Skip to content Skip to navigation

NIH Finalizes Policy on Genomic Data Sharing

August 29, 2014
by Rajiv Leventhal
| Reprints

The National Institutes of Health (NIH) has issued its final policy on genomic data sharing (GDS) in an effort to promote data sharing as a way to speed the translation of data into knowledge, products and procedures that improve health while protecting the privacy of research participants.

The final policy was posted in the Federal Register on Aug. 26 and published in the NIH Guide for Grants and Contracts the following day.

Starting with funding applications submitted for a Jan. 25, 2015, receipt date, the policy will apply to all NIH-funded, large-scale human and non-human projects that generate genomic data. This includes research conducted with the support of NIH grants and contracts and within the NIH Intramural Research Program. NIH officials finalized the policy after reviewing public comments on a draft released in September 2013.

The GDS policy can be traced to the Human Genome Project, completed in 2003, which required rapid and broad data release during its mapping and sequencing of the human genome. The GDS policy is an extension of and replaces the Genome-Wide Association Studies (GWAS) data sharing policy, according to NIH officials.

Since 2007, the GWAS policy has governed biomedical researchers’ submission and access to human data through the NIH database for genotypes and phenotypes (dbGaP). Its two-tiered data distribution system has made some information and data available to the public without restrictions. Access to other data has been controlled and made available only for research purposes consistent with the consent provided by participants in the original study.

A key tenet of the GDS policy is the expectation that researchers obtain the informed consent of study participants for the potential future use of their de-identified data for research and for broad sharing. NIH also has similar expectations for studies that involve the use of de-identified cell lines or clinical specimens.

The two-tiered system for providing access to human data is based on data sensitivity and privacy concerns developed under the GWAS policy will continue. For controlled-access data, investigators will be expected to use data only for the approved research, protect data confidentiality (including not sharing the data with unauthorized people), and acknowledge data-submitting investigators in presentations and publications.

NIH expects any institution submitting data to certify that the data were collected in a legal and ethically appropriate manner and that personal identifiers, such as name or address, have been removed. The NIH GDS policy also expects investigators and their institutions to provide basic plans for following the GDS policy as part of funding proposals and applications.

“Everyone is eager to see the incredible deluge of molecular discoveries about disease translated into prevention, diagnostics, and therapeutics for patients,” Kathy Hudson, Ph.D., NIH deputy director for science, outreach and policy, said in a news release statement. “The collective knowledge achieved through data sharing benefits researchers and patients alike, but it must be done carefully. The GDS policy outlines the responsibilities of investigators and institutions that are using the data and also encourages researchers to get consent from participants for future unspecified use of their genomic data.”



EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.

Healthcare Organizations Again Go to Bat for AHRQ

Healthcare organizations are once again urging U.S. Senate and House leaders to protect the Department of Health and Human Services’ Agency for Healthcare Research and Quality (AHRQ) from more budget cuts for 2017.

ONC Pilot Projects Focus on Using, Sharing Patient-Generated Health Data

Accenture Federal Services (AFS) has announced two pilot demonstrations with the Office of the National Coordinator for Health Information Technology (ONC) to determine how patient-generated health data can be used by care teams and researchers.

Is it Unethical to Identify Patients as “Frequent Flyers” in Health IT Systems?

Several researchers from the University of Pennsylvania addressed the ethics of behavioral health IT as it relates to “frequent flyer” icons and the potential for implicit bias in an article published in JAMA.