mEDU Learning Center

Program Eligibility

The goal behind Medrio's mEDU is to support academic research with an industrial strength EDC/eClinical tool without charge and, at the same time, introduce Medrio to academic researchers.

Sponsorship: The study should be sponsored and initiated by the investigator, rather than the private sector. An email address from your academic institution will be required.
Regulatory Submission: The data should not be intended for regulatory approval, e.g. to the FDA, that may result in commercialization. If data is being submitted to a regulatory agency for a reason other than commercial development, please contact us.
Contract Research Organizations: The study should not be coordinated by a CRO. We have a separate partner program for CROs and we encourage you to talk to us about that.
Private Sector Support: The private sector may provide support in kind (drugs, devices, endowed chairs, salaries, etc.) but not direct monetary support for the study.
Non-profits: Medrio's mEDU is available to academic institutions only. Unfortunately, non-profits do not qualify. However, non-profits may still qualify for special pricing, please contact for details.

Getting Started with your New Study

Ok, you've requested a New Study. What now?

First, we'll do a manual (i.e. human) SPAM check. Then we'll construct a database for you in our secure cloud and send you an email. If this is your first study with Medrio, that email will contain a default password. You can login at Use your email address and the default password we sent you to login. This is what will look like:

Login Screen

Next you'll be brought to the Password Expired Page to choose your new password.

Set Up Profile

You may have received access to a Medrio demo study or an actual study database.

If you have both studies, just select your TEST study and click "Change Study". You are now in your study. The top of your screen should look like this:

Tutorials Link

The easiest way to learn Medrio is to right-click tutorials and open the video tutorials in a new window. Follow along in your study while the video tutorials walk you through configuration, building forms, setting up data validation, queries, monitoring, managing your study and data entry. You'll be a master in no time. (Currently not all videos have been updated for Medrio version 8.1)

Any time you have questions, just email:

Security, Privacy, and Regulatory Summary

Regulatory Summary

Medrio understands the regulatory environment of our customers and provides software that supports compliance with regulations such as 21 CFR Part 11 and HIPAA. Medrio has performed an in depth analysis of these regulations and has worked with an external auditor to ensure that Medrio implements the necessary software and procedural controls. Examples of controls that are implemented include:

  • Electronic audit trails of all changes to study data
  • Electronic signatures
  • Data Encryption
  • Access restrictions to Protected Health Information (PHI)
  • Standard Operating Procedures (SOPs) that protect data confidentiality and integrity

European Regulatory Summary

Medrio complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.

Medrio has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, please visit the U. S. Commerce department's Safe Harbor website. For a description of the legal and enforcement framework please see Medrio's Privacy Policy.

Security Summary

Encryption: All data into and out of Medrio's servers are encrypted.
Ownership: Medrio does not own any data entered by its customers.
Access: Only people with usernames and passwords assigned by the owner of the data have access to the data.
Physical security: The facility housing Medrio's servers is fully redundant with security guards, video monitoring, and controlled access.
Network security: Medrio's network and servers are protected by industry leading firewalls, intrusion prevention / detection systems and virus protection.

Software Security

Encryption: All data into and out of the server is encrypted using 128-bit Secure Sockets Layer (SSL) and 1024- bit RSA public keys. The SSL protocol is the Web standard for encrypting communications between users and websites in all industries, including financial services and healthcare. SSL encryption prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and individuals with the confidence that private data sent to a Web site, such as health information, is kept confidential. Individuals have an SSL session with a website when their browser displays the small gold padlock and the address bar begins with https rather than http.
Ownership: Medrio does not own any data entered by its customers, even though Medrio may be a custodian of that data on servers that run Medrio's software.
Access: Medrio does not access data entered by its customers. Medrio does monitor "metadata," which is "data about data" such as the volume of data and number of users. Access controls include timed automatic log-offs, password expiration and strong password enforcement.

Server Farm Security

Physical and Network Security

All Medrio systems are housed in a secure, fully redundant data center. The facility follows industry best practices for both physical and network security including continuous video surveillance, electronic access control and the use of firewalls and network intrusion detection/prevention devices. Medrio continuously monitors and manages all systems and performs nightly off-site backups of customer data.


Medrio proactively manages all servers working to ensure optimal performance, reliability and security. We monitor and maintain all hardware and manage the installation of operating system software including service packs, hot-fixes and patches. Professional network engineers continuously monitor our network to ensure performance and reliability.


Medrio maintains the appropriate physical, software and process controls to maintain regulatory compliance and ensure the integrity and confidentiality of customer's data.


Medrio's servers reside within a secure data center with security guards, electronic access controls and digital video monitoring.


All servers reside behind Cisco firewalls and advanced intrusion detection/prevention systems that continuously scan for and block malicious network traffic. All servers are protected by antivirus software and are continuously updated with the latest service packs, hot-fixes and patches. We keep servers safe from spyware, spam, viruses, worms, trojans, Web-based exploits, and blended threats by scanning all network layers in real time.

Monitoring and Optimization

Through the use of advanced monitoring and alerting systems, Medrio continuously monitors the health of our application, servers and network to ensure optimal performance, security and reliability. We operate an intelligent network infrastructure that proactively responds to any unexpected problems to protect the performance of the application.

Redundancy and Disaster Recovery

Medrio's servers are housed in a fully redundant N+1 data center with redundant power, cooling and network connectivity. Power is provided by multiple utility sources and is protected by on-site UPS Battery Backup Units and generators. Network connectivity is provided through multiple Tier-1 internet providers to ensure optimal performance and reliability. Medrio performs nightly backups to locations both on-site and off-site and maintains redundant hardware. Integrity testing insures scheduled backups are being performed correctly.

SOPs include a disaster recovery plan, which is rehearsed on a regular basis to prepare for the unlikely scenarios that would require use of the plan.