MSU HRPP Manual Section 2-2-F-iv

U.S. National Institutes of Health Data Management and Sharing

On or after January 25, 2023, the U.S. National Institutes of Health (NIH) requires researchers to prospectively plan for how scientific data will be preserved and shared through submission of a Data Management and Sharing (DMS) Plan. Upon NIH approval of a Plan, NIH expects researchers and institutions to implement data management and sharing practices as described. The DMS Policy is intended to establish expectations for DMS Plans, which applicable NIH Institutes, Centers and Offices may supplement as appropriate.

• For the 2023 policy, see the “Final NIH Policy for Data Management and Sharing” (NOT-OD-21-013), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-013.html

• For the 2003 policy, see the “Final NIH Statement on Sharing Research Data” (NOT-OD-03-032), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-03-032.html.

This document describes additional NIH specific considerations related to data management and sharing in human research studies. These include:

• Elements of an NIH DMS Plan

• Protecting Privacy When Sharing Human Research Participant Data

• Informed Consent for Secondary Research with Data and Biospecimens

• Responsible Management and Sharing of American Indian / Alaska Native Participant Data

• Genomic Data Sharing

• Frequently Asked Questions

NIH Institutes, Centers or Offices may have additional specific requirements. Individual funding opportunities may also specify other requirements or expectations. Researchers should consult with their NIH funding Institute, Center, or Office to address specific requirements as needed. For more information, see https://sharing.nih.gov/other-sharing-policies/nih-institute-and-center-data-sharing-policies

While this document provides NIH specific requirements and resources, data management and sharing considerations also apply to non-NIH conducted or supported human research studies. Additional data management and sharing considerations for human research studies, including NIH studies, can be found in HRPP Manual 2-6, Considerations for Data Sharing in Human Research Studies.

Elements of an NIH DMS Plan

The “Supplemental Information to the NIH Policy for Data Management and Sharing: Elements of an NIH Data Management and Sharing Plan” (NOT-OD-21-014) outlines elements to be addressed in a DMS Plan. One of the elements, “Access, Distribution, or Reuse Considerations,” includes considerations related to human research. These include describing any applicable factors related to:

• Informed consent

• Privacy and confidentiality protections

• Controlled or uncontrolled access

• Restrictions

• Any other considerations that may limit data sharing

For detailed information, see “Supplemental Information to the NIH Policy for Data Management and Sharing: Elements of an NIH Data Management and Sharing Plan” (NOT-OD-21-014), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-014.html

For additional considerations, see HRPP Manual 2-6, Considerations for Data Sharing in Human Research Studies.

Protecting Privacy When Sharing Human Research Participant Data

The “Supplemental Information to the NIH Policy for Data Management and Sharing: Protecting Privacy When Sharing Human Research Participant Data” (NOT-OD-22-213) assists researchers in addressing privacy considerations when sharing human research participant data. The supplement includes operational principles for protecting participant privacy when sharing scientific data, best practices for protecting participant privacy when sharing scientific data, and points to consider for choosing whether to designate scientific data for controlled access.

For detailed information, see “Supplemental Information to the NIH Policy for Data Management and Sharing: Protecting Privacy When Sharing Human Research Participant Data” (NOT-OD-22-213), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-22-213.html

For additional considerations, see HRPP Manual 2-6, Considerations for Data Sharing in Human Research Studies.

Informed Consent for Secondary Research with Data and Biospecimens

The “Informed Consent for Secondary Research with Data and Biospecimens: Points to Consider and Sample Language for Future Use and/or Sharing” (May 2022) is a voluntary resource provided by NIH related to informed consent for future use and/or sharing. It includes points to consider and sample informed consent language.

For detailed information, see “Informed Consent for Secondary Research with Data and Biospecimens: Points to Consider and Sample Language for Future Use and/or Sharing” (May 2022), https://osp.od.nih.gov/wp-content/uploads/Informed-Consent-Resource-for-Secondary-Research-with-Data-and-Biospecimens.pdf

For additional considerations, see HRPP Manual 2-6, Considerations for Data Sharing in Human Research Studies.

Responsible Management and Sharing of American Indian/Alaska Native Participant Data

The “Supplemental Information to the NIH Policy for Data Management and Sharing: Responsible Management and Sharing of American Indian (AI) /Alaska Native (AN) Participant Data” (NOT-OD-22-214) describes considerations and best practices for the responsible and respectful management and sharing of AI/AN participant data under the DMS Policy. While this supplement only addresses data management and sharing considerations when working with AI/AN Tribes, it may contain useful considerations for any researchers who, as part of their research, share and manage data in partnership with urban AI/AN communities, non-Federally recognized Tribes (e.g., state recognized Tribes), communities (e.g., Native Hawaiians), and Indigenous peoples outside the United States. It also contains useful information on data management and sharing for human research projects that are not supported by NIH.

