
The National Institutes of Health (NIH) has announced significant updates to its Genomic Data Sharing Policy, which will take effect Jan. 25, 2025. These changes aim to enhance the security and management of controlled access data, reflecting the growing importance of data protection in the face of increasing global threats.
Key changes
- NIH will now require genomic data repositories to comply with the NIST SP 800-171 standard, which is more stringent than previous guidelines.
- Approved users of NIH controlled-access data must attest that their institution complies with NIST SP 800-171. This includes those using third-party IT systems or Cloud Service Providers (CSPs) for data analysis and storage.
Impact on researchers
The policy is not retroactive. Approved users operating under existing Data Use Certifications or similar agreements signed before the effective date can continue under the terms of those agreements until renewal. This policy change affects new and renewed requests for data access from these 20 NIH-supported data repositories. For example, researchers seeking to access controlled human genomic data from dbGaP must attest that their systems meet NIST SP 800-171 requirements. Additionally, these changes may require specialized systems or the use of third-party systems to meet the new requirements, which will need to be factored into grant budgets. Additional information is provided by the NIH Frequently Asked Questions (FAQs) web page.
Preparing for the changes
UAB IT recommends researchers leverage UAB’s Cheaha high-performance computing system for managing this data. All systems in a researcher’s data pipeline for NIH controlled-access data must comply with NIST SP 800-171, which requires significant effort.
Cheaha, managed by UAB IT’s Research Computing office, has previously been audited for HIPAA alignment, and controls overlap significantly with NIST SP 800-171. Research Computing is validating those controls against NIST SP 800-171 and developing a plan to address any gaps. Researchers will be able to use Cheaha to analyze NIH controlled-access data. Documentation for using Cheaha is available at docs.rc.uab.edu/.
Resources
- Read the official notice from NIH.
- Visit the NIH Genomic Data Sharing Policy
- Review the NIH FAQs.
- Visit the RDM libguide for information about the NIH genomic data sharing (GDS) policy.
- For policy help: Researchers with questions about the new policy can seek assistance from the Office of Sponsored Programs at osp@uab.edu.
- For technical help: Questions about IT systems can be directed to AskIT@uab.edu. UAB IT Research Computing can also be reached by email to support@listserv.uab.edu.