The National Institutes of Health (NIH) issued the Genomic Data Sharing Policy (GDS Policy) effective January 25, 2015. This policy describes the responsibilities of investigators and institutions for the submission of human and non-human genomic data to data repositories and the secondary research use of such data as well as expectations regarding intellectual property.
The GDS Policy applies to all NIH-funded research (e.g., grants, contracts, intramural research) that generates large-scale human or non-human genomic data, regardless of the funding level, as well as the future use of the data. Large-scale data include genome-wide association studies (GWAS), single nucleotide polymorphisms (SNP) arrays, and genome sequence, transcriptomic, epigenomic, and gene expression data.
Grant applications and IRB protocols should include details of the required data sharing plan. In general, consent documents should include language that allows for the broad future sharing of genom​​ic data.
The GDS Policy and related documents are available at: https://osp.od.nih.gov/scientific-sharing/genomic-data-sharing/
Principal Investigator Responsibilities
Investigators should contact NIH program officials as early as possible to discuss expectations and timelines for data sharing applicable to a proposed study. In addition, funding proposals must include a Genomic Data Sharing Plan for following the GDS policy within the Resource Sharing Plan section of the proposal. Data Sharing plans should describe how the expectations of the policy will be met, including how data will be de-identified, how consent will be obtained, and how the consent language will be written to specify broad sharing.
If the Investigator receives a request from the NIH for Just-In-Time (JIT), the NIH anticipates that a more detailed Genomic Data Sharing Plan must be provided as part of the Just-In-Time submission.
Data Sharing Plan
Information regarding how a research project will share large-scale genomic data should be described in the Resource Sharing Plan section of the grant application or as per instructions in a Request for Proposals for a contract. Certain NIH Funding Opportunities and Notices may specify different instructions.
At a minimum, such data sharing plan should include:
- ​​Type of data that will be shared (i.e., the type of genomic data, relevant associated data, and information necessary to interpret the data)
- The data repository to which the data will be submitted
- The timeline for the data to be shared
- Any limitations on the secondary research uses of the data, if the study involved human data
- ​Acknowledgement that the Institutional Certification will be submitted and assurance by the Institutional Review Board (IRB) that the data can be shared through NIH-designated data repositories, consistent with data sharing under the NIH GDS Policy
Obtaining Consent
For studies initiated after the effective date of the GDS policy, NIH expects investigators to obtain participants’ consent for their genomic and phenotypic data to be used for future research purposes and to be shared broadly. In order to meet the expectations for future research use and broad sharing under the GDS Policy, the consent should capture and convey in language understandable to prospective participants information along the following lines:
- Genomic and phenotypic data, and any other data relevant for the study (such as exposure or disease status) will be generated and may be used for future research on any topic and shared broadly in a manner consistent with the consent and all applicable federal and state laws and regulations.
- Prior to submitting the data to an NIH-designated data repository, data will be stripped of identifiers such as name, address, account and other identification numbers and will be de-identified by standards consistent with the Common Rule. Safeguards to protect the data according to Federal standards for information protection will be implemented.
- Access to de-identified participant data will be controlled, unless participants explicitly consent to allow unrestricted access to and use of their data for any purpose.
- Because it may be possible to re-identify de-identified genomic data, even if access to data is controlled and data security standards are met, confidentiality cannot be guaranteed, and re-identified data could potentially be used to discriminate against or stigmatize participants, their families, or groups. In addition, there may be unknown risks.
- No direct benefits to participants are expected from any secondary research that may be conducted.
- Participants may withdraw consent for research use of genomic or phenotypic data at any time without penalty or loss of benefits to which the participant is otherwise entitled. In this event, data will be withdrawn from any repository, if possible, but data already distributed for research use will not be retrieved.
- ​The name and contact information of an individual who is affiliated with the institution and familiar with the research and will be available to address participant questions
See the sample consent found in the Forms section of the UAB IRB website at:
Institutional Certification
Institutions are responsible for assuring, through an Institutional Certification, that plans for the submission of large-scale human genomic data to the NIH meet the expectations of the Genomic Data Sharing Policy. Prior to award, investigators must submit an Institutional Certification that the data are appropriate for sharing and consistent with the informed consents of the study participants.
The Institutional Certification is submitted by the Institutional Official as part of the Just-in-Time process and specifies terms and conditions under which human data may be shared. The Institutional Certification should state whether the data will be submitted to an unrestricted- or –controlled-access database. For submissions to controlled access and, as appropriate for unrestricted access, the Institutional Certification should assure that:
- ​The data submission is consistent, as appropriate, with applicable national, tribal, and state laws and regulations as well as relevant institutional policies;
- Any limitations on the research use of the data, as expressed in the informed consent documents, are delineated;
- The identities of research participants will not be disclosed to NIH-designated data repositories; and
- An IRB, privacy board, and/or equivalent body, as applicable, has reviewed the investigator’s proposal for data submission and assures that:
- ​​The protocol for the collection of genomic and phenotypic data is consistent with 45 CFR Part 46;
- Data submission and subsequent data sharing for research purposes are consistent with the informed consent of study participants from whom the data were obtained;
- Consideration was given to risks to individual participants and their families associated with data submitted to NIH-designated data repositories and subsequent sharing;
- To the extent relevant and possible, consideration was given to risks to groups or populations associated with submitting data to NIH-designated data repositories and subsequent sharing; and
- The investigator’s plan for de-identifying datasets is consistent with the standards outlined in the GDS Policy (see section IV.C.1. in the GDS Policy).
Investigators are encouraged to obtain a Certificate of Confidentiality to help protect against compelled disclosure of any personally identifiable information.
Process for Obtaining a Signed Institutional Certification
Investigators may obtain a Signed Institutional Certification for a study at the time of original submission or through an amendment to the protocol.
To obtain Institutional Certification during the intial review of a protocol, the PI should include the following documentation with the original submission:
- ​Detailed Data Sharing Plan
- Any known data use limitations
- Indication of whether any aggregate-level data are appropriate for general research use
- Contact information of the relevant NIH GDS Program Adminstrator
To obtain Institutional Certification for an existing, IRB-approved protocol, the PI should submit a request via a Protocol Revision Amendment Form (224) to the IRB and include the following documentation:
- Human Subjects Protocol (most current version)
- Detailed Data Sharing Plan
- Informed consent document (all versions) delineating whether participants’ individual-level data will be shared through unrestricted or controlled access repositories
- Any known data use limitations
- Indication of whether any aggregate-level data are appropriate for general research use
- ​Contact information of the relevant NIH GDS Program Administrator