GWAS MASTHEAD
Link to U.S. Department of Health and Human Services
Link to National Institutes of Health
 
HOME BUTTON
POLICY BUTTON
POLICY OVERSIGHT BUTTON
RESEARCHERS BUTTON
INSTITUTIONS BUTTON
DATA REPOSITORY BUTTON
FAQs BUTTON
GDS FAQs & CHARGE BUTTON
GWAS FAQs & CHARGE BUTTON
RELATED RESOURCES BUTTON
LISTSERV BUTTON
FACTS & FIGURES BUTTON
MAIN GRAPHIC PIECE
FREQUENTLY ASKED QUESTIONS HEADER

FAQs on the Genome-Wide Association Studies (GWAS) Policy (available at http://gds.nih.gov/13faqs_gwas.html).

NIH Genomic Data Sharing Policy (GDS) - Frequently Asked Questions new icon

A. Overall Policy

  1. What is the effective date of the NIH Genomic Data Sharing (GDS) Policy? 
  2. Why did NIH decide to extend the Policy for Sharing of Data Obtained in NIH Supported or Conducted Genome-Wide Association Studies (GWAS)?
  3. What are the main differences between the Genomic Data Sharing (GDS) Policy and the Policy for Sharing of Data Obtained in NIH Supported or Conducted Genome-Wide Association Studies (GWAS)?

B. Scope of Policy

  1. The Genomic Data Sharing (GDS) Policy applies to research that generates and uses large-scale genomic data. What does “large-scale” mean and what are some examples of research projects that are subject to the GDS Policy? 
  2. Does the Genomic Data Sharing (GDS) Policy apply to research with summary data such as allele frequency?
  3. Does the Genomic Data Sharing (GDS) Policy apply to research being performed in clinical laboratories?
  4. Are clinical trials that include a genomic component subject to the Genomic Data Sharing (GDS) Policy?
  5. Does the NIH Genomic Data Sharing (GDS) Policy apply to research funded by NIH before January 25, 2015?
  6. Will other kinds of large-scale data be subject to data sharing policies?
  7. Is research that uses data obtained from the database of Genotypes and Phenotypes (dbGaP) subject to the NIH Genomic Data Sharing (GDS) Policy?
  8. Is large-scale genomic data generated from microbiomes considered human or non-human genomic data?

C. Application Submission and Review

  1. How will genomic data sharing plans be reviewed?
  2. Can investigators seek additional resources to support the sharing of genomic data or to contact previous participants of studies to obtain additional informed consent?
  3. To what types of awards does the NIH Genomic Data Sharing (GDS) Policy apply?
  4. What should be included in a data sharing plan and when should it be submitted?
  5. How should updates on genomic data sharing be provided to NIH staff?
  6. How will the expectation to share data be enforced?
  7. Are consortia of NIH-funded and non-NIH-funded investigators expected to share data from large-scale genomic research?

D. Data Access  

  1. What is the database of Genotypes and Phenotypes (dbGaP)? Should all human genomic data be submitted to dbGaP?
  2. Where should non-human genomic data be submitted?
  3. Will biological samples (e.g., tissues, DNA, cell lines) that are used to generate the data submitted to NIH-designated repositories be available through the repository?
  4. Can non-research entities (e.g., law enforcement agencies, insurance companies, employers) request access to identifiable information corresponding to phenotype and genomic data held in an NIH-designated data repository?
  5. What security measures are in place to prevent unauthorized access to human genomic data in an NIH-designated repository?
  6. Will research participants be able to use an NIH-designated repository to obtain their own genetic data?
  7. Will NIH intramural staff be expected to follow the same processes for data sharing as extramural investigators?
  8. Who is allowed to serve on NIH Data Access Committees (DACs)? What kinds of expertise are represented on the DACs?
  9. What should investigators do if they are contacted by other researchers who want to use the controlled-access human data they generated but do not want to go through an NIH-designated repository?
  10. How can investigators share controlled-access human data and analyses with approved collaborators at different institutions while remaining compliant with the Genomic Data Sharing (GDS) Policy?
  11. Does a contractor assisting an approved user who requests controlled-access data from an NIH-designated repository have to submit a separate project request?
  12. Are investigators who generate and submit large-scale genomic data under the GDS Policy also expected to submit a dbGaP project request to access the data they generated?
  13. How long will it take to receive a decision on a requested dataset?

E. Data Monitoring and Oversight

  1. What mechanisms are in place to ensure that the Genomic Data Sharing (GDS) Policy keeps pace with evolving technological and ethical issues?
  2. Under the Genomic Data Sharing (GDS) Policy, is NIH allowing investigators who are approved to download human datasets from NIH controlled-access repositories to use cloud computing?
  3. How will NIH ensure that genomic data are used in a manner consistent with the informed consent provided by research participants?
  4. What mechanisms are in place across NIH to oversee the implementation of the NIH Genomic Data Sharing (GDS) Policy?
  5. What should be included in the progress updates of approved controlled-access data and to whom should the reports be submitted?

F. Data Repositories

  1. Will data from research within the scope of the Genomic Data Sharing (GDS) Policy need to be submitted to NIH-designated data repositories?
  2. How will updates of original data from the submitting investigators be made available to approved controlled-access repository users?
  3. Does NIH have the capacity to hold all of the data from research that falls under the scope of the Genomic Data Sharing Policy? 
  4. What quality-control measures will be required to submit data to NIH repositories?
  5. What is an NIH-designated data repository?
  6. Will NIH standardize phenotype information?
  7. What is a trusted partner? Can an investigator apply for trusted partner status?

G. Submission of Human Genomic Data to Controlled-Access Databases

  1. Will NIH-designated data repositories accept data generated from de-identified cell lines created and clinical specimens collected before the effective date of the GDS Policy if they have not been consented for research purposes?
  2. Are data submission requirements applicable to studies with a waiver of consent or exempted from Institutional Review Board (IRB) review?
  3. How do the human subject protections in the Genomic Data Sharing (GDS) Policy align with revisions that have been proposed for the Common Rule?
  4. To be compliant with the NIH Genomic Data Sharing Policy, where should I register my large-scale human genomic data study?
  5. Will NIH-designated data repositories accept genomic data if the individuals from whom the data are derived are deceased and either a) information about the consent process or the consent forms is not available or b) consent was silent or not inconsistent with regard to submission to the NIH-designated data repository?
  6. As part of the Institutional Certification, does the NIH GDS Policy permit the required IRB review of the investigator’s proposal for data submission, to be performed under an expedited IRB review process?
  7. When should investigators submit their Institutional Certification from their institutions?
  8. Can investigators conducting research as part of a clinical trial limit their data submission to baseline data only (i.e., data obtained prior to the start of the intervention)?
  9. For multi-center studies, is the submitting institution expected to certify data that are contributed by data collection centers at other institutions?

