This article provides a comprehensive, step-by-step guide to Element 5 of the National Institutes of Health (NIH) Data Management and Sharing (DMS) Policy: Access, Distribution, or Reuse Considerations.
Suggestions: Review the Overview of 2023 NIH Data Management and Sharing Policy for information on all areas and requirements for submitting an NIH DMS Plan with your grant application.
For example plans, see List of Sample Data Management and Sharing Plans.
Element 5: Access, Distribution, or Reuse Considerations – Content
Requirement 1 Examples Fill-in-the-Blank Template NIH Guidance
Requirement 2 Examples Fill-in-the-Blank Template
Requirement 3 Examples Fill-in-the-Blank Template
Additional Resources
Element 5: Requirement 1
The NIH expects that in drafting plans, researchers will maximize the appropriate sharing of scientific data. Describe and justify any applicable factors or data use limitations affecting subsequent access, distribution, or reuse of scientific data related to informed consent; privacy and confidentiality protections; and any other considerations that may limit the extent of data sharing.
Some data may require extra preparation before they can be shared. In this section, you should describe what legal, ethical, or technical issues will require limiting the sharing of your data. Examples may include existing legal limits such as data licenses or use agreements, issues of proprietary IP development, technical limits relating to the size or structure of the data, or ethical issues concerning human subjects’ privacy.
Key issues in justification of limitations on sharing human subjects’ data specifically may be informed consent (e.g., disease-specific limitations, particular communities’ concerns) or privacy and confidentiality protections (i.e., de-identification, Certificates of Confidentiality, and other protective measures). Specific steps for the preparation of human subjects’ data can be addressed in the protections for privacy subquestion below.
Element 5: Requirement 1 Examples
Sample Plan Text
To address safety and security concerns related to capturing and distributing pictures or video of vertebrate research animals, access and distribution of behavioral video files generated in our lab during brain inactivation studies of non-human primates will be limited as described and justified in the IACUC protocol governing the project and in compliance with the "Image Recordings of Research Animals" Standard Operating Procedure at our institution. There are no other factors that will impact the access, distribution, and reuse of all other scientific data generated by this study.
Fill-in-the-Blank Template
There are no anticipated factors or limitations that will affect the access, distribution, or reuse of the scientific data generated by the proposal.
OR
Due to _______ [ethical, legal, technical considerations], access/distribution/reuse of the resulting scientific data will be limited and approved/monitored by ________ [describe the approach to limiting access/distribution/reuse].
Element 5: Requirement 1 NIH Guidance
Any potential limitations on subsequent data use should be communicated to the individuals or entities (for example, data repository managers) that will preserve and share the scientific data. The NIH institutes, centers or offices (ICOs) will assess whether an applicant’s DMS Plan appropriately considers and describes these factors.
Expectations for Human Genomic Data Subject to the GDS Policy
How to access genomic data varies depending on which repository you select. Refer to the Accessing Genomic Data from NIH Repositories page on the NIH sharing site.
Informed Consent Expectations
Data Created or Collected After Implementation of GDS Policy
For research involving the generation of large-scale human genomic data from cell lines or clinical specimens that were created or collected AFTER the effective date of the GDS Policy (Jan. 25, 2015):
NIH expects that informed consent for future research use and broad data sharing will have been obtained. This expectation applies to de-identified cell lines or clinical specimens regardless of whether the data meet technical and/or legal definitions of de-identified (i.e. the research does not meet the definition of “human subjects research” under the Common Rule).
Data Created or Collected Before Implementation of GDS Policy
For research involving the generation of large-scale human genomic data from cell lines or clinical specimens that were created or collected BEFORE the effective date of the GDS Policy:
There may or may not have been consent for research use and broad data sharing. NIH will accept data derived from de-identified cell lines or clinical specimens lacking consent for research use that were created or collected before the effective date of this policy.
Expectations for Institutional Certifications and Data-Sharing Limitations
- DMS Plans complying with the GDS Policy should address limitations on sharing by anticipating sharing according to the criteria of the Institutional Certification.
- In cases where it is anticipated that Institutional Certification criteria cannot be met (i.e., data cannot be shared as expected by the GDS Policy), investigators should state the Institutional Certification criteria in their DMS Plan. They should explain why the element cannot be met and indicate what data, if any, can be shared and how to enable sharing to the greatest extent possible (for example, sharing data in a summary format). In some instances, the funding NIH entity may need to determine whether to grant an exception to the data submission expectation under the GDS Policy.
- Investigators conducting research subject to the GDS Policy should indicate in their DMS Plan if a study should be designated as “sensitive” for the purposes of access to Genomic Summary Results (GSR), as described in NOT-OD-19-023.
Element 5: Requirement 2
State whether access to the scientific data will be controlled (i.e., made available by a data repository only after approval).
If you are using a controlled-access repository, you must provide information about the restrictions and control mechanisms in place for access to the scientific data. Check the repository you intend to use to find out more about whether and how the repository supports controlled access.
If you are not using controlled-access repositories, you can skip this section, or state “Controlled access will not be used. The data that is shared will be shared by unrestricted download.”
Element 5: Requirement 2 Examples
Sample Plan Text
Data will be available by controlled access only. To access data arising from this project, users must complete the Vivli data request form and sign the Vivli Data Use Agreement (DUA), which limits subsequent use to the terms of the approved request and requires that users maintain data security and refrain from any attempts to re-identify research participants or engage in unauthorized uses of the data. To get access to the data, the user must submit a valid scientific question, include a statistical analysis plan, and complete all required fields on the Vivli data request form. Vivli will review the data request for completeness.
