Implementation Update for Data Management and Access Practices Under the NIH Genomic Data Sharing Policy

Implementation Update for Data Management and Access Practices Under the NIH Genomic Data Sharing Policy

The National Institutes of Health (NIH) is updating two practices under the NIH Genomic Data Sharing (GDS) Policy to continue to promote responsible data management and access. These changes are to ensure GDS Policy implementation continues to evolve alongside changing practices for collecting, sharing, and using controlled-access human genomic data and include (1) modernizing security standards provided in the “NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy”and (2) establishing minimum expectations for access to controlled-access data by developers. This implementation update will take effect on January 25, 2025.

Scope and Applicability

This update applies to all NIH funding mechanisms (grants, cooperative agreements, contracts, Other Transactions, and intramural support) regardless of the activity code that support the following activities:

  • Approved Users of controlled-access human genomic data from NIH controlled-access data repositories.
  • NIH controlled-access data repositories and access systems that meet the following criteria:
    • Are supported by a NIH grant, cooperative agreement, Other Transaction, contract, or intramural support;
    • Provide long-term storage for, or control access to, human genomic data generated and shared under the GDS Policy;
    • Control access to human genomic data by prospective review of data access requests or partner with access systems that control access via prospective review of requests; and
    • Use federal employees to conduct reviews and authorize access, or partner with access systems that use federal employees for those purposes.
  • Developers who test platforms, pipelines, analysis tools, and user interfaces that store, manage, and interact with human genomic data from NIH controlled-access data repositories as well as provide infrastructure development and repository maintenance.

NIH will treat cloud workspaces meeting the above criteria as controlled-access data repositories subject to the relevant expectations under this update. NIH does not intend to include in the definition of controlled-access data repositories activities such as consortia data coordinating centers or similar activities that do not share data outside of a specific program or initiative.

NIH Notice NOT-OD-24-157 provides full background and implementation details.  

Related Notices

  • November 30, 2021 - Request for Information on Proposed Updates and Long-Term Considerations for the NIH Genomic Data Sharing Policy. See Notice NOT-OD-22-029
  • October 29, 2020 - Final NIH Policy for Data Management and Sharing. See Notice NOT-OD-21-013
  • August 27, 2014 - NIH Genomic Data Sharing Policy See Notice NOT-OD-14-124