H. Consent for Broad Sharing

  1. The NIH GDS Policy seems to be saying that NIH requires that investigators obtain consent for broad data sharing and that the participant is disqualified from participating in the study if consent is not obtained. Is this NIH’s intention or does NIH mean that investigators are required to seek consent for broad data sharing and, if the participant agrees, the data may be submitted?
  2. My study qualifies as a study under the GDS Policy, but one of the study participants does not want to consent to the broad sharing of her genomic data. Will I still be in compliance with the GDS Policy if I don’t submit the participant's individual data with the rest of the data from this study?
  3. I am conducting a study that will generate large-scale genomic data as part of the study, but one of the study participants does not want to consent to the broad sharing of his genomic data. Will this participant have to be disqualified from enrolling in the larger study because he does not consent to broad sharing of his genomic data? What if the sharing of the data is intrinsic to the study?
  4. If a few individual participants do not consent to allow their genomic data to be shared, do I have to request an exception to data submission to dbGaP?
  5. What if participants agree to broad sharing but only for certain research uses? Do I need to request an exception to submit the data?
  6. Under the NIH GDS Policy, is it permissible to substitute an opt-out process for an informed consent process for broad sharing of genomic data from specimens or cell lines created or collected after the effective date of the Policy?
  7. Under the NIH Genomic Data Sharing (GDS) Policy, NIH is expecting participants’ consent for the use of their clinical specimens after January 25, 2015. Does this mean that NIH expects all of the required elements of informed consent under 45 CFR 46.116(d) to be included in a clinical consent, in order to meet the consent expectations under the Policy?
  8. If my research was funded after the effective date of the NIH Genomic Data Sharing (GDS) Policy, January 25, 2015, but I am using clinical specimens that were collected before this date, do I need to have participants’ consent for future research uses and broad sharing of their genomic and phenotypic data?

I. Submission of Non-Human Genomic Data to Unrestricted-Access Databases

  1. Why does the Genomic Data Sharing Policy (GDS) apply to research that involves non-human data?
  2. Which repositories should investigators submit the non-human genomic data that they generated?
  3. Are the data included in NIH-designated genomic data repositories such as dbGaP subject to the Freedom of Information Act (FOIA)?
  4. What specific sanctions are in place for investigators who violate the terms of access of the data to which they have been granted?

J. Governance

  1. Now that the Genomic Data Sharing (GDS) Policy is effective, will NIH consider comments from the research community and the general public and make any updates to the GDS Policy, if needed?

K. Research Participant Protections

  1. The Genomic Data Sharing Policy requires that data be de-identified by removing personal identifying information; however, it is possible to identify participants from genetic information. How will NIH ensure that data are used only for appropriate research?
  2. Are there any conditions for using data in unrestricted-access repositories?
  3. Will individuals be re-contacted if medically actionable incidental findings are discovered?
  4. What is the role of NIH Data Access Committees (DACs) in considering risks to individuals, their families, and groups or populations associated with data submitted to dbGaP?
  5. What specific sanctions are in place for investigators who violate the confidentiality of the data to which they have been granted?

L. Institutional Review Board (IRB) Involvement

  1. Are submitting institutions expected to certify that data submission is consistent with applicable laws and regulations in effect at any and all locations at which data were collected?
  2. What is the Institutional Review Board's (IRB's) role in submission of data to an NIH data repository?

M. Exceptions

  1. Are there cases in which data sharing will not be possible? What is the process for request an exception? What are permissible exceptions to the Genomic Data Sharing (GDS) Policy?
  2. Will exceptions granted by NIH satisfy a scientific journal that has a data sharing policy?
  3. What is the process for requesting exceptions to the data sharing expectation under the NIH Genomic Data Sharing Policy?
  4. Under the GDS Policy, am I allowed to use samples of cell lines that were collected or created after the Policy effective date if participants have not provided consent?

N. Publication

  1. How should the work of submitters of genomic data to controlled-access NIH-designated data repositories be acknowledged by secondary users?

A. Overall Policy
  1. What is the effective date of the NIH Genomic Data Sharing (GDS) Policy?

    For research that falls within the scope of the GDS Policy, the Policy takes effect for:

    • Competing grant applications that are submitted to NIH for the January 25, 2015, due date or subsequent due dates;
    • Proposals for contracts that are submitted to NIH on or after January 25, 2015; and
    • NIH intramural research projects generating genomic data on or after January 25, 2015.

    After January 25, 2015, all NIH funding applicants are expected to include a data sharing plan consistent with the GDS Policy. Any submitted data sharing plan that is accepted by the funding NIH Institute or Center (ICs) may be referenced as a term and condition of the contract award or the Notice of Grant Award.

  2. Why did NIH decide to extend the Policy for Sharing of Data Obtained in NIH Supported or Conducted Genome-Wide Association Studies (GWAS)?

    Advances in DNA sequencing and other high-throughput technologies along with a steep drop in DNA sequencing costs have enabled NIH to fund research that generated greater volumes of GWAS as well as other types of genomic data. Sharing a wide range of large-scale genomic data advances our understanding of the molecular and biological processes that contribute to human health and disease. Data generated from one research study can be used to explore a wide range of additional research questions, and data from multiple projects can be combined, amplifying the scientific value of the data. The broad research use of genomic data enhances public benefit by helping to speed discoveries that improve our ability to diagnose, treat, and prevent disease.

  3. What are the main differences between the Genomic Data Sharing (GDS) Policy and the Policy for Sharing of Data Obtained in NIH Supported or Conducted Genome-Wide Association Studies (GWAS)?

    The GDS Policy and GWAS Policy differ in the following areas:

    • Scope: The GDS Policy applies to research that generates or uses large-scale genomic data from human or non-human organisms, a much broader range of research than the GWAS Policy. For examples of research that are subject to the GDS Policy, see the Supplemental Information to the GDS Policy: http://gds.nih.gov/pdf/supplemental_info_GDS_Policy.pdf.

    • Data Repositories: Because the GDS Policy applies to a broader range of research than the GWAS Policy, a wider array of data repositories will be used in addition to the database of Genotypes and Phenotypes (dbGaP), the NIH repository for GWAS data, such as the Gene Expression Omnibus (GEO), Sequence Read Archive (SRA), GenBank, the Cancer Genomics Hub (CGHub) as well as databases for specific model organisms such Mouse Genome Informatics and FlyBase. Examples of relevant NIH-designated data repositories are available at http://gds.nih.gov/02dr2.html.

    • Informed Consent: NIH expects investigators who intend to use research or clinical specimens collected or cell lines created after January 25, 2015 to generate human genomic data may only do so with informed consent for future research use and broad sharing of the data from those specimens, even if they are de-identified. NIH-designated data repositories will not accept human genomic data derived from specimens or cell lines collected or created after January 25, 2015 unless informed consent has been provided for future research use and broad sharing.

    • Data Release: Under the GDS Policy, the release of human data for secondary research can generally be deferred for up to six months after data submission, with no publication embargo upon data release. The 12-month publication embargo period under the GWAS Policy has been eliminated.

Back to Top


B. Scope of Policy

  1. The Genomic Data Sharing (GDS) Policy applies to research that generates and uses large-scale genomic data. What does “large-scale” mean and what are some examples of research projects that are subject to the GDS Policy?

    Large-scale genomic data include genome-wide association studies (GWAS), single nucleotide polymorphisms (SNP) arrays, and genome sequence, transcriptomic, metagenomic, epigenomic, and gene expression data. Examples of research that are subject to the GDS Policy include, but are not limited to, projects that involve generating the whole genome sequence data for more than one gene from more than 1,000 individuals, or analyzing 300,000 or more genetic variants in more than 1,000 individuals, or sequencing more than a 100 isolates of infectious organisms such as bacteria. Additional examples may be found in the Supplemental Information to the NIH Genomic Data Sharing Policy at: http://gds.nih.gov/pdf/supplemental_info_GDS_Policy.pdf.

  2. Does the Genomic Data Sharing (GDS) Policy apply to research with summary data such as allele frequency?

    Yes. Research generating large-scale summary or aggregate genomic data falls within the scope of the Policy.

  3. Does the Genomic Data Sharing (GDS) Policy apply to research being performed in clinical laboratories

    Yes. The GDS Policy applies to all basic and clinical research supported by NIH that involves the generation of large-scale genomic data within the scope of the Policy.