Fill-in-the-Blank Template
Given the sensitive nature of the dataset, data will be made available in ________ [name of data repository], which restricts access to the data to ______ [describe restriction, e.g. to qualified investigators with an appropriate research question and approved data use agreement]. Data can be accessed by _____ [describe data repository access methods and measures].
Element 5: Requirement 3
This subsection applies to studies involving human research participants. Other studies can generally skip Element 5: Requirement 3.
If generating scientific data derived from humans, describe how the privacy, rights, and confidentiality of human research participants will be protected (e.g., through de-identification, Certificates of Confidentiality, and other protective measures).
Certain kinds of data, especially human subjects’ data, require extra preparation before they can be shared to ensure participant privacy. In this section, you will describe your approach to preparing human subjects’ data for sharing and note any additional restrictions or policies that will impact access to your data. If you are working with human subjects, you should also describe how you will address data management and sharing in your informed consent process. You will also need to describe your methods for ensuring privacy and confidentiality, including how you will de-identify your data.
If you have decided that a controlled-access repository (where researchers must apply to access data) is a better fit for your data than an open repository, you should describe the repository's access procedures. Finally, if there are any other laws, policies, or existing agreements that impact your ability to share your data, you should describe them here.
Element 5: Requirement 3 Examples
Sample Plan Text
The images are fully de-identified by removing all HIPAA-protected direct and indirect identifiers. The original DICOM files are converted to compressed “.nii.gz” / ”.json” using dcm2niix (https://github.com/rordenlab/dcm2niix) with the anonymization option according to BIDS guidelines. The “.json” preserves the technical information from the image header. All the high-resolution T1-WI MPRAGE, the low-resolution T1-WIs, and FLAIR with full head coverage are defaced using FSL (https://surfer.nmr.mgh.harvard.edu/fswiki/mrideface). Another round of visual quality control was performed to secure complete anonymization of possible face recognition by 3D reconstruction. In consultation with the Johns Hopkins Data Services librarians (partners in this project), we removed sensitive information and possible remaining indirect identifiers, making the data compatible with HIPAA “Safe Harbor” regulations. Johns Hopkins IRB and JHM Data Trust committee reviewed and approved the de-identification and sharing plan. Because these data were originally assembled under a waiver of consent, Johns Hopkins policy requires restricted access for approved research. ICSPR will release the data as a restricted-use collection under a Data Use Agreement (DUA). Sharing is for research use, restricted to biomedical research in academic institutions, requiring that the source is cited in future publications. ICPSR’s researcher approval process is described at https://www.icpsr.umich.edu/web/pages/ICPSR/access/restricted/. Researchers from institutions without an ICPSR membership must pay an access fee for the data. This project will assess funding to cover access fees for requests as feasible. ICPSR employs industry-standard security and stringent access requirements. ICPSR will monitor data usage and citations that reference or reuse the collection.
Fill-in-the-Blank Template
In order to ensure participant consent for data sharing, Institutional Review Board paperwork and informed-consent documents will include language describing plans for data management and sharing of data, specifying the motivation for sharing, and explaining that personal identifying information will be removed.
To protect participant privacy and confidentiality, shared data will be de-identified using the ______ methods [describe de-identification methods, noting any other applicable laws or policies such as HIPAA].
Tip: Using the DMPTool
There are currently no specific formatting requirements included in the NIH DMS Application Guide. However, there is a helpful DMPTool, a free online wizard that walks you through the process of creating an NIH-compliant DMS Plan. The information in this article includes examples from DMPTool.
NIH Guide Notice: As outlined in the NIH Guide Notice Supplemental Policy Information: Elements of an NIH Data Management and Sharing Plan, DMS Plans should address six elements (areas): Data Type; Tools, Software, and Code; Data Standards; Data Preservation, Access, and Associated Timelines; Access, Distribution, or Reuse Considerations; and Oversight of Data Management and Sharing, as described in the Application Guide. The NIH suggests that a DMS Plan be no more than two pages. The plan should be attached to the application as a PDF file, as outlined in the NIH’s Format Attachments page.
Additional Resources
- DMPTool
- HIPAA Guidance on De-Identification
- LibGuide from LaTrobe University on DeIdentification
- NLM-Scrubber
NLM-Scrubber is a freely available clinical text de-identification tool designed and developed at the National Library of Medicine. The aim is to enable clinical scientists to access clinical health information that is not associated with the patient by following the Safe Harbor principles as outlined in the HIPAA Privacy Rule. - Applications to Assist in De-Identification – Johns Hopkins
- Sample Data Usage Agreement
Related Articles
- NIH DMS Policy Overview: This article includes an overview of the NIH DMS Policy and links to all other Element articles.
- Sample NIH Data Management and Sharing Plans: Examples of completed DMS Plans.
Sources
NIH Template Working Group*. (2023). DMPTool NIH-Default DMSP template, v9. In California Digital Library (Ed.), DMPTool [DMP authoring software]. Retrieved from https://dmptool.org/template_export/118304408.pdf
* More information on the NIH Template Working Group history and membership can be found at https://blog.dmptool.org/2022/08/18/supporting-the-upcoming-nih-data-sharing-requirements-with-the-dmptool/