...
Access to the data and various systems are protected by WUSTL Key and password authentication in accordance with our University’s HIPAA Washington University policy. Information regarding account, project, and data policies are below.
...
All REDCap users must have and use their own log in credentials. Log in credentials for the WUSTL REDCap instance are an active WUSTL Key and password. All user authentications occur in a centralized identification and authorization managed environment. Centralized accounts have aged complex passwords and multi-factor authentication enabled. Accounts Accounts are not to be sharedshared in accordance with Washington University policy. That means that you should NOT allow anyone else to work in REDCap while you are logged in to your account. That person should log into their account with their WUSTL key on a different device in order to work in REDCap. This includes external collaborators as well, e.g. you cannot create a single "External University REDCap Account" when collaborating with a study team at a single university. Users having their own accounts helps improve the security and quality of research participant data stored in the WUSTL instance of REDCap. This is because REDCap stores user activity in the Logging tool in order to 1) resolve data entry and collection issues and 2) assist with study audits. Individual accounts are also a regulatory requirement by the university and you will not be considered in compliance if the requirement is not followed. Also, if multiple users log in from a single REDCap account, the person who's information is attached to that account assumes all risk for any action taken by any user logged in with the credentials for that account. For example, if someone logs into an account, makes a change to the project that causes data loss (e.g. deletes a field containing data), the person who's name and contact information associated with the account is responsible as that is the information tracked in the REDCap log.
...