  4. Are clinical trials that include a genomic component subject to the Genomic Data Sharing (GDS) Policy?

    Yes. The GDS Policy applies to all basic and clinical research, including clinical trials, supported by NIH that involves the generation of large-scale genomic data within the scope of the Policy.

  5. Does the NIH Genomic Data Sharing (GDS) Policy apply to research funded by NIH before January 25, 2015?

    Although the GDS Policy does not apply to research submitted prior to January 25, 2015, NIH, nonetheless, strongly encourages all NIH-funded research to comply with the expectations outlined in the Policy. Investigators should provide an updated genomic data sharing plan to the funding NIH Institute or Center (IC) in the submission of the standard annual NIH Research Performance Progress Report. For studies involving human participants that were initiated before the Policy’s effective date and used consents that do not meet the expectations of the GDS Policy, investigators are expected to plan to transition to a consent for future research uses and broad sharing, if possible, particularly for new or additional collections of specimens. There will be reasonable accommodation, determined on a case-by-case basis by the funding IC, for long-term projects ongoing at the time of the Policy’s effective date to come into alignment with NIH’s expectations for consent and data sharing. The goal is to bring these projects into alignment, to the extent possible, in a reasonable timeframe.

  6. Will other kinds of large-scale data be subject to data sharing policies?

    At this time, examples of large-scale genomic data under the NIH Genomic Data Sharing (GDS) Policy include genome-wide association studies (GWAS), single nucleotide polymorphisms (SNP) arrays, and genome sequence, transcriptomic, metagenomic, epigenomic, and gene expression data. At appropriate intervals, NIH will review the types of research to which the GDS Policy applies, and any changes to examples of research within the Policy’s scope will be provided in the Supplemental Information to the GDS Policy. Notification of any changes will be provided to investigators and institutions through standard NIH communication channels (e.g., NIH Guide for Grants and Contracts, the NIH GDS Listserv).

  7. Is research that uses data obtained from the database of Genotypes and Phenotypes (dbGaP) subject to the NIH Genomic Data Sharing (GDS) Policy?

    Research that uses data downloaded from NIH-designated data repositories such as dbGaP is subject to the GDS Policy. The GDS Policy includes provisions for the responsibilities of investigators accessing and using genomic data. Please see the GDS Policy, section V, Responsibilities of Investigators Accessing and Using Genomic Data and section VI, Intellectual Property.

  8. Is large-scale genomic data generated from microbiomes considered human or non-human genomic data?

    Large-scale non-human genomic data includes data from microbes, microbiomes, and model organisms. The data from microbes and microbiomes are considered non-human, if the human genomic data has been filtered and removed.

Back to Top


C. Application Submission and Review 

  1. How will genomic data sharing plans be reviewed?

    For the extramural research community, peer reviewers will evaluate genomic data sharing plans for consistency with the GDS Policy and will provide comments on them in their written critiques, but their evaluation of the plans will not be included as part of the Overall Impact score (for grants) and will not affect scoring of the proposals on the technical evaluation criteria (for contracts), unless it is an integral part of the Funding Opportunity Announcement or Request for Proposals. NIH Program and Contract staff will be responsible for assessing the appropriateness and adequacy of proposed genomic data sharing plans. Any concerns regarding genomic data sharing plans will be resolved prior to making awards. For NIH intramural researchers, genomic data sharing plans will be evaluated at the time of scientific review.

  2. Can investigators seek additional resources to support the sharing of genomic data or to contact previous participants of studies to obtain additional informed consent?

    NIH may consider requests for supplemental funding to obtain additional participant consent, or reconsent, when appropriate. If an investigator is requesting additional funds to support genomic data sharing or obtaining consent, this information should be included in the budget section of the funding application. The NIH funding Institute or Center (IC) will decide if the request is appropriate and whether additional resources can be used to support the study.

  3. To what types of awards does the NIH Genomic Data Sharing (GDS) Policy apply?

    The GDS Policy applies to all NIH funding mechanisms (i.e., grants including Fogarty grants, Research and Development contracts) for extramural research that are generating large-scale genomic data. Typically, the GDS Policy does not apply to individual awards such as fellowships (F awards), institutional training grants (T awards), or individual Career Development (K) awards, but, if the scope and aims of the project include the generation of large-scale genomic data, then the GDS Policy applies. Comparable expectations are in place for applicable research conducted by NIH intramural investigators.

  4. What should be included in a data sharing plan and when should it be submitted?

    For extramural investigators, genomic data sharing plans are to be submitted as part of an application for funding, in the Resource Sharing Plan section. For all applicants proposing to generate human or non-human data, a description of the data type and the data repository, should be provided at the time of the application. Applicants proposing to generate human data should also provide information addressing data submission and release timelines, Institutional Review Board assurance of the genomic data sharing plan, the appropriate uses of the data, and if appropriate, a request for a data sharing exception, prior to award. Applicants proposing to generate non-human data need also to address the data submission and release timelines prior to award. NIH intramural investigators should submit all relevant elements of the genomic data sharing plan to their NIH Institutes and Center (IC) Scientific Director (SD), or delegate, for review and approval prior to start of the research. Guidance for Investigators in Developing Genomic Data Sharing Plans may be found at: https://gds.nih.gov/pdf/NIH_guidance_developing_GDS_plans.pdf.

  5. How should updates on genomic data sharing be provided to NIH staff?

    Awardees receiving NIH support for research subject to the NIH Genomic Data Sharing Policy are expected to describe progress in implementing the genomic data sharing plan in the annual NIH Research Performance Progress Report for extramural research, the annual ZO1 report for intramural research, and the Technical Progress Report for contracts on an annual basis or as required by the terms of the contract. A final statement on data sharing should also be included in the final progress report.

  6. How will the expectation to share data be enforced?

    If an NIH award is made, the genomic data sharing plan will be referenced as a Special Term and Condition of the Notice of Award. Data sharing will be monitored on a regular basis by grants management, contract officers, and program officials, as well as NIH Scientific Directors, if the research is funded intramurally. An awardee’s failure to comply with the terms and conditions of award may cause NIH to take one or more enforcement actions as described in Section 8.5 of the NIH Grants Policy Statement http://grants.nih.gov/grants/policy/nihgps/nihgps.pdf or FAR Part 49, Termination of Contracts (https://www.acquisition.gov/?q=/browse/far/49). For research that is funded intramurally, Scientific Directors will not approve publications involving such research until the data sharing plan has been submitted and approved.

  7. Are consortia of NIH-funded and non-NIH-funded investigators expected to share data from large-scale genomic research?

    NIH expects the research it funds, even if a part of a consortium, will comply with the NIH Genomic Data Sharing (GDS) Policy. However, NIH strongly encourages all parties in the consortium to comply with the expectations outlined in the GDS Policy. Additionally NIH-funded investigators are expected to follow the Principles and Guidelines for Recipients of NIH Research Grants and Contracts on Obtaining and Disseminating Biomedical Research Resources.

Back to Top


Data Access

  1. What is the database of Genotypes and Phenotypes (dbGaP)? Should all human genomic data be submitted to dbGaP?

    dbGaP was developed by the National Center for Biotechnology Information (a division of the National Library of Medicine at NIH) to archive and distribute the results of studies that have investigated the interaction of genotypes and phenotypes. Under the GDS Policy, investigators are expected to register all studies with human genomic data that fall within the scope of the Policy in dbGaP by the time that data cleaning and quality control measures begin, regardless of which NIH-designated data repository will receive the data. The informed consent under which the data or samples were collected is the basis for the submitting institution to determine the appropriateness of data submission to NIH-designated data repositories, and whether the data should be available through unrestricted or controlled access. After the dbGaP registration, investigators should submit the data to the relevant NIH-designated data repository (e.g., dbGaP, Gene Expression Omnibus (GEO), Sequence Read Archive (SRA), the Cancer Genomics Hub). When human genomic data are deposited in other repositories, dbGaP will include a description of the data and provide a link to the relevant repository. Additional information on dbGaP can be found at http://www.ncbi.nlm.nih.gov/sites/entrez?db=gap.

