces sensitive data (in this case the social security number) with stars, to be insufficient. He'd like the number to be replaced by anonymous characters instead, to enable true encryption (asymmetric encryption) with a public key (what's the difference between a public key and a private key? What does that mean?). Is this possible with Redcap? If not, is it possible to do it with external software such as R (packages digest ? encryptr)? Could you please help me with the implementation?
I would like to thank you sincerely for your help, which has not been in vain. However, the French data regulation authority considers the data masking method via the action tag @PASSWORDMASK option, which replaces sensitive data (in this case the social security number) with stars, to be insufficient. He'd like the number to be replaced by anonymous characters instead, to enable true encryption (asymmetric encryption) with a public key (what's the difference between a public key and a private key? What does that mean?). Is this possible with Redcap? If not, is it possible to do it with external software such as R (packages digest ? encryptr)? Could you please help me with the implementation?
Rick Watts
Nov 10, 2023, 10:58:28 AM11/10/23
to Seydou GORO, redcap open, Roberto Ferreira
I suspect your regulations in France are much the same in any other European country and there are many, many REDCap systems installed in Europe. You should talk to your local REDCap system administrators. There are various ways to encrypt REDCap data but if you're talking about REDCap data tables then the easiest way is to configure encryption for the entire REDCap database. This may be done at the operating system level, or depending on the database software you use, by a configuration in the database software. If you talk to your administrators you may find that your database is already encrypted.
Rick Watts
Team Lead, Research Informatics
Women and Children’s Health Research Institute
University of Alberta
5-083 Edmonton Clinic Health Academy (ECHA)
11405 87 Avenue NW Edmonton, AB T6G 1C9
WCHRI is a partnership between the University of Alberta and Alberta Health Services, funded by the generosity of the Stollery Children's Hospital Foundation and the Alberta Women’s Health Foundation.
The University of Alberta respectfully acknowledges that we are situated on Treaty 6 territory, traditional lands of First Nations and Métis people.
To view this discussion on the web visit https://groups.google.com/d/msgid/redcap_open/CAC-VPtgqHRhU%3DSX6cmdXHXMe7oe_VAffzUiRb4ZfzvO86vX_1g%40mail.gmail.com.
Seydou GORO
Nov 10, 2023, 11:10:26 AM11/10/23
to Rick Watts, redcap open, Roberto Ferreira
Thank you @Rick Watts you for your suggestion which is a good hint for me. The basic idea was to encrypt certain tables, not the entire project database or the whole Redcap. There is a table containing the social security number, the patient ID and another ID called the hook ID, enabling us to match the data from our study with data from the national health system. The principle is that if the social security number is 18702335xxx, it is replace with something like xE65y@zer3xx.
Thank you again
Peter Macisaac (POP)
Nov 12, 2023, 6:06:12 AM11/12/23
to Seydou GORO, Rick Watts, redcap open, Roberto Ferreira
REDCAP uses HTTPS. - secure HTTP which means the conversation between you and the database is encrypted
What Rick suggests prevents any hackers getting into the REDCAP database and reading any of the data while being stored on your university server - it is more secure to encrypt the entire database than just one part of it.
I understand that REDCAP does not store data in relational tables as you might if you set up a database for the project, so you cant encrypt particular fields.
I sense The hook id is just a link that allows links your data under the patient social security number to national data without having to to store or submit the real SSN, you would need to transmit that hookid using public/private key encryption.
The encryption approach using public and private keys is implemented at the software level to encrypt data files being transferred from one place to another e.g. the data request and the linked data from the social security system to your email.
I don’t think this has anything to do with REDCap.
Ricks advice to contact your organisations REDCap administrator will help you sort this out.
Peter
To view this discussion on the web visit https://groups.google.com/d/msgid/redcap_open/CAC-VPti_eHd68s4rnO55qtKaMLQOMruT9Ok3NUVcCnV2tG41Fg%40mail.gmail.com.
Rick Watts
Nov 12, 2023, 1:09:51 PM11/12/23
to Peter Macisaac (POP), Seydou GORO, redcap open, Roberto Ferreira
We also have a project where we are storing encrypted healthcare numbers from a different province in a way that they can only be decrypted after data export. This is done using an external module that the study team developed. As Peter says, there is no way to do this in REDCap without implementing additional code through the API, a plugin, or an external module.
To view this discussion on the web visit https://groups.google.com/d/msgid/redcap_open/8C777EAA-2B27-4914-8E60-61DBE57392FA%40macisaacinformatics.org.
Seydou GORO
Nov 13, 2023, 5:40:49 AM11/13/23
to Rick Watts, Peter Macisaac (POP), redcap open, Roberto Ferreira
Hello, thank you all @Rick Watts, @Peter Watts and other.. We ll contact our Redcap administrator. We will consider the different proposals depending on whether our regulatory authority will be flexible or not.The idea is to protect the data from hackers, but also to ensure that the data managers and technicians who enter the data cannot make any link between any name and any health data. In my opinion, masking can limit this (but the Data Protection Commission found it not sufficient.). The datamangers have access to all the tables (our operation is that if the main datamanger has had an unforeseen setback, he must have someone to take over) as well as the research technicians who enter the data. . I understand that Redcap already has data security measures: encryption during transfer or that we can encrypt the entire database. What does this involve? Does it mean that hackers can't easily get their hands on the data? Or that when they do get their hands on the data, they can't read it? The data will be in an unintelligible form? But the technicians who have access to the data can make links between patients and data even if the data is partitioned?
Martin. Rick, if you don't mind, could you please tell me what language you used for this external encryption module you're talking about? In my team we only have expertise in R or Python? I'm still thinking about the RecapR API if that's an option.
Martin. Rick, if you don't mind, could you please tell me what language you used for this external encryption module you're talking about? In my team we only have expertise in R or Python? I'm still thinking about the RecapR API if that's an option.
Reply all
Reply to author
Forward
0 new messages