The supplement includes considerations for researchers working with Tribal Nations and best practices for researchers. While a brief summary is included below, when these considerations are applicable to their study, researchers are strongly encouraged to review detailed information found in the supplement.

Considerations for researchers working with Tribal Nations include:

• Tribal sovereignty

• Tribal research laws, regulations, policies, preferences, and processes

• Historical awareness

• Health disparities

Best practices for researchers include:

• Proactively engage AI/AN Tribes in planning for data management and sharing

• Establish mutual understandings of goals for data management and sharing

• Incorporate AI/AN data management and sharing practices and preferences in Plans

• Consider additional protections and appropriate limitations to future data sharing

• Incorporate data management and sharing plans in the informed consent process

• Safeguarding against future risk

For detailed information, see “Supplemental Information to the NIH Policy for Data Management and Sharing: Responsible Management and Sharing of American Indian/Alaska Native Participant Data” (NOT-OD-22-214), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-22-214.html

For additional considerations, see HRPP Manual 2-6, Considerations for Data Sharing in Human Research Studies.

Genomic Data Sharing Policy

The “NIH Genomic Data Sharing (GDS) Policy” applies to all NIH-funded research that generates large-scale human or non-human genomic data as well as the use of these data for subsequent research. It sets forth expectations that ensure broad and responsible sharing of genomic research data. NIH expects investigators and their institutions to provide plans for following the GDS Policy. On or after January 25, 2023, NIH will no longer be collecting separate GDS Plans. Instead, genomic data sharing considerations, such as where and when genomic data will be shared, will be expected to be addressed in NIH DMS Plans using the NIH DMS Plan elements.

For detailed information, see “NIH Genomic Data Sharing Policy” (NOT-OD-14-124), https://grants.nih.gov/grants/guide/notice-files/not-od-14-124.html

For 2023 changes, see “Implementation Changes for Genomic Data Sharing Plans Included with Applications Due on or after January 25, 2023” (NOT-OD-22-198), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-22-198.html

Applicability

The GDS Policy applies to:

• Competing grant applications that were submitted to NIH for the January 25, 2015, due date or subsequent due dates;

• Proposals for contracts that were submitted to NIH on or after January 25, 2015; and

• NIH intramural research projects generating genomic data on or after January 25, 2015.

Informed Consent

For research that falls within the scope of the GDS Policy, submitting institutions, through their Institutional Review Boards (IRBs), privacy boards, or equivalent bodies, are to review the informed consent materials to determine whether it is appropriate for data to be shared for secondary research use. 

Specimens Created or Collected After the GDS Policy Effective Date

For studies initiated after the effective date of the GDS Policy, NIH expects investigators to obtain participants’ consent for their genomic and phenotypic data to be used for future research purposes and to be shared broadly.  The consent should include an explanation about whether participants’ individual-level data will be shared through unrestricted- or controlled-access repositories.

For studies proposing to use genomic data from cell lines or clinical specimens that were created or collected after the effective date of the Policy, NIH expects that informed consent for future research use and broad data sharing will have been obtained even if the cell lines or clinical specimens are de-identified. 

If there are compelling scientific reasons that necessitate the use of genomic data from cell lines or clinical specimens that were created or collected after the effective date of the GDS Policy and that lack consent for research use and data sharing, investigators should provide a justification in the funding request for their use. 

The funding institute or center will review the justification and decide whether to make an exception to the consent expectation.

Specimens Created or Collected Before the GDS Policy Effective Date

For studies using data from specimens collected before the effective date of the GDS Policy, there may be considerable variation in the extent to which future genomic research and broad sharing were addressed in the informed consent materials for the primary research.

In these cases, an assessment by an IRB, privacy board, or equivalent body is needed to ensure that data submission is not inconsistent with the informed consent provided by the research participant. 

NIH will accept data derived from de-identified cell lines or clinical specimens lacking consent for research use that were created or collected before the effective date of this Policy.

Limitations

NIH recognizes that in some circumstances broad sharing may not be consistent with the informed consent of the research participants whose data are included in the dataset.  In such circumstances, institutions planning to submit aggregate- or individual-level data to NIH for controlled access should note any data use limitations in the data sharing plan submitted as part of the funding request. 

These data use limitations should be specified in the Institutional Certification submitted to NIH prior to award.

For additional guidance, see “NIH Guidance on Consent for Future Research Use and Broad Sharing of Human Genomic and Phenotypic Data Subject to the NIH GDS Policy,” https://sharing.nih.gov/sites/default/files/flmngr/NIH_Guidance_on_Elements_of_Consent_under_the_GDS_Policy_07-13-2015.pdf

For additional considerations, see HRPP Manual 2-6, Considerations for Data Sharing in Human Research Studies.

Institutional Certification

The responsible Institutional Signing Official of the submitting institution should provide an Institutional Certification to the funding institute or center prior to award consistent with the DMS plan submitted with the request for funding.  The Institutional Certification for sharing human data should also be provided to the NIH prior to award, along with any other Just-in-Time information.

The Institutional Certification should state whether the data will be submitted to an unrestricted- or controlled-access database.  For submissions to controlled access and, as appropriate for unrestricted access, the Institutional Certification should assure that:

• The data submission is consistent, as appropriate, with applicable national, tribal, and state laws and regulations as well as relevant institutional policies;

• Any limitations on the research use of the data, as expressed in the informed consent documents, are delineated;

• The identities of research participants will not be disclosed to NIH-designated data repositories; and

• An IRB, privacy board, and/or equivalent body, as applicable, has reviewed the investigator’s proposal for data submission and assures that:

  • The protocol for the collection of genomic and phenotypic data is consistent with 45 CFR Part 46;

  • Data submission and subsequent data sharing for research purposes are consistent with the informed consent of study participants from whom the data were obtained;

  • Consideration was given to risks to individual participants and their families associated with data submitted to NIH-designated data repositories and subsequent sharing;

  • To the extent relevant and possible, consideration was given to risks to groups or populations associated with submitting data to NIH-designated data repositories and subsequent sharing; and

  • The investigator’s plan for de-identifying datasets is consistent with the standards outlined in this Policy.

Exceptions

In cases where data submission to an NIH-designated data repository is not appropriate or the Institutional Certification criteria cannot be met, investigators should provide a justification for any data submission exceptions.  The funding institute or center may grant an exception to submitting relevant data to NIH, and the investigator would be expected to develop an alternate plan to share data through other mechanisms.  For transparency purposes, when exceptions are granted, studies will still be registered in dbGaP, the reason for the exception will be included in the registration record, and a reference will be provided to an alternative data-sharing plan or resource, if available.

IRB Review

The researcher should notify the IRB office if an Institutional Certification is required. The IRB works with the researcher to determine if the Institutional Certification accurately reflects the participants' informed consent as well as the adequacy of the consent process for the generation and sharing of data for secondary research use, and that it is consistent with the NIH GDS Policy.

The information provided in the Institutional Certification must be consistent with the DMS Plan, IRB submission(s), and informed consent.

For IRB considerations, see “Points to Consider for Institutions and Institutional Review Boards in Submission and Secondary Use of Human Genomic Data under the National Institutes of Health Genomic Data Sharing Policy,” https://sharing.nih.gov/sites/default/files/flmngr/GDS_Points_to_Consider_for_Institutions_and_IRBs.pdf

Multi-Center Studies

Certification must be provided for all sites contributing samples either through a multi- center or single site certification. For a multi-center certification, the primary site may submit one Institutional Certification indicating that they are providing certification on behalf of all collaborating sites. The submitting institution assures NIH that, based on either its own review or assurance from other institutions, the expectations and conditions of the Institutional Certification(s) are met for the entire multi-site project.

If MSU is not the primary site submitting the Institutional Certification, MSU will need to determine whether the primary site is conducting its own review or is obtaining assurance from other institutions. If the primary site is obtaining assurance from other institutions, MSU may be asked to provide assurance to the submitting institution even when MSU is not the IRB of record and is relying upon an External IRB. In such circumstances, the IRB assurance process will follow the IRB review process described above. Consultation with the External IRB may occur as needed.

If MSU is the primary site submitting the Institutional Certification, MSU will typically ask for assurance from other institutions rather than conducting its own review for all sites.

Frequently Asked Questions

NIH provides Frequently Asked Questions (FAQs) related to data management and sharing policies. Questions are updated and added by NIH as needed. Researchers are encouraged to consult with the FAQs. https://sharing.nih.gov/faqs#/data-management-and-sharing-policy.htm 

This policy and procedure supersedes those previously drafted.

Approved By: Vice President for Research and Innovation on 6-21-2023.

Related HRPP Manual Sections

• 2-6, Considerations for Data Sharing in Human Research Studies