  2. Where should non-human genomic data be submitted?

    NIH expects investigators to continue submitting non-human data to the same repositories that they submitted the data to prior to the effective date of the GDS Policy. Non-human data may be made available through any widely used data repository, whether NIH-funded or not, such as GEO, SRA, Trace Archive, Array Express, Mouse Genome Informatics, WormBase, the Zebrafish Model Organism Database, GenBank, European Nucleotide Archive, or DNA Data Bank of Japan. Data in these unrestricted-access databases is available for all research uses.

  3. Will biological samples (e.g., tissues, DNA, cell lines) that are used to generate the data submitted to NIH-designated repositories be available through the repository?

    No. Only the data will be available through an NIH-designated genomic data repository.

  4. Can non-research entities (e.g., law enforcement agencies, insurance companies, employers) request access to identifiable information corresponding to phenotype and genomic data held in an NIH-designated data repository?

    NIH will not possess any direct identifiers for data in an NIH-designated data repository, nor will NIH have access to the link between the data keycode and the identifiable information that may reside with the primary investigators and institutions for particular studies. NIH will not approve any request to access data for non-research purposes.

    Additionally, NIH has obtained a certificate of confidentiality to protect the privacy of research subjects by allowing the agency to withhold genotype and phenotype data from all persons not connected with this research in any civil, criminal, administrative, legislative, or other proceeding. NIH encourages investigators submitting genomic data to consider the potential appropriateness of obtaining a Certificate of Confidentiality (please see http://grants.nih.gov/grants/policy/coc/) as an added protection against any future compelled disclosure of identities for studies planning to collect genomic data. NIH also encourages investigators accessing dbGaP data to obtain a Certificate of Confidentiality.

  5. What security measures are in place to prevent unauthorized access to human genomic data in an NIH-designated repository?

    Human genomic datasets are stored in NIH-designated data repositories under strict security provisions, including multiple firewalls, separate servers, and data encryption protocols. Investigators and their sponsoring institutions seeking human genomic data in a controlled-access NIH data repository must agree to the terms of access set forth in the Data Use Certification (DUC), which includes a provision that approved users and their institutions agree to store the requested data securely (in a manner consistent with the dbGaP Security Best Practices) and to not share the requested data with third parties. Investigators are approved by an NIH Data Access Committee (DAC) for access to specific datasets for a specific research project. Once a user is approved, data can be accessed only through the secure NIH login process.

  6. Will research participants be able to use an NIH-designated repository to obtain their own genetic data?

    No. The Genomic Data Sharing Policy is designed for research purposes. Genomic data in NIH repositories have been de-identified, and NIH would not be able to retrieve data for a particular individual. Research participants should contact the primary investigator and the institution where the data were collected to discuss the sharing of personal genomic information.

  7. Will NIH intramural staff be expected to follow the same processes for data sharing as extramural investigators?

    Yes. NIH intramural staff are expected to submit data for research projects generating large-scale genomic data after the effective date of the GDS Policy, including those protocols generating data from collaborations with outside institutions. The data submission is subject to the same certifications expected of extramural investigators. Requests by intramural investigators to access the data in an NIH-designated data repository are also subject to the same provisions as requests submitted by extramural investigators.

  8. Who is allowed to serve on NIH Data Access Committees (DACs)? What kinds of expertise are represented on the DACs?

    All members of the DACs must be Federal employees but need not be NIH employees. DAC members are selected for their expertise in areas such as the relevant scientific and clinical disciplines, research participant protections, and privacy.

  9. What should investigators do if they are contacted by other researchers who want to use the controlled-access human data they generated but do not want to go through an NIH-designated repository?

    Principal investigators who submitted human genomic data to dbGaP may share the project data they generated directly with other investigators, following applicable regulatory requirements and institutional polices. However, investigators who receive the data through dbGaP should not provide data to any individual not included in the project request approved by an NIH Data Access Committee, per the terms of access in the Data Use Certification.

  10. How can investigators share controlled-access human data and analyses with approved collaborators at different institutions while remaining compliant with the Genomic Data Sharing (GDS) Policy?

    All sharing of controlled-access data with collaborators must be consistent with the GDS Policy and the NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy. Controlled-access data may be shared with collaborators at other institutions if they have obtained approval to access the data through their own dbGaP project request. Such collaborators should be listed on the project request as external collaborators for both projects. Data may be encrypted and mailed to approved collaborators on a hard drive, or shared with approved collaborators over a virtual private network or in a cloud environment, as described in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy.

  11. Does a contractor assisting an approved user who requests controlled-access data from an NIH-designated repository have to submit a separate project request?

    No. A contractor directly assisting an approved user does not need to submit a separate project request. If off-site contractor services are to be utilized, the principal investigator (PI) requesting the data must provide a brief description of the services that the contractor will perform in the Research Use Statement of the project request (e.g., data annotation). Additionally, the Key Personnel section of the project request must include the name of the contractor’s lead employee who will conduct the work. These requirements apply whether the contractor carries out the work at the PI’s facility or at the contractor’s facility. In addition, the PI is responsible for supervising the work of the contractor and ensuring that any of the contractor’s employees who have access to the data adhere to the GDS Policy, the Data Use Certification (DUC) agreement, the Genomic Data User Code of Conduct, and the NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy. The PI may want to consider adding a statement in the contract that stipulates that the contractors will comply with the terms stated in the DUC.

  12. Are investigators who generate and submit large-scale genomic data under the GDS Policy also expected to submit a dbGaP project request to access the data they generated?

    Yes. However, once the data are processed and deposited in a repository, expedited access will be provided for original submitting investigators.

  13. How long will it take to receive a decision on a requested dataset?

    The average time for a NIH Data Access Committee to process a project request is currently 14 days. Additional information may be found on the NIH Genomic Data Sharing (GDS) website at: http://gds.nih.gov/16factsfigures.html.

Back to Top


E. Data Monitoring and Oversight

  1. What mechanisms are in place to ensure that the Genomic Data Sharing (GDS) Policy keeps pace with evolving technological and ethical issues?

    Trans-NIH governance committees such as the Senior Oversight Committee and the Scientific Data Council advise the NIH Director, to ensure that NIH keeps pace with technological or ethical issues that may arise. Additionally, at appropriate intervals, NIH will review the types of research to which the GDS Policy may be applicable, and any changes to examples of research that are within the Policy’s scope will be provided in the Supplemental Information to the GDS Policy. NIH will notify investigators and institutions of any changes through standard NIH communication channels (e.g., NIH Guide for Grants and Contracts).

  2. Under the Genomic Data Sharing (GDS) Policy, is NIH allowing investigators who are approved to download human datasets from NIH controlled-access repositories to use cloud computing?

    In April 2015, NIH released the NIH Position Statement on Use of Cloud Computing Services for Storage and Analysis of Controlled-Access Data Subject to the NIH Genomic Data Sharing Policy and is now allowing investigators to request permission to transfer controlled-access genomic and associated phenotypic data obtained from NIH designated repositories under the auspices of the GDS Policy to public or private closed systems for data storage and analysis. NIH expects cloud computing systems to meet the data use and security standards outlined in NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy as well as the institution’s own IT security requirements and policies. Investigators who wish to use cloud computing for storage and analysis will need to indicate in their Data Access Request (DAR) that they are requesting permission to use cloud computing, identify the cloud service provider or providers that will be employed, and describe how the cloud computing service will be used to carry out their proposed research.

