Overview

The National Institutes of Health (NIH) issued the NIH Policy for Data Management and Sharing (DMS Policy) to promote the management and sharing of scientific data generated from NIH-funded or conducted research. This Policy establishes the requirements of submission of Data Management and Sharing Plans (hereinafter Plans) and compliance with NIH Institute, Center, or Office (ICO)-approved Plans. It also emphasizes the importance of good data management practices and establishes the expectation for maximizing the appropriate sharing of scientific data generated from NIH-funded or conducted research, with justified limitations or exceptions. This Policy applies to research funded or conducted by NIH that results in the generation of scientific data.

For more information watch:

• Preparing for the NIH Data Management and Sharing Policy
• Putting the NIH Data Management and Sharing Policy into Practice at Brown (slides available here)
• Creating Data Management Plans with DMPTool

What Is a Data Repository?

A data repository holds data and makes that data available for future use by the broader research community. Data repositories may have specific requirements about the research topic, data re-use and access, file format, and data structure that can be used. This process gives researchers access to more data than they could collect on their own making it easier and faster for them to gather, evaluate, and share research information and results from multiple sources. Many data repositories have restrictions on who can add and access data.

What in the World Is a GUID?

A Global Unique Identifier (GUID) is an alphanumeric code that is created as an identifier for a research participant. The GUID provides a secure mechanism to link research participants within and across research project datasets in specific data repositories. In order to create a GUID, researchers will need to collect participants’ personal information as it appears on their birth certificate (first name, middle name [if applicable], last name, date of birth, sex, and town/city/municipality of birth). This personal information will never be shared with the data repository.

To GUID or Not to GUID, That Is the Question

If awarded a grant from specific NIH Institutes, Centers, or Offices, a PI may be required to ask their participants to share their anonymized data with an NIH data repository. At this time, the following institutes may include this requirement:

• The Eunice Kennedy National Institute of Child Health and Human Development (NICHD)
• National Human Genome Research Institute (NHGRI)
• National Institute of Alcohol Abuse and Alcoholism (NIAAA)
• National Institute on Deafness and Other Communication Disorders (NIDCD)
• National Institute of Environmental Health Sciences (NIEHS)
• National Institute of Mental Health (NIMH)
• National Institute of Neurological Disorders and Stroke (NINDS)

Learn more about the NIMH Data Archive (NDA) and the NIAAA Data Archive (NIAAA_DA).

When to Say "No" to Data Sharing

The NIH expects that there may be some situations in which researchers should limit data sharing. Scientific justifications for these situations must be described in the NIH Data Management Sharing Plan and assessed by the NIH.

Potentially justifiable examples include:

• Informed consent and/or assent documents will not permit or will limit the scope or extent of data sharing and future use of research data
• Existing consent and/or assent documents prohibit sharing or limit the scope or extent of sharing and future use of research data
• Privacy or safety of research participants would be compromised or place them at greater risk of re-identification or suffering harm, and protective measures such as de-identification and a Certificate of Confidentiality would be insufficient
• Explicit federal, state, local, or Tribal law, regulation, or policy prohibits disclosure
• Datasets cannot practically be digitized with reasonable efforts

Potentially not justifiable examples include:

• Data are considered too small
• Data that researchers anticipate will not be widely used
• Data are not thought to have suitable repository

New Funding for an Approved Study: What Now?

If you receive new NIH funding for your IRB-approved study, you will need to add the data repository consent process and consent material as a revision to your approved research protocol.

To add this consent addendum, submit a Revision Request Form to [email protected]. Along with the Revision Request Form, you will need the applicable data repository consent template and an update to your protocol.

Another Consent for Data Uploads?

Yes! A data repository consent process must be documented by research participants and/or their parents/guardians in order for the research team to share the research data with a data repository. Brown has two sets of data repository informed consent templates: GUID Data Repository Consent Templates, and Data Repository Consent Templates for use with data repositories that do not use GUIDs.

The data repository consent templates contain all the regulatory information repositories need to complete this process and to protect participants. They were created as a collaborative effort by the Human Research Protection Program and the Research Data Team with input from the Institutional Review Board and the NIH.

Modifying these documents should only be necessary in rare situations. You may only make a change after consulting with the HRPP to ensure that the changes do not affect the data repository consent requirements.

The variables listed in the GUID data repository consent template’s “What will happen to my research data?” section is required by the NIH data repositories and cannot be changed.

I Just Learned About GUIDs! What's a Pseudo-GUID?

Participant data shared with NIH data repositories using GUIDs are not identifiable. All participant identifiers are removed by Brown researchers before the data is added to the NIH data repository to protect the confidentiality of participants.

If participants would like to share their data, but are reluctant to provide their personally identifiable information (PII) in order to create a GUID, researchers can create a pseudo-GUID to protect participant confidentiality. If participants choose to share their research data using the pseudo-GUID process, researchers should create a random identifier without any PII.

Researchers and the NIH treat a GUID created with PII and a pseudo-GUID created without PII the same. This means that any pseudo-GUID must follow the requirements of the NIH data repository by:

• Remaining linked to a single participant,
• Maintaining that link for the life of your study,
• Using that pseudo-GUID to share data about the participant with the data repository, and
• Allowing the participant the ability to withdraw any unshared data from the data repository at any time.

It is important to note that a pseudo-GUID only allows a participant to share data from a single study. If participants want to share and link their research data across multiple studies, it will be necessary for participants to share their PII will researchers in order to create a GUID.

Is It Really Possible To Remove Data From a Data Repository?

Yes, participants can withdraw their data at any time from the NDA. However, any data from the NDA that has already been shared with other researchers cannot be retracted, as Brown’s consent addendum states.