  3. How will NIH ensure that genomic data are used in a manner consistent with the informed consent provided by research participants?

    Participant protections have been built into both the submission and access stages of the genomic data sharing process. When investigators submit data, their institutions must assure, through submission of an Institutional Certification, the appropriateness of the data submission as well as the secondary use of the data, based on the consent of the participants. When qualified investigators seek access to controlled-access data, they must describe how they intend to use the data through a Data Access Request (DAR) and, through a Data Use Certification (DUC) Agreement, agree to adhere to the NIH Genomic Data Sharing Policy’s ethical principles, terms of data access, and privacy safeguards. Before access is granted, each request is reviewed by an NIH Data Access Committee (DAC) for consistency with the appropriate data uses, as outlined by the data submitters, and Policy expectations.

  4. What mechanisms are in place across NIH to oversee the implementation of the NIH Genomic Data Sharing (GDS) Policy?

    Multiple trans-NIH committees are responsible for the oversight of the NIH GDS Policy and its implementation. The NIH governance structure for GDS Policy oversight may be found at: https://gds.nih.gov/04po2.html.

  5. What should be included in the progress updates of approved controlled-access data and to whom should the reports be submitted?

    Through the dbGaP authorized access system, approved users of controlled-access data are expected to submit annual progress updates that include a description of any significant research findings, any publications or intellectual property developed through the use of data from the NIH genomic data repository, and any issues related to the terms of access as specified in the Data Use Certification Agreement. The Data Access Committee(s) that approved the investigator’s project request also reviews progress updates.

Back to Top


F. Data Repositories

  1. Will data from research within the scope of the Genomic Data Sharing (GDS) Policy need to be submitted to NIH-designated data repositories?

    NIH expects investigators to continue submitting non-human data to the same repositories that they submitted the data to prior to January 25, 2015, the effective date of the GDS Policy. Non-human data may be made available through any widely used data repository, whether NIH-funded or not, such as GEO, SRA, Trace Archive, Array Express, Mouse Genome Informatics, WormBase, the Zebrafish Model Organism Database, GenBank, European Nucleotide Archive, or DNA Data Bank of Japan. Human data should be registered in dbGaP and submitted to the appropriate NIH-designated data repository. Investigators who elect to submit data to a non-NIH-designated data repository in addition to an NIH-designated data repository should ensure that appropriate data security measures are in place, and that confidentiality, privacy, and data use measures are consistent with the GDS Policy.

  2. How will updates of original data from the submitting investigators be made available to approved controlled-access repository users?

    Investigators will be informed of updates to datasets for which they are approved and automatically be granted access to these datasets, and the updated datasets will be given a new version number. Investigators whose approved access period has expired may submit a renewal request at the time of the progress update.

  3. Does NIH have the capacity to hold all of the data from research that falls under the scope of the Genomic Data Sharing Policy?

    Yes. However, to meet infrastructure needs for data storage and/or to provide tools that are useful for genomic data analyses, NIH is exploring new models for providing data management resources. For example, human data may be made available through structured partnerships with external organizations known as “trusted partners.” A trusted partnership can be established only through a contract mechanism between an NIH funding IC and the trusted partner organization. Contracts are awarded through an IC's standard acquisition and negotiation processes.

  4. What quality-control measures will be required to submit data to NIH repositories?

    As mentioned in the Supplemental Information to the GDS Policy, general guidance for submitting data to NIH data repositories may be found at: http://www.ncbi.nlm.nih.gov/guide/howto/submit-data/. Standards and procedures for data quality control are set by the individual repository and investigators should conform to the requirements of the repository to which they submit their data. Examples of genomic data standards resources and initiatives may be found here: http://gds.nih.gov/pdf/Genomic_Data_Standards_Resources_and_Initiatives.pdf.

  5. What is an NIH-designated data repository?

    An NIH-designated data repository is any data repository maintained or supported by NIH either directly or through collaboration.

  6. Will NIH standardize phenotype information?

    NIH does not currently require standardization of phenotype information submitted to NIH-designated genomic data repositories. However, the Supplemental Information to the NIH Genomic Data Sharing (GDS) Policy includes information regarding resources for standards, including phenotype ontology and clinical data. A list of examples of genomic data standards resources and initiatives may also be found on the NIH GDS website at http://gds.nih.gov/pdf/Genomic_Data_Standards_Resources_and_Initiatives.pdf).

  7. What is a trusted partner? Can an investigator apply for trusted partner status?

    A “trusted partner” is defined as a public or private, national or international organization that is able to meet core NIH standards for establishing the data quality and data management service protocols, based on the programmatic need of the NIH funding Institute or Center (IC). A trusted partnership can be established only through a contract mechanism between an NIH funding IC and the trusted partner organization and are awarded through the IC's standard acquisition and negotiation processes.

Back to Top


G. Submission of Human Genomic Data to Controlled-Access Databases

  1. Will NIH-designated data repositories accept data generated from de-identified cell lines created and clinical specimens collected before the effective date of the GDS Policy if they have not been consented for research purposes?

    NIH will accept data derived from de-identified cell lines or clinical specimens lacking consent for research use that were created or collected before January 25, 2015, the effective date of the Genomic Data Sharing (GDS) Policy, if the submitting institution, in concert with its Institutional Review Board and/or privacy board, finds that submission of the data to NIH would be appropriate.

  2. Are data submission requirements applicable to studies with a waiver of consent or exempted from Institutional Review Board (IRB) review?

    For data from specimens collected before the effective date of the GDS Policy, if the submitting institution, in concert with its IRB and/or privacy board, finds that submission of the data is appropriate and meets the criteria of the Institutional Certification specified within the GDS Policy, then such data would be accepted by an NIH-designated repository. Investigators should contact their institutional IRB and/or privacy board to determine whether the submission of data to an NIH-designated repository is appropriate for studies that have been exempted or obtained a waiver of consent. For specimens collected after the effective date of the GDS Policy, informed consent for future research uses and broad sharing of data is expected. If there are compelling scientific reasons that necessitate the use of genomic data from cell lines or clinical specimens that were created or collected after the effective date of the GDS Policy and that lack consent for research use and data sharing, investigators should provide a justification in the funding request for their use. The funding IC will review the justification and decide whether to make an exception to the consent expectation.

  3. How do the human subject protections in the Genomic Data Sharing (GDS) Policy align with revisions that have been proposed for the Common Rule?

    The GDS Policy is consistent with revisions to the Common Rule proposed in the 2015 Notice of Proposed Rule Making (NPRM, https://www.federalregister.gov/articles/2015/09/08/2015-21756/federal-policy-for-the-protection-of-human-subjects), in particular, the NPRM's proposal to require consent for research use of biospecimens, including those that have been stripped of identifiers. However, other proposals in the NPRM, should they be incorporated in the final rule, may require changes to the GDS Policy or guidance related to the GDS Policy, such as the specific elements for broad consent. When the final revisions to the Common Rule are issued, NIH will adjust any GDS Policy expectations that are inconsistent with regulatory requirements, if necessary.

  4. To be compliant with the NIH Genomic Data Sharing Policy, where should I register my large-scale human genomic data study?

    Under the NIH GDS Policy, all NIH-funded investigators generating large-scale human genomic data should submit such data as well as any relevant associated data to an NIH-designated data repository. The informed consent under which the data or samples were collected is the basis for the submitting institution to determine the appropriateness of data submission to NIH-designated data repositories, and whether the data should be available through unrestricted or controlled access.

    If the data are to be shared through an unrestricted-access database (e.g., GEO, SRA), investigators should register the study in NCBI BioProject and upload a completed Institutional Certification, assuring that the data submission and expectations defined in the NIH GDS Policy have been met.

    If the data are to be shared through a controlled-access database (e.g., dbGaP) the study must be registered in dbGaP and accompanied by a completed Institutional Certification, regardless of which NIH-designated data repository the data will ultimately reside in.

  5. Will NIH-designated data repositories accept genomic data if the individuals from whom the data are derived are deceased and either a) information about the consent process or the consent forms is not available or b) consent was silent or not inconsistent with regard to submission to the NIH-designated data repository?

    Yes. If the submitting institution, in concert with its IRB and/or privacy board, finds that submission of the data to the NIH would be appropriate (e.g., in cases where there is consent, the consent form does not preclude data sharing) and meets the other expectations of the Institutional Certification specified within the NIH GDS policy, then such data would be accepted by an NIH-designated data repository. Although NIH-designated data repositories do not currently involve human subjects research under 45 CFR 46, the criteria defined within 45 CFR 46.116(d) might provide a useful framework to institutions, IRBs, and privacy boards in considering submission of data from deceased individuals.

  6. As part of the Institutional Certification, does the NIH GDS Policy permit the required IRB review of the investigator’s proposal for data submission, to be performed under an expedited IRB review process?

    With respect to the nature of IRB review of the investigator’s proposal for data submission, as expected through the Institutional Certification, NIH defers to the institution submitting the data to determine what is appropriate. However, NIH finds it permissible for the IRB review to be conducted in a manner consistent with the expedited review procedure, as described by 45 CFR 46.110 (http://www.hhs.gov/ohrp/humansubjects/guidance/45cfr46.html#46.110). According to the Office of Human Research Protections (OHRP), “under an expedited review procedure, the review may be carried out by the IRB chairperson or by one or more experienced reviewers designated by the chairperson from among members of the IRB.”

  7. When should investigators submit their Institutional Certification from their institutions?

    The Institutional Certification, for sharing human data, should be provided to the funding NIH Institute or Center prior to award, along with any other Just-in-Time information (for extramural researchers) or before research has begun whenever possible (for intramural researchers). For further information, see: https://gds.nih.gov/Institutional_Certifications.html.

  8. Can investigators conducting research as part of a clinical trial limit their data submission to baseline data only (i.e., data obtained prior to the start of the intervention)?

    Yes, provided that the NIH-funded research is limited to the baseline data. If the NIH-funded research is not limited to baseline data, the baseline data may be initially submitted, and other data may be submitted at a later date, as they become available, so as to not compromise the integrity of the clinical trial. Investigators should work with their funding NIH Institute or Center on a timeline for data submission.

  9. For multi-center studies, is the submitting institution expected to certify data that are contributed by data collection centers at other institutions?

    An institutional assurance of the data submission must be provided for all data generated from contributing samples, whether the data is generated from multiple study sites or a single site. The primary study site may submit one Multi-Center Institutional Certification indicating that it is providing certification on behalf of all collaborating sites. Alternatively, each site providing samples may provide their own Single-Site Institutional Certification. Institutions should work with the Genomic Program Administrator (GPA) from the funding NIH Institute or Center to discuss the appropriate certification, register the study, and submit data to the database of Genotypes and Phenotypes (dbGaP). Institutional Certification forms may be found at: https://gds.nih.gov/Institutional_Certifications.html.

Back to Top


H. Consent for Broad Sharing

  1. The NIH GDS Policy seems to be saying that NIH requires that investigators obtain consent for broad data sharing and that the participant is disqualified from participating in the study if consent is not obtained. Is this NIH’s intention or does NIH mean that investigators are required to seek consent for broad data sharing and, if the participant agrees, the data may be submitted?

    The GDS Policy should not be interpreted to mean that participants must be disqualified from participating in a study if they decline to consent to sharing of their data. The GDS Policy expects subjects who are asked to enroll in a study in which genomic data are obtained to also be asked for their informed consent to the future research use and broad sharing of their data. Only if they provide such consent would broad sharing of the data be permissible. If a subject does not consent, he or she may still be enrolled in the study but their data may not be shared.

  2. My study qualifies as a study under the GDS Policy, but one of the study participants does not want to consent to the broad sharing of her genomic data. Will I still be in compliance with the GDS Policy if I don’t submit the participant's individual data with the rest of the data from this study?

    Yes. Investigators will still be in compliance with the GDS Policy if they do not submit data from individuals who have consented to participation in a study but declined to consent to sharing their data. Moreover, if a participant’s consent has not been provided for sharing, NIH would not accept such data into an NIH-designated data repository under the GDS Policy.

  3. I am conducting a study that will generate large-scale genomic data as part of the study, but one of the study participants does not want to consent to the broad sharing of his genomic data. Will this participant have to be disqualified from enrolling in the larger study because he does not consent to broad sharing of his genomic data? What if the sharing of the data is intrinsic to the study?

    As a general rule, participants should not be disqualified from enrolling in a study on the basis of a decision to decline to consent to broad sharing of their genomic data. However, if the sharing of the data is intrinsic to the study, the participant should not be enrolled. An example of a study in which sharing of the data is intrinsic is a study whose purpose is to establish a repository for sharing biological specimens and data for future research. Another example is a study that is intended to develop reference datasets that would be used broadly by the research community.

  4. If a few individual participants do not consent to allow their genomic data to be shared, do I have to request an exception to data submission to dbGaP?

    No. Exceptions do not need to be requested if only some participants decline to consent to broad sharing. Exceptions should be requested in the genomic data sharing plan of the funding application when the submission of the entire dataset would not be possible, e.g., because it would be prohibited by a local law (see section IV.C.5 of the NIH Genomic Data Sharing Policy at http://gds.nih.gov/PDF/NIH_GDS_Policy.pdf).

  5. What if participants agree to broad sharing but only for certain research uses? Do I need to request an exception to submit the data?

    No. Exceptions should only be requested if the entire dataset cannot be submitted (see section IV. C. 5 of the NIH Genomic Data Sharing Policy at http://gds.nih.gov/PDF/NIH_GDS_Policy.pdf). While the GDS Policy expects data to be collected with consent for the data to be shared broadly for future research purposes, if participants wish to limit the uses to which their data are put, the data may still be submitted. Data use limitations, which are based on the informed consent of the study participants, should be noted in both the genomic data sharing plan submitted as part of the funding request and in the Institutional Certification.

  6. Under the NIH GDS Policy, is it permissible to substitute an opt-out process for an informed consent process for broad sharing of genomic data from specimens or cell lines created or collected after the effective date of the Policy?

    No. NIH does not consider an opt-out process, which assumes participant permission, equivalent to an informed consent process that actively gains participant permission.

  7. Under the NIH Genomic Data Sharing (GDS) Policy, NIH is expecting participants’ consent for the use of their clinical specimens after January 25, 2015. Does this mean that NIH expects all of the required elements of informed consent under 45 CFR 46.116(d) to be included in a clinical consent, in order to meet the consent expectations under the Policy?

    No, the consent is not expected to meet all the elements specified in 45 CFR 46.116(d). The NIH GDS Policy expects investigators and institutions to have obtained informed consent, and encourages consent for future research use and broad sharing of genomic and phenotypic data generated from clinical specimens or cell lines collected or created after January 25, 2015, even if such specimens or cell lines are de-identified. For further information and guidance on what the elements of consent should include, see NIH Guidance on Consent for Future Research Use and Broad Sharing of Human Genomic and Phenotypic Data Subject to the NIH Genomic Data Sharing Policy.

  8. If my research was funded after the effective date of the NIH Genomic Data Sharing (GDS) Policy, January 25, 2015, but I am using clinical specimens that were collected before this date, do I need to have participants’ consent for future research uses and broad sharing of their genomic and phenotypic data?

    The GDS Policy expectations for obtaining participant consent for future research use and broad sharing applies to research using cell lines created or clinical specimens collected after January 25, 2015, even if they have been de-identified. NIH will continue to accept the submission and subsequent sharing of data derived from cell lines or clinical specimens lacking consent for research that were created or collected before the effective date of the GDS Policy. However, NIH strongly encourages investigators to transition to the use of specimens that have been consented for future research uses and broad sharing. Guidance on Consent for Future Research Use and Broad Sharing of Human Genomic and Phenotypic Data Subject to the NIH Genomic Data Sharing Policy may be found here: https://gds.nih.gov/pdf/NIH_Guidance_on_Elements_of_Consent_under_the_GDS_Policy_07-13-2015.pdf.

Back to Top


I. Submission of Non-Human Genomic Data to Unrestricted-Access Databases

  1. Why does the Genomic Data Sharing Policy (GDS) apply to research that involves non-human data?

    The sharing of materials, reagents, and data in a timely manner has been an essential element in advancing research on many non-human and model organisms that have contributed to biomedical research. By including research that involves non-human and model organism genomic data, the GDS Policy reaffirms the existing data sharing expectations under long-standing NIH genomic data sharing policies, including the 2003 NIH Data Sharing Policy and the 2004 NIH Model Organism Sharing Policy.  Additionally, many journals (e.g., Science, Cell, Nature, The Journal of Immunology, and Proceedings of the National Academy of Sciences USA) have adopted policies that require investigators to make unique research resources available so that research results can be verified and further research can be promoted. Establishing a comprehensive Policy for sharing of human and non-human genomic data helps NIH-funded investigators and institutions understand their responsibilities.

  2. Which repositories should investigators submit the non-human genomic data that they generated?

    Non-human genomic data are expected to be submitted in a timely manner under current practices and policies (e.g., the NIH Model Organism Sharing Policy, http://grants.nih.gov/grants/policy/model_organism/) to the same repositories that they submitted the data to before the effective date of the NIH Genomic Data Sharing Policy (e.g., DNA sequence data to GenBank/ENA/DDBJ, expression data to GEO or Array Express).

  3. Are the data included in NIH-designated genomic data repositories such as dbGaP subject to the Freedom of Information Act (FOIA)?

    As an agency of the Federal government, NIH is required to release government records in response to requests under FOIA, unless the records are exempt from release under one of the FOIA exemptions. NIH considers the release of genomic datasets in response to a FOIA request to constitute an unreasonable invasion of personal privacy under FOIA Exemption 6, 5 U.S.C. 552 (b)(6) and would therefore deny requests for such datasets. It is important to note, however, that FOIA affords requesters an opportunity to contest an agency’s determination.

  4. What specific sanctions are in place for investigators who violate the terms of access of the data to which they have been granted?

    NIH has a system in place for managing NIH Genomic Data Sharing (GDS) Policy compliance violations. When a violation of the terms of the Data Use Certification (DUC) Agreement by an approved Principal Investigator (PI) is identified, NIH will communicate with the PI, Signing Official (SO), and the relevant institutional officials, as appropriate, to obtain detailed information about the incident, how the problem was or will be resolved, and an institutional plan describing how similar incidents will be avoided in the future. PIs and the approved users associated with the project may be suspended from accessing and using controlled-access data subject to the GDS Policy for a length of time (e.g., three months), which is determined on a case by case basis using criteria such as the potential impact to research participants and scope of unauthorized data access). Additional penalties affecting the PI and/or institution may be levied, if appropriate. More information on Policy violations and past cases may be found on the NIH GDS website at: https://gds.nih.gov/20ComplianceStatistics_dbGap.html.

Back to Top


J. Governance

  1. Now that the Genomic Data Sharing (GDS) Policy is effective, will NIH consider comments from the research community and the general public and make any updates to the GDS Policy, if needed?

    NIH receives feedback on an ongoing basis from the scientific community and will update the Supplemental Information to the GDS Policy, when necessary and appropriate. Additionally, from its inception, dbGaP has solicited feedback from users and worked to improve data submission and access procedures, for example, the creation of a study compilation that allows investigators to submit a single request for access to all controlled-access aggregate and individual-level genomic data available for general research use. NIH will continue to seek user feedback and track the performance of the dbGaP system. Please send comments to the GDS mailbox at GDS@mail.nih.gov.

Back to Top


K. Research Participant Protections

  1. The Genomic Data Sharing Policy requires that data be de-identified by removing personal identifying information; however, it is possible to identify participants from genetic information. How will NIH ensure that data are used only for appropriate research?

    To use controlled-access human data, investigators and their sponsoring institutions must submit a project request and agree to both data security standards and a Genomic Data User Code of Conduct. Investigators and their Institutional Signing Official sign a < a href="http://gds.nih.gov/pdf/Model_DUC.pdf" target="_new">Data Use Certification (DUC) which specifies the conditions for the secondary research use of controlled access data, including:

    • Using the data only for the approved research;
    • Protecting data confidentiality
    • Following, as appropriate, all applicable national, tribal, and state laws and regulations, as well as relevant institutional policies and procedures for handling genomic data;
    • Not attempting to identify individual participants from whom the data were obtained;
    • Not selling any of the data obtained from the NIH-designated data repositories;
    • Not sharing any of the data obtained from the NIH-designated data repositories with individuals other than those listed in the project request;
    • Agreeing to the listing of a summary of approved research uses in dbGaP along with the investigator's name and organizational affiliation;
    • Agreeing to report, in real time, violations of the GDS Policy to the appropriate DAC;
    • Reporting research progress using controlled-access datasets through annual access renewal requests or project close-out reports;
    • Acknowledging in all oral or written presentations

    NIH Data Access Committees (DACs) ensure that secondary uses conform to the Data Use Limitations (DULs), specified by the submitters of the data, and may seek additional information from data requesters for project requests in which the proposed research use appears inconsistent with the stated DULs, the research intent is unclear, or there is concern about potential harm (e.g., stigmatization) to groups or populations. DACs may also consult with relevant technical or ethical experts to inform DAC deliberations. A list of all approved users and their proposed research is available for each study in dbGaP.

    For further safeguarding of human subject data, NIH has obtained a Certificate of Confidentiality for dbGaP, and encourages investigators submitting or accessing data to obtain a Certificate of Confidentiality for their research.

  2. Are there any conditions for using data in unrestricted-access repositories?

    As stated in the GDS Policy, investigators who download unrestricted-access data from NIH-designated repositories should not attempt to identify individual human research participants from whom the data were obtained and, in all oral and written presentations, disclosures, or publications, acknowledge the specific dataset or accession numbers and the repository through which the data were accessed.

  3. Will individuals be re-contacted if medically actionable incidental findings are discovered?

    The return of individual findings from research studies using data obtained from NIH-designated data repositories is expected to be rare, because secondary investigators will not be able to return individual results directly to a participant, as neither they nor the NIH genomic data repository will have access to participant identifiers. If a secondary investigator does generate clinically significant, medically actionable genetic results, he or she can only facilitate their return by contacting the contributing investigator. In such cases, when determining whether return of individual results is appropriate, the contributing investigator would be expected to comply with all applicable laws, regulations, and informed consent documents, as well as consider the risks and benefits of disclosure.

  4. What is the role of NIH Data Access Committees (DACs) in considering risks to individuals, their families, and groups or populations associated with data submitted to dbGaP?

    The NIH Genomic Data Sharing Policy states that all submissions of human genomic data should be accompanied by an Institutional Certification from the responsible Institutional Official(s) of the submitting institution that clearly delineates any limitations on the research use of the data, as expressed in the informed consent documents, and that, in submitting and sharing of the data, consideration has been given to risks to individuals, their families, groups or populations. NIH DACs use these Data Use Limitations (DULs) in their reviews to determine whether or not a project request conforms to the allowable uses of the data. In addition to ensuring that secondary uses conform to the DULs, DACs may consider potential harm (e.g., stigmatization) to groups or populations in their deliberations of project requests. The DACs may seek additional information from data requesters or consult with relevant technical or ethical experts to investigate requests in which the proposed research use appears inconsistent with the stated DULs, the research intent is unclear, or there is concern about potential harm to groups or populations.

  5. What specific sanctions are in place for investigators who violate the confidentiality of the data to which they have been granted?

    Under the Genomic Data Sharing (GDS) Policy investigators and their institutions seeking to access data from dbGaP must agree to a Data Use Certification (DUC) Agreement, which describes the terms associated with data use. Failure to adhere to terms of the DUC constitutes a compliance violation. As described in the DUC, investigators and their institutions agree to notify the appropriate DAC(s) of any violation of or departure from the terms of the DUC within 24 hours of when the incident is identified. When a violation is reported, the appropriate DAC Chair is responsible for corresponding with the users and institution involved in the incident to gain an understanding of the full scope of the violation, to take immediate action to protect dbGaP data, and implement remediation, as necessary. Additional information on Policy compliance violations may be found at: http://gds.nih.gov/20ComplianceStatistics_dbGap.html.

Back to Top


L. Institutional Review Board (IRB) Involvement

  1. Are submitting institutions expected to certify that data submission is consistent with applicable laws and regulations in effect at any and all locations at which data were collected?

    Certification must be provided for all sites contributing samples either through a multi-center or single site certification. For a multi-center certification the primary site may submit one Institutional Certification indicating that they are providing certification on behalf of all collaborating sites. NIH understands that the submitting institution is not necessarily the local institution or IRB of record for all data collected in a multi-site study, thus the submitting institution need not certify that the expectations of the GDS Policy are met for data collected by other institutions within its multi-center arrangement. However, the submitting institution should assure NIH through the submission of the institutional certification that, based on either its own review or assurance from other institutions, the expectations of the GDS Policy are met for the entire dataset. Further, the submitting institution should explicitly identify within the certification any data use limitations that apply to the submitted dataset or subsets of such data collected at all sites. In obtaining assurance from other sites in a multi-site study, the submitting institution should retain copies of any information it receives from other data collecting sites. Alternatively, each site providing samples may provide their own single site Institutional Certification.

  2. What is the Institutional Review Board's (IRB's) role in submission of data to an NIH data repository?

    Prior to funding award, the responsible institutional official of the submitting institution should provide an Institutional Certification that, among other things, assures that an IRB and/or Privacy Board, as applicable, has reviewed the investigators proposal for data submission and assures that the protocol for the collection of genomic and phenotypic data is consistent with human subjects regulations data submission and subsequent data sharing for research purposes are consistent with the informed consent of study participants from whom the data were obtained, consideration was given to the risks to individuals, their families, and groups or populations associated with data, and that the investigator’s plan for de-identifying datasets is consistent with the standards outlined in the NIH Genomic Data Sharing (GDS) Policy. Additional information on Institutional Certifications may be found on the NIH GDS website at https://gds.nih.gov/Institutional_Certifications.html and the Points to Consider for Institutions and Institutional Review Boards in Submission and Secondary Use of Human Genomic Data under the National Institutes of Health Genomic Data Sharing Policy at: https://gds.nih.gov/pdf/GDS_Points_to_Consider_for_Institutions_and_IRBs.pdf.

Back to Top


M. Exceptions

  1. Are there cases in which data sharing will not be possible? What is the process for request an exception? What are permissible exceptions to the Genomic Data Sharing (GDS) Policy?

    NIH acknowledges that data sharing is not always possible. Exceptions to the data sharing expectation may be requested in cases where the criteria in the Institutional Certification cannot be met. An explanation for the exception request and an alternative mechanism for data sharing should be included in the genomic data sharing plan of the funding application or proposal. Exceptions are granted on a case-by-case basis, and if the funding NIH Institute or Center grants an exception to submission, the research will be registered in dbGaP and the reason for the exception and the alternative sharing plan will be described. Examples of factors that may preclude submission of data include international laws, limitations in the original informed consents, or concerns about harms to individuals or groups.

  2. Will exceptions granted by NIH satisfy a scientific journal that has a data sharing policy?

    Investigators should consult with the journal editor regarding the journal’s data sharing policy. Many journals state that exceptions for data sharing may be granted at the discretion of the editor, especially for sensitive information such as data from human research participants.

  3. What is the process for requesting exceptions to the data sharing expectation under the NIH Genomic Data Sharing Policy?

    Applicants who believe that they will be unable to meet the criteria in the Institutional Certification will be asked to explain in detail why data sharing is not possible in the genomic data sharing plan in the Resource Sharing Plan section of the funding application. Exceptions to the data sharing expectation will be considered for funding by Institutes and Centers on a case-by-case basis. For NIH Intramural investigators, exceptions are approved by the Deputy Director for Intramural Research. For transparency purposes, when exceptions are granted, studies will still be registered in either the database of Genotypes and Phenotypes (dbGaP), or NCBI BioProject and the reason for the exception will be included in the registration record, and a reference will be provided to an alternative data-sharing plan or resource, if available.

  4. Under the GDS Policy, am I allowed to use samples of cell lines that were collected or created after the Policy effective date if participants have not provided consent?

    The NIH Genomic Data Sharing (GDS) Policy allows exceptions to the consent expectation from de-identified clinical specimens or cell lines collected or created after the effective date of the Policy for “compelling scientific reasons,” i.e., in exceptional situations for proposed research that has the potential to advance scientific or medical knowledge significantly and could not be conducted if consent had to be obtained. The funding NIH Institute or Center will determine whether the investigators’ justifications for the use of clinical specimens or cell lines for which no consent for research was obtained are acceptable, as provided in their funding application and Institutional Certification.

Back to Top


N. Publication

  1. How should the work of submitters of genomic data to controlled-access NIH-designated data repositories be acknowledged by secondary users?

    NIH expects that all secondary users of genomic datasets will acknowledge the contributing investigators who conducted the original studies, the funding organization(s) that supported the work, the accession number of the dataset(s) used, and the data repository in all resulting oral or written presentations, disclosures, or publications of the analyses. All approved data users agree to this acknowledgement policy through the terms of use described in the Data Use Certification for each controlled-access dataset. A similar acknowledgement is expected for data maintained in unrestricted access repositories.

Back to Top

WHITE SPACER NATIONAL INSTITUTE OF HEALTH LOGO WHITE SPACER DEPARTMENT OF HEALTH AND HUMAN SERVICES LOGO WHITE SPACER USA.GOV LOGO
FOOTER HOME NAVIGATION BUTTON FOOTER CONTACT US NAVIGATION BUTTON FOOTER GLOSSARY NAVIGATION BUTTON FOOTER FAQS NAVIGATION BUTTON FOOTER SEARCH NAVIGATION BUTTON FOOTER PRIVACY NOTICE NAVIGATION BUTTON FOOTER DISCLAIMER NAVIGATION BUTTON FOOTER ACCESSIBILITY NAVIGATION BUTTON FOOTER FOIA NAVIGATION BUTTON FOOTER HELP DOWNLOADING FILES NAVIGATION BUTTON FOOTER SITE MAP NAVIGATION